CVE-2025-34335

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 expose an authenticated command injection vulnerability in the license activation workflow handled by AudioCodesfiles/ActivateLicense.php. When a license file is uploaded, the application derives a new...

OESA-2025-1335 postgresql-13 security update

PostgreSQL is an advanced Object-Relational database management system DBMS. The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine a...

PYSEC-2024-25

DuckDB =0.9.2 and DuckDB extension-template =0.9.2 are vulnerable to malicious extension injection via the custom extension feature...

CVE-2024-22682

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

CVE-2024-22682

CVE-2024-22682 concerns DuckDB and its extension-template. Affected: DuckDB versions prior to 0.9.3 and DuckDB extension-template prior to 0.9.3. Issue: malicious extension injection via the custom extension feature. Impact: allows injection through the extension mechanism as described by multipl...

PT-2024-19529 · Duckdb +1 · Duckdb +1

Name of the Vulnerable Software and Affected Versions: DuckDB versions prior to 0.9.3 DuckDB extension-template versions prior to 0.9.3 Description: The issue allows for malicious extension injection through the custom extension feature. Recommendations: For DuckDB versions prior to 0.9.3, update...

The vulnerability of the PostgreSQL database management system, related to the possibility of SQL injections in extensions, allows attackers to execute arbitrary SQL queries against the database.

The vulnerability of the PostgreSQL database management system lies in the possibility of SQL injections through extensions that use citation constructs @extowner@, @extschema@, or @extschema:... within parentheses dollar quoting, 'or "'. Exploiting this vulnerability allows a malicious actor to...

SUSE CVE-2016-5149

The extensions subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux relies on an IFRAME source URL to identify an associated extension, which allows remote attackers to conduct extension-bindings injection attacks by leveraging script access to a...

Malicious code in erquests (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 129e5c67efd79f860efbe29e7d6ed0f4a8a0dfd103fb6e0bd6ac3bf056521a44 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

CVE-2022-2619

CVE-2022-2619 applies to Google Chrome/Chromium, where insufficient input validation in Settings allows injection of scripts/HTML into a privileged page when a user installs a malicious extension. Affected version baseline is before 104.0.5112.79. Public writeups in connected docs confirm the iss...

CVE-2016-5149

The extensions subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux relies on an IFRAME source URL to identify an associated extension, which allows remote attackers to conduct extension-bindings injection attacks by leveraging script access to a...

Google Chrome < 12.0.742.91 Multiple Vulnerabilities

Binary data 5943.pasl...

Google Chrome < 12.0.742.91 Multiple Vulnerabilities

Binary data 800929.prm...