6137 matches found
CVE-2026-40745 WordPress Element Pack Elementor Addons plugin <= 8.4.2 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Blind SQL Injection.This issue affects Element Pack Elementor Addons: from n/a through = 8.4.2...
CVE-2026-40745
The CVE-2026-40745 entry describes an SQL Injection vulnerability in the bdthemes Element Pack Elementor Addons (bdthemes-element-pack-lite) for WordPress, affecting versions up to 8.4.2. The root cause is improper neutralization of special elements used in an SQL command, leading to potential bl...
WordPress plugin Element Pack Elementor Addons 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. There is a...
PT-2026-33047
Name of the Vulnerable Software and Affected Versions bdthemes Element Pack Elementor Addons versions prior to 8.4.3 Description Improper neutralization of special elements used in an SQL command allows for Blind SQL Injection. Blind SQL Injection is a technique where an attacker asks the databas...
Malicious Package
Overview pubnub-element is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Linux Distros Unpatched Vulnerability : CVE-2026-40227
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element. CVE-2026-40227 Note...
SUSE CVE-2026-40227
In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element...
CVE-2026-33783
A Function Call With Incorrect Argument Type vulnerability in the sensor interface of Juniper Networks Junos OS Evolved on PTX Series allows a network-based, authenticated attacker with low privileges to cause a complete Denial of Service DoS. If colored SRTE policy tunnels are provisioned via...
Malicious code in pubnub-element (npm)
Malicious scripts exfiltrate sensitive info username, path, hostname to a remote webhook via wget in test, preinstall & preupdate. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6f1f86ef3c85074c2ca23cfd60296a4875f6bc610547f691543cef5f38e1788a The package...
GStreamer: GStreamer: Remote Code Execution via Out-Of-Bounds Write in rtpqdm2depay
A flaw was found in GStreamer. This out-of-bounds write vulnerability exists within the rtpqdm2depay element, specifically during the processing of X-QDM Real-time Transport Protocol RTP payload elements. A remote attacker can exploit this by providing malformed user-supplied data to the packetid...
CVE-2026-40227
A flaw was found in systemd. A local unprivileged user can exploit this vulnerability by making an Inter-Process Communication IPC API call with a specially crafted array or map containing a null element. This can trigger an assert, leading to a Denial of Service DoS condition, which makes the...
EUVD-2026-21402
In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element...
Apache Log4j Core: `verifyHostName` attribute silently ignored in TLS configuration
The fix for CVE-2025-68161 was incomplete: it addressed hostname verification only when enabled via the log4j2.sslVerifyHostName system property, but not when configured through the verifyHostName attribute of the element. Although the verifyHostName configuration attribute was introduced in Log4...
CVE-2026-40227
In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element...
DEBIAN-CVE-2026-40227
In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element...
CVE-2026-34477
The fix for CVE-2025-68161 https://logging.apache.org/security.htmlCVE-2025-68161 was incomplete: it addressed hostname verification only when enabled via the log4j2.sslVerifyHostName https://logging.apache.org/log4j/2.x/manual/systemproperties.htmllog4j2.sslVerifyHostName system property, but no...
UBUNTU-CVE-2026-34477
The fix for CVE-2025-68161 https://logging.apache.org/security.htmlCVE-2025-68161 was incomplete: it addressed hostname verification only when enabled via the log4j2.sslVerifyHostName https://logging.apache.org/log4j/2.x/manual/systemproperties.htmllog4j2.sslVerifyHostName system property, but no...
CVE-2026-40227
In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element...
UBUNTU-CVE-2026-40227
In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element...
Comparison Using Wrong Factors
Overview Affected versions of this package are vulnerable to Comparison Using Wrong Factors in the IPC API call process when an array or map containing a null element is provided. An attacker can cause a system crash by sending specially crafted IPC API requests. Remediation A fix was pushed into...