PT-2026-50810

Name of the Vulnerable Software and Affected Versions pgAdmin 4 versions 1.0 through 9.15 Description SQL injection is possible across multiple dialog templates that render descriptions for Domains, Foreign Tables, Languages, and Event Triggers, as well as the Views OID-lookup query. The issue...

CVE-2026-37225

FlexRIC v2.0.0 crashes when the iApp receives an E42RICSUBSCRIPTIONREQUEST with an empty ricEventTriggerDefinition field. The E42 layer decoder accepts this as valid, but the E2AP encoder asserts a non-empty constraint when forwarding the request. A remote unauthenticated attacker can crash the...

EUVD-2026-33699

FlexRIC v2.0.0 crashes when the iApp receives an E42RICSUBSCRIPTIONREQUEST with an empty ricEventTriggerDefinition field. The E42 layer decoder accepts this as valid, but the E2AP encoder asserts a non-empty constraint when forwarding the request. A remote unauthenticated attacker can crash the...

CVE-2026-37225

FlexRIC v2.0.0 crashes when the iApp receives an E42RICSUBSCRIPTIONREQUEST with an empty ricEventTriggerDefinition field. The E42 layer decoder accepts this as valid, but the E2AP encoder asserts a non-empty constraint when forwarding the request. A remote unauthenticated attacker can crash the...

PT-2026-45455

FlexRIC v2.0.0 crashes when the iApp receives an E42 RIC SUBSCRIPTION REQUEST with an empty ricEventTriggerDefinition field. The E42 layer decoder accepts this as valid, but the E2AP encoder asserts a non-empty constraint when forwarding the request. A remote unauthenticated attacker can crash th...

CVE-2026-37225

FlexRIC v2.0.0 is affected by CVE-2026-37225. The iApp crashes (SIGABRT) when processing an E42_RIC_SUBSCRIPTION_REQUEST that contains an empty ricEventTriggerDefinition field. The E42 layer decoder accepts the empty field, but the E2AP encoder enforces a non-empty constraint when forwarding the ...

Windows Service for User (S4U) Scheduled Task Persistence - Event Trigger

Creates a scheduled task that will run using service-for-user S4U. This allows the scheduled task to run even as an unprivileged user that is not logged into the device. This will result in lower security context, allowing access to local resources only. The module requires 'Logon as a batch job'...

Windows Service for User (S4U) Scheduled Task Persistence Event Trigger

This Metasploit module creates a scheduled task that will run using service-for-user S4U. This allows the scheduled task to run even as an unprivileged user that is not logged into the device. This will result in lower security context, allowing access to local resources only. The module requires...

EUVD-2026-12994

Parse Server leaks protected fields via LiveQuery afterEvent trigger...

ROS-20260120-7322

A vulnerability in the tracing component of the eventtriggerwrite function of the Linux kernel is related to insufficient regular expression handling. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

EUVD-2025-20483

Malicious code in bioql PyPI...

CVE-2025-21466

Memory corruption while processing a private escape command in an event trigger...

CVE-2025-21466

Memory corruption while processing a private escape command in an event trigger...

CVE-2025-21466

CVE-2025-21466 affects Qualcomm chipsets; memory corruption occurs during processing of a private escape command in an event trigger (root cause: improper handling within event-trigger processing). The impact is described as high for confidentiality, integrity, and availability, with a local atta...

CVE-2025-21466 Use After Free in Display

Memory corruption while processing a private escape command in an event trigger...

CVE-2024-1762

The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTTPUSERAGENT header in all versions up to, and including, 4.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers ...

MAL-2025-3586 Malicious code in socket-event-trigger (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 84c96a1eba1263914947232b5710b1f74986be68b124fefcbd733643ddd31c47 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in socket-event-trigger (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 84c96a1eba1263914947232b5710b1f74986be68b124fefcbd733643ddd31c47 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-21899

CVE-2025-21899 affects the Linux kernel tracing subsystem. The issue arises in the hist_trigger handling where enabling a trigger wrongly interacts with the named_triggers list, leading to a crash when the list is traversed during unregister/cleanup. The root cause is described in the initial rep...

PT-2025-14280

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been identified, which can cause a crash when certain commands are executed. The issue arises from a corrupt named triggers list, which occurs whe...