82000 matches found
Updated php packages fix security vulnerabilities
FPM: Fixed GHSA-7qg2-v9fj-4mwv XSS within status endpoint. CVE-2026-6735 MBString: Fixed GHSA-wm6j-2649-pv75 Null pointer dereference in phpmbcheckencoding via mberegsearchinit. CVE-2026-7259 OpenSSL: Fix compatibility issues with OpenSSL 4.0. PDOFirebird: Fixed GHSA-w476-322c-wpvm SQL injection...
CVE-2026-8401
creationtimestamp| type| source ---|---|--- 2026-05-13 06:28:15+00:00| seen| https://www.acn.gov.it/portale/w/aggiornamenti-di-sicurezza-per-mozilla-firefox 2026-05-13 06:44:38+00:00| seen| https://vulnerability.circl.lu/bundle/eed1dbdf-5a0f-4cc2-9665-fa1ff05b0c1f 2026-05-19 20:00:00+00:00| seen|...
CVE-2026-8388
creationtimestamp| type| source ---|---|--- 2026-05-13 06:28:15+00:00| seen| https://www.acn.gov.it/portale/w/aggiornamenti-di-sicurezza-per-mozilla-firefox 2026-05-13 06:44:38+00:00| seen| https://vulnerability.circl.lu/bundle/eed1dbdf-5a0f-4cc2-9665-fa1ff05b0c1f 2026-05-19 20:00:00+00:00| seen|...
CVE-2026-8391
creationtimestamp| type| source ---|---|--- 2026-05-13 06:28:15+00:00| seen| https://www.acn.gov.it/portale/w/aggiornamenti-di-sicurezza-per-mozilla-firefox 2026-05-13 06:44:38+00:00| seen| https://vulnerability.circl.lu/bundle/eed1dbdf-5a0f-4cc2-9665-fa1ff05b0c1f 2026-05-19 20:00:00+00:00| seen|...
CVE-2025-11159
Hitachi Vantara Pentaho Data Integration & Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to external script execution when a new connection is created by a data source administrator...
CVE-2025-11159 Hitachi Vantara Pentaho Data Integration & Analytics - Dependency on Vulnerable Third-Party Component
Hitachi Vantara Pentaho Data Integration & Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to external script execution when a new connection is created by a data source administrator...
CVE-2025-11159
Technical details such as affected product versions, root cause, and exploit information are not publicly available in the provided documents. Monitor for updates.
CVE-2025-11159 Hitachi Vantara Pentaho Data Integration & Analytics - Dependency on Vulnerable Third-Party Component
Hitachi Vantara Pentaho Data Integration & Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to external script execution when a new connection is created by a data source administrator...
CVE-2026-6888
Successful exploitation of the SQL injection vulnerability could allow a remote authenticated attacker to execute arbitrary commands via a specific interface, potentially enabling the attacker to access, modify, or delete sensitive information within the database...
CVE-2026-6888
CVE-2026-6888 describes an SQL injection that could allow a remote authenticated attacker to execute arbitrary commands via a specific interface, potentially accessing, modifying, or deleting sensitive data in the database. The CVSS 3.1 vector is AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H with a base sc...
CVE-2026-6888 SQL Injection Vulnerability
Successful exploitation of the SQL injection vulnerability could allow a remote authenticated attacker to execute arbitrary commands via a specific interface, potentially enabling the attacker to access, modify, or delete sensitive information within the database...
CVE-2026-6888 SQL Injection Vulnerability
Successful exploitation of the SQL injection vulnerability could allow a remote authenticated attacker to execute arbitrary commands via a specific interface, potentially enabling the attacker to access, modify, or delete sensitive information within the database...
EUVD-2026-29869
Heym before 0.0.21 contains a sandbox escape vulnerability in the custom Python tool executor that allows authenticated workflow authors to bypass sandbox restrictions by using object-graph introspection primitives. Attackers can use Python introspection techniques to recover the unrestricted...
Flight SQL注入漏洞
Flight is a PHP microframework developed by Mike Cao. Versions of Flight prior to 3.18.1 contained an SQL injection vulnerability. This vulnerability occurred because the methods SimplePdo::insert, SimplePdo::update, and SimplePdo::delete directly concatenated the $table parameter and the keys fr...
PT-2026-40556
Name of the Vulnerable Software and Affected Versions Advantech IoT & SCADA affected versions not specified Description A SQL injection allows a remote authenticated attacker to execute arbitrary commands via a specific interface. This could enable the attacker to access, modify, or delete...
PT-2026-40566
Name of the Vulnerable Software and Affected Versions Hitachi Vantara Pentaho Data Integration & Analytics affected versions not specified Description The software contains a JDBC driver for H2 databases that allows external script execution. This occurs when a data source administrator creates a...
Advantech多款产品 SQL注入漏洞
Advantech IoTSuite SaaSComposer is a product of Advantech Corporation from Taiwan, China. Advantech IoTSuite SaaSComposer is a low-code visual development tool. Advantech IoTSuite Growth Linux docker is a containerized deployment solution for industrial IoT platforms. Advantech IoTSuite Starter...
PT-2026-40583
Name of the Vulnerable Software and Affected Versions Avada Builder versions prior to 3.15.3 Description An arbitrary file read issue exists in the Avada Builder plugin for WordPress. Authenticated attackers with Subscriber-level access or higher can read arbitrary files on the server, potentiall...
Hitachi Vantara Pentaho Data Integration and Analytics 安全漏洞
Hitachi Vantara Pentaho Data Integration and Analytics is a business intelligence dashboard designer developed by the American company Hitachi Vantara. There is a security vulnerability in Hitachi Vantara Pentaho Data Integration and Analytics, which stems from the JDBC driver of the H2 database,...
EcclesiaCRM SQL注入漏洞
EcclesiaCRM is a customer relationship management software for church management, developed by the French individual phili67. Versions of EcclesiaCRM 8.0.0 and earlier had a SQL injection vulnerability. This vulnerability stemmed from the default behavior of the ValidateInput function, which...