145 matches found
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection when using the simple protocol with dollar quoted string literals. An attacker can execute arbitrary SQL commands by crafting input that is interpreted as a placeholder within a dollar quoted string literal. Note: This is...
GHSA-J88V-2CHJ-QFWX pgx: SQL Injection via placeholder confusion with dollar quoted string literals
Impact SQL Injection can occur when: 1. The non-default simple protocol is used. 2. A dollar quoted string literal is used in the SQL query. 3. That string literal contains text that would be would be interpreted as a placeholder outside of a string literal. 4. The value of that placeholder is...
pgx: SQL Injection via placeholder confusion with dollar quoted string literals
Impact SQL Injection can occur when: 1. The non-default simple protocol is used. 2. A dollar quoted string literal is used in the SQL query. 3. That string literal contains text that would be would be interpreted as a placeholder outside of a string literal. 4. The value of that placeholder is...
PT-2026-37159
Name of the Vulnerable Software and Affected Versions pgx versions prior to 5.9.2 Description SQL injection can occur when the non-default simple protocol is used in conjunction with a dollar quoted string literal in the SQL query. If that string literal contains text that would be interpreted as...
CVE-2026-34937 PraisonAI: Shell Injection in run_python() via Unescaped $() Substitution
PraisonAI is a multi-agent teams system. Prior to version 1.5.90, runpython in praisonai constructs a shell command string by interpolating user-controlled code into python3 -c "" and passing it to subprocess.run..., shell=True. The escaping logic only handles \ and ", leaving $ and backtick...
GHSA-W37C-QQFP-C67F PraisonAI: Shell Injection in run_python() via Unescaped $() Substitution
Summary runpython in praisonai constructs a shell command string by interpolating user-controlled code into python3 -c "" and passing it to subprocess.run..., shell=True. The escaping logic only handles \ and ", leaving $ and backtick substitutions unescaped, allowing arbitrary OS command executi...
EUVD-2026-16064
LiquidJS has Exponential Memory Amplification through its replacefirst Filter $& Pattern...
EUVD-2009-4176
Malware in sbrugna...
EUVD-2008-0169
Malware in sbrugna...
EUVD-2008-6203
Malware in sbrugna...
EUVD-2017-14980
Malware in sbrugna...
EUVD-2018-5624
Malware in sbrugna...
EUVD-2018-5167
Malware in sbrugna...
260 romance scammers and sextortionists caught in huge Interpol sting
Online crime of all kinds is deplorable, but romance scammers and sextortionists who target the most vulnerable victims are among the worst. Now, there’s likely a place for 260 of them in jail, thanks to international law enforcement. Interpol's Operation Contender 3.0 targeted alleged criminals...
Linux Distros Unpatched Vulnerability : CVE-2025-27830
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs during serialization of DollarBlend in a font, for base/writet1.c and...
Linux Distros Unpatched Vulnerability : CVE-2023-2132
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all...
Inside the Multimillion-Dollar Gray Market for Video Game Cheats
Gaming cheats are the bane of the video game industry—and a hot commodity. A recent study found that cheat creators are making a fortune from gamers looking to gain a quick edge...
Reachable Assertion
Overview Affected versions of this package are vulnerable to Reachable Assertion via the handleactiondollar function in scan-code.l. An attacker can cause a reachable assertion failure by providing crafted input to this function, potentially leading to a denial of service on the local system...
Inc Ransomware Claims 1.2TB Data Breach at Dollar Tree
The notorious INC Ransomware group is claiming responsibility for a data breach at Dollar Tree, the American retail…...
CVE-2019-19544
CA Automic Dollar Universe 5.3.3 contains a vulnerability, related to the uxdqmsrv binary being setuid root, that allows local attackers to elevate privileges. This vulnerability was reported to CA several years after CA Automic Dollar Universe 5.3.3 reached End of Life EOL status on April 1, 201...