unverified_exploits

Unverified Exploits - Rule-Based Exploit Generation & Testing...

Updated php packages fix security vulnerabilities

FPM: Fixed GHSA-7qg2-v9fj-4mwv XSS within status endpoint. CVE-2026-6735 MBString: Fixed GHSA-wm6j-2649-pv75 Null pointer dereference in phpmbcheckencoding via mberegsearchinit. CVE-2026-7259 OpenSSL: Fix compatibility issues with OpenSSL 4.0. PDOFirebird: Fixed GHSA-w476-322c-wpvm SQL injection...

CVE-2026-8401

creationtimestamp| type| source ---|---|--- 2026-05-13 06:28:15+00:00| seen| https://www.acn.gov.it/portale/w/aggiornamenti-di-sicurezza-per-mozilla-firefox 2026-05-13 06:44:38+00:00| seen| https://vulnerability.circl.lu/bundle/eed1dbdf-5a0f-4cc2-9665-fa1ff05b0c1f 2026-05-19 20:00:00+00:00| seen|...

CVE-2026-8388

creationtimestamp| type| source ---|---|--- 2026-05-13 06:28:15+00:00| seen| https://www.acn.gov.it/portale/w/aggiornamenti-di-sicurezza-per-mozilla-firefox 2026-05-13 06:44:38+00:00| seen| https://vulnerability.circl.lu/bundle/eed1dbdf-5a0f-4cc2-9665-fa1ff05b0c1f 2026-05-19 20:00:00+00:00| seen|...

CVE-2026-8391

creationtimestamp| type| source ---|---|--- 2026-05-13 06:28:15+00:00| seen| https://www.acn.gov.it/portale/w/aggiornamenti-di-sicurezza-per-mozilla-firefox 2026-05-13 06:44:38+00:00| seen| https://vulnerability.circl.lu/bundle/eed1dbdf-5a0f-4cc2-9665-fa1ff05b0c1f 2026-05-19 20:00:00+00:00| seen|...

CVE-2025-11159

Hitachi Vantara Pentaho Data Integration & Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to external script execution when a new connection is created by a data source administrator...

CVE-2025-11159 Hitachi Vantara Pentaho Data Integration & Analytics - Dependency on Vulnerable Third-Party Component

Hitachi Vantara Pentaho Data Integration & Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to external script execution when a new connection is created by a data source administrator...

CVE-2025-11159

Technical details such as affected product versions, root cause, and exploit information are not publicly available in the provided documents. Monitor for updates.

CVE-2025-11159 Hitachi Vantara Pentaho Data Integration & Analytics - Dependency on Vulnerable Third-Party Component

Hitachi Vantara Pentaho Data Integration & Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to external script execution when a new connection is created by a data source administrator...

CVE-2026-6888

Successful exploitation of the SQL injection vulnerability could allow a remote authenticated attacker to execute arbitrary commands via a specific interface, potentially enabling the attacker to access, modify, or delete sensitive information within the database...

CVE-2026-6888 SQL Injection Vulnerability

Successful exploitation of the SQL injection vulnerability could allow a remote authenticated attacker to execute arbitrary commands via a specific interface, potentially enabling the attacker to access, modify, or delete sensitive information within the database...

CVE-2026-6888

CVE-2026-6888 describes an SQL injection that could allow a remote authenticated attacker to execute arbitrary commands via a specific interface, potentially accessing, modifying, or deleting sensitive data in the database. The CVSS 3.1 vector is AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H with a base sc...

CVE-2026-6888 SQL Injection Vulnerability

Successful exploitation of the SQL injection vulnerability could allow a remote authenticated attacker to execute arbitrary commands via a specific interface, potentially enabling the attacker to access, modify, or delete sensitive information within the database...

EUVD-2026-29869

Heym before 0.0.21 contains a sandbox escape vulnerability in the custom Python tool executor that allows authenticated workflow authors to bypass sandbox restrictions by using object-graph introspection primitives. Attackers can use Python introspection techniques to recover the unrestricted...

PT-2026-40556

Name of the Vulnerable Software and Affected Versions Advantech IoT & SCADA affected versions not specified Description A SQL injection allows a remote authenticated attacker to execute arbitrary commands via a specific interface. This could enable the attacker to access, modify, or delete...

Flight SQL注入漏洞

Flight is a PHP microframework developed by Mike Cao. Versions of Flight prior to 3.18.1 contained an SQL injection vulnerability. This vulnerability occurred because the methods SimplePdo::insert, SimplePdo::update, and SimplePdo::delete directly concatenated the $table parameter and the keys fr...

PT-2026-40566

Name of the Vulnerable Software and Affected Versions Hitachi Vantara Pentaho Data Integration & Analytics affected versions not specified Description The software contains a JDBC driver for H2 databases that allows external script execution. This occurs when a data source administrator creates a...

Advantech多款产品 SQL注入漏洞

Advantech IoTSuite SaaSComposer is a product of Advantech Corporation from Taiwan, China. Advantech IoTSuite SaaSComposer is a low-code visual development tool. Advantech IoTSuite Growth Linux docker is a containerized deployment solution for industrial IoT platforms. Advantech IoTSuite Starter...

CubeCart SQL注入漏洞

CubeCart is an open-source e-commerce software developed by CubeCart. Versions of CubeCart prior to 6.7.0 had a SQL injection vulnerability. This vulnerability occurred because the administrator’s order transaction list page constructed the original ORDER BY SQL fragment from the $GETsort array,...

PT-2026-40583

Name of the Vulnerable Software and Affected Versions Avada Builder versions prior to 3.15.3 Description An arbitrary file read issue exists in the Avada Builder plugin for WordPress. Authenticated attackers with Subscriber-level access or higher can read arbitrary files on the server, potentiall...