CVE-2018-25418 AiOPMSD Final 1.0.0 SQL Injection via year.php

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the year parameter. Attackers can send GET requests to year.php with crafted SQL payloads in the year parameter to extract sensiti...

DEBIAN-CVE-2026-42585

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty incorrectly parses malformed Transfer-Encoding, enabling request smuggling attacks. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final...

OESA-2023-1905 netty security update

Asynchronous event-driven network application Java framework. Security Fixes: Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion...

africa.absa:inception-application (>=1.0.0 <=1.2.0), ai.agentican:agentican-framework-core (>=0.1.0-alpha.2 <=0.1.0-alpha.3) +37595 more potentially affected by CVE-2022-24823 via io.netty:netty-codec-http (>=4.0.0.Alpha1 <=4.1.76.Final)

io.netty:netty-codec-http MAVEN version =4.0.0.Alpha1, =1.0.0, =0.1.0-alpha.2, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.2, =0.1.0, =0.1.0, =0.2.0, =0.28.0 and more Source cves: CVE-2022-24823 Sourc...

CVE-2021-39203

WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions authenticated users who don't have permission to view private post types/data can bypass restrictions in the block editor under certain conditions. This...

SAPSetup Automatic Workstation Update Service 750 Unquoted Service Path

Exploit Title: SAPSetup Automatic Workstation Update Service 750 - 'NWSAPAutoWorkstationUpdateSvc' Unquoted Service Path Discovery by: Alan Mondragon Discovery Date: 2021-03-16 Vendor Homepage: https://help.sap.com/ Software Links : https://help.sap.com/ SAP Tested Version: 750 Final Release...

resteasy-client: potential sensitive information leakage in JAX-RS RESTEasy Client's WebApplicationException handling

A flaw was found in the RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. This flaw allows client users to obtain the server's potentially sensitive information when the server receives the WebApplicationException from the RESTEasy client call. The highest threat from this...

Planning Ahead to Prevent Vulnerabilities

The cost to remediate vulnerabilities increases as those vulnerabilities make it further into the development process. If they make it into a final release, those vulnerabilities can leave organizations vulnerable to attacks, costing time and resources to address, as well as causing damage to the...

Fedora 30 : opendmarc (2019-24b3f84f6e)

This update provides the final 1.3.2 release previously the package was 1.3.2 beta. It also includes the previously-omitted database schema directory resolving 1415753 and rddmarc tools, and backports proposed fixes for a crasher bug and security issue CVE-2019-16378 from upstream submissions. No...

Fedora 29 : opendmarc (2019-e1f0417a24)

This update provides the final 1.3.2 release previously the package was 1.3.2 beta. It also includes the previously-omitted database schema directory resolving 1415753 and rddmarc tools, and backports proposed fixes for a crasher bug and security issue CVE-2019-16378 from upstream submissions. No...

Yikes! iOS 13 Coming Next Week With iPhone LockScreen Bypass Bug

Good news... next week, on September 19, Apple will roll out iOS 13, the latest version of its mobile operating system. Yes, we're excited about, but here comes the bad news... iOS 13 contains a vulnerability that could allow anyone to bypass the lockscreen protection on your iPhone and access so...

A few more days before EMET 4

On May 8th, we announced that EMET 4 would have been released today, May 28th. Since that day, we had additional feedback and we are working on a few things that are requiring a little bit more time than expected. This considered, we are not releasing EMET 4 today, and we will take a few more day...

50 Days of Lulz - LulzSec Says Goodbye & Operation AntiSec will Continue

50 Days of Lulz - LulzSec Says Goodbye & Operation AntiSec will Continue Hacker group LulzSec has announced that after 50 days of hacking companies and organizations, it is finally done. LulzSec tweet a message which was posted on Pastebin : https://pastebin.com/1znEGmHa The group confirmed its...