CVE-2026-4081

The ZeM STL plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the zemstl shortcode in all versions up to and including 1.0. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes, specifically the 'url', 'color', and 'bgcolor'...

Astra Linux - уязвимость в php8.1, php7.3

In PHP versions 8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, and 8.4. pgsql and pdopgsql versions, the escaping functions do not check whether the underlying quoting functions return errors. This could lead to crashes if the Postgres server rejects the string as invalid...

EUVD-2025-21273

Malicious code in bioql PyPI...

BIT-PHP-MIN-2025-1735 pgsql extension does not check for errors during escaping

In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. pgsql and pdopgsql escaping functions do not check if the underlying quoting functions returned errors. This could cause crashes if Postgres server rejects the string as invalid...

BIT-PHP-2025-1735 pgsql extension does not check for errors during escaping

In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. pgsql and pdopgsql escaping functions do not check if the underlying quoting functions returned errors. This could cause crashes if Postgres server rejects the string as invalid...

CVE-2025-1735

In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. pgsql and pdopgsql escaping functions do not check if the underlying quoting functions returned errors. This could cause crashes if Postgres server rejects the string as invalid...

OESA-2025-1227 libpq security update

PostgreSQL is a powerful, open source object-relational database system that uses and extends the SQL language combined with many features that safely store and scale the most complicated data workloads. This package provides the essential shared library for any PostgreSQL client program or...

GHSA-XV6X-43GQ-4HFJ PyGreSQL Might Be Vulnerable to Encoding-Based SQL Injection

PyGreSQL 3.8 did not use PostgreSQL’s safe string and bytea functions in its own escaping functions. As a result, applications written to use PyGreSQL’s escaping functions are vulnerable to SQL injections when processing certain multi-byte character sequences. Because the safe functions require a...

PyGreSQL Might Be Vulnerable to Encoding-Based SQL Injection

PyGreSQL 3.8 did not use PostgreSQL’s safe string and bytea functions in its own escaping functions. As a result, applications written to use PyGreSQL’s escaping functions are vulnerable to SQL injections when processing certain multi-byte character sequences. Because the safe functions require a...

Sql injection

DISPUTED Nagios XI 5.6.1 allows SQL injection via the username parameter to login.php?forgotpass aka the reset password form. NOTE: The vendor disputes this issues as not being a vulnerability because the issue does not seem to be a legitimate SQL Injection. The POC does not show any valid...

Web Based Alumni Tracking System 0.1 - SQL Injection

Web Based Alumni Tracking System 0.1 - SQL Injection Exploit Title.............. Web Based Alumni Tracking System Multiple Vulnerability Google Dork................ N/A Date....................... 14/10/2016 Exploit Author............. lahilote Vendor Homepage...

ALPINE-CVE-2016-7167

Multiple integer overflows in the 1 curlescape, 2 curleasyescape, 3 curlunescape, and 4 curleasyunescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow...

Ubuntu 8.04 LTS / 8.10 : pygresql vulnerability (USN-870-1)

Steffen Joeris discovered that PyGreSQL 3.8 did not use PostgreSQL's safe string and bytea functions in its own escaping functions. As a result, applications written to use PyGreSQL's escaping functions are vulnerable to SQL injections when processing certain multi-byte character sequences. Becau...