Lucene search
K

145 matches found

Snyk
Snyk
added 2026/04/22 8:46 p.m.5 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection when using the simple protocol with dollar quoted string literals. An attacker can execute arbitrary SQL commands by crafting input that is interpreted as a placeholder within a dollar quoted string literal. Note: This is...

9.8CVSS6.1AI score0.00356EPSS
Exploits0References2
OSV
OSV
added 2026/04/22 8:46 p.m.4 views

GHSA-J88V-2CHJ-QFWX pgx: SQL Injection via placeholder confusion with dollar quoted string literals

Impact SQL Injection can occur when: 1. The non-default simple protocol is used. 2. A dollar quoted string literal is used in the SQL query. 3. That string literal contains text that would be would be interpreted as a placeholder outside of a string literal. 4. The value of that placeholder is...

2.3CVSS5.9AI score0.00356EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/04/22 8:46 p.m.108 views

pgx: SQL Injection via placeholder confusion with dollar quoted string literals

Impact SQL Injection can occur when: 1. The non-default simple protocol is used. 2. A dollar quoted string literal is used in the SQL query. 3. That string literal contains text that would be would be interpreted as a placeholder outside of a string literal. 4. The value of that placeholder is...

9.8CVSS5.9AI score0.00356EPSS
Exploits0References5Affected Software3
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.8 views

PT-2026-37159

Name of the Vulnerable Software and Affected Versions pgx versions prior to 5.9.2 Description SQL injection can occur when the non-default simple protocol is used in conjunction with a dollar quoted string literal in the SQL query. If that string literal contains text that would be interpreted as...

9.8CVSS5.8AI score0.00356EPSS
Exploits0References271
Cvelist
Cvelist
added 2026/04/03 10:50 p.m.19 views

CVE-2026-34937 PraisonAI: Shell Injection in run_python() via Unescaped $() Substitution

PraisonAI is a multi-agent teams system. Prior to version 1.5.90, runpython in praisonai constructs a shell command string by interpolating user-controlled code into python3 -c "" and passing it to subprocess.run..., shell=True. The escaping logic only handles \ and ", leaving $ and backtick...

7.8CVSS0.00545EPSS
Exploits1References1
OSV
OSV
added 2026/04/01 11:18 p.m.3 views

GHSA-W37C-QQFP-C67F PraisonAI: Shell Injection in run_python() via Unescaped $() Substitution

Summary runpython in praisonai constructs a shell command string by interpolating user-controlled code into python3 -c "" and passing it to subprocess.run..., shell=True. The escaping logic only handles \ and ", leaving $ and backtick substitutions unescaped, allowing arbitrary OS command executi...

7.8CVSS6.3AI score0.00545EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/25 5:44 p.m.7 views

EUVD-2026-16064

LiquidJS has Exponential Memory Amplification through its replacefirst Filter $& Pattern...

7.5CVSS5.8AI score0.00471EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2009-4176

Malware in sbrugna...

7.5CVSS6.4AI score0.00999EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2008-0169

Malware in sbrugna...

5CVSS6.4AI score0.01289EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2008-6203

Malware in sbrugna...

7.5CVSS6.4AI score0.01003EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2017-14980

Malware in sbrugna...

5.9CVSS6AI score0.00477EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-5624

Malware in sbrugna...

7.5CVSS7.5AI score0.01083EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2018-5167

Malware in sbrugna...

7.5CVSS7.6AI score0.00988EPSS
Exploits0References3
Malwarebytes
Malwarebytes
added 2025/09/30 10:34 a.m.10 views

260 romance scammers and sextortionists caught in huge Interpol sting

Online crime of all kinds is deplorable, but romance scammers and sextortionists who target the most vulnerable victims are among the worst. Now, there’s likely a place for 260 of them in jail, thanks to international law enforcement. Interpol's Operation Contender 3.0 targeted alleged criminals...

6.7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/09/01 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-27830

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs during serialization of DollarBlend in a font, for base/writet1.c and...

7.8CVSS6.7AI score0.00281EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/26 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2023-2132

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all...

7.5CVSS7.1AI score0.01325EPSS
Exploits0References2
Wired Threat Level
Wired Threat Level
added 2025/08/11 10:0 a.m.4 views

Inside the Multimillion-Dollar Gray Market for Video Game Cheats

Gaming cheats are the bane of the video game industry—and a hot commodity. A recent study found that cheat creators are making a fortune from gamers looking to gain a quick edge...

7.5AI score
Exploits0
Snyk
Snyk
added 2025/08/08 6:41 p.m.2 views

Reachable Assertion

Overview Affected versions of this package are vulnerable to Reachable Assertion via the handleactiondollar function in scan-code.l. An attacker can cause a reachable assertion failure by providing crafted input to this function, potentially leading to a denial of service on the local system...

4.8CVSS6.6AI score0.00019EPSS
Exploits0References2
HackRead
HackRead
added 2025/07/30 1:29 p.m.6 views

Inc Ransomware Claims 1.2TB Data Breach at Dollar Tree

The notorious INC Ransomware group is claiming responsibility for a data breach at Dollar Tree, the American retail…...

7.3AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 9:16 a.m.9 views

CVE-2019-19544

CA Automic Dollar Universe 5.3.3 contains a vulnerability, related to the uxdqmsrv binary being setuid root, that allows local attackers to elevate privileges. This vulnerability was reported to CA several years after CA Automic Dollar Universe 5.3.3 reached End of Life EOL status on April 1, 201...

7.8CVSS6.7AI score0.00412EPSS
Exploits1References1
Rows per page
Query Builder