@amrc-factoryplus/mcp (=1.0.0), @amrc-factoryplus/service-client (>=1.3.3 <=1.6.0) +14 more potentially affected by unknown CVE via got-fetch (=5.1.10)

got-fetch NPM version =5.1.10 is affected by a known vulnerability. The following packages have a transitive dependency on got-fetch and may be impacted: - @amrc-factoryplus/mcp =1.0.0 - @amrc-factoryplus/service-client =1.3.3, =0.0.1-alpha.3, =1.0.0, =3.0.0, =1.4.0, =2.0.2, =2.2.26, =1.0.0,...

Chat System fetch_chat.php file SQL Injection Vulnerability

Chat System is a chat system. Chat System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter ID in the file /user/fetchchat.php. An attacker can exploit this vulnerability to execute illegal SQL commands to steal...

Chat System fetch_member.php File SQL Injection Vulnerability

Chat System is a chat system. Chat System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter ID in the file /user/fetchmember.php. An attacker can exploit this vulnerability to execute illegal SQL commands to ste...

Brave Software: SameSite restrictions are lifted, and SameSite:Strict cookie are being sent.

A vulnerability was discovered where SameSite=Strict cookies were being sent during cross-site navigations, even though they should have been restricted under the SameSite policy. This was caused by the absence of the Sec-Fetch-Site: cross-site header, which is normally used to prevent such...

wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process

...

CVE-2025-7187

A vulnerability classified as critical has been found in code-projects Chat System 1.0. Affected is an unknown function of the file /user/fetchmember.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to th...

CVE-2025-7186

A vulnerability was found in code-projects Chat System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /user/fetchchat.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed t...

Code-Projects Chat System 注入漏洞

Chat System is a chat system. Chat System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter ID in the file /user/fetchmember.php. An attacker can exploit this vulnerability to execute illegal SQL commands to ste...

HTTP Fetch

Fetch and execute an x64 payload from an HTTP server. Module Options msf use payload/cmd/linux/http/x64/sethostname msf payloadsethostname show actions ...actions... msf payloadsethostname set ACTION msf payloadsethostname show options ...show and set options... msf payloadsethostname run This...

HTTPS Fetch

Fetch and execute an x64 payload from an HTTPS server. Module Options msf use payload/cmd/linux/https/x64/sethostname msf payloadsethostname show actions ...actions... msf payloadsethostname set ACTION msf payloadsethostname show options ...show and set options... msf payloadsethostname run This...

TFTP Fetch

Fetch and execute an x64 payload from a TFTP server. Module Options msf use payload/cmd/linux/tftp/x64/sethostname msf payloadsethostname show actions ...actions... msf payloadsethostname set ACTION msf payloadsethostname show options ...show and set options... msf payloadsethostname run This...

SUSE CVE-2025-48172

CHMLib through 2bef8d0, as used in SumatraPDF and other products, has a chmlib.c chmdecompressblock integer overflow. There is a resultant heap-based buffer overflow in chmfetchbytes...

UBUNTU-CVE-2025-48172

CHMLib through 2bef8d0, as used in SumatraPDF and other products, has a chmlib.c chmdecompressblock integer overflow. There is a resultant heap-based buffer overflow in chmfetchbytes...

CVE-2025-34074

An authenticated remote code execution vulnerability exists in Lucee’s administrative interface due to insecure design in the scheduled task functionality. An administrator with access to /lucee/admin/web.cfm can configure a scheduled job to retrieve a remote .cfm file from an attacker-controlled...

Security update for python-cryptography

This update for python-cryptography fixes the following issues: CVE-2025-3416: openssl: Fixed Use-After-Free in Md::fetch and Cipher::fetch in rust-openssl crate bsc1242631 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...

Malicious code in display-fetch_stream (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 93a196cb5e04250355d4a4e51d12810d2324320559124570c03be4209dba9d1f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Inventory Management System fetchSelectedBrand.php File SQL Injection Vulnerability

Inventory Management System is an inventory management system. Inventory Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter brandId in the file /phpaction/fetchSelectedBrand.php. An attacke...

Inventory Management System fetchSelectedCategories.php File SQL Injection Vulnerability

Inventory Management System is an inventory management system. Inventory Management System suffers from a SQL injection vulnerability that originates from the lack of validation of the categoriesId parameter in the /phpaction/fetchSelectedCategories.php file against externally entered SQL...

CVE-2025-6668

A vulnerability was found in code-projects Inventory Management System 1.0. It has been classified as critical. This affects an unknown part of the file /phpaction/fetchSelectedBrand.php. The manipulation of the argument brandId leads to sql injection. It is possible to initiate the attack...

CVE-2025-6503

A vulnerability was found in code-projects Inventory Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /phpaction/fetchSelectedCategories.php. The manipulation of the argument categoriesId leads to sql injection. The attack may be initiated...