112 matches found
CVE-2026-48017 DbGate: Remote Code Execution via functionName injection in loadReader endpoint
DbGate is cross-platform database manager. In versions 7.1.8 and prior, the POST /runners/load-reader endpoint in DbGate accepts a functionName parameter that is directly interpolated into a JavaScript code template without any sanitization or validation. An authenticated user with basic access, ...
CVE-2026-48017
Summary (CVE-2026-48017) DbGate
Exploit for CVE-2026-48017
CVE-2026-48017 — Remote Code Execution in DbGate via function...
DbGate: Remote Code Execution via functionName injection in loadReader endpoint
Summary The POST /runners/load-reader endpoint in DbGate accepts a functionName parameter that is directly interpolated into a JavaScript code template without any sanitization or validation. An authenticated user with basic access, no special permissions required can inject arbitrary JavaScript...
GHSA-HV83-GGC4-V385 DbGate: Remote Code Execution via functionName injection in loadReader endpoint
Summary The POST /runners/load-reader endpoint in DbGate accepts a functionName parameter that is directly interpolated into a JavaScript code template without any sanitization or validation. An authenticated user with basic access, no special permissions required can inject arbitrary JavaScript...
GHSA-WM5R-5QP3-5VXF Authenticated Remote Code Execution via loadReader functionName code injection in DbGate
Summary DbGate is vulnerable to authenticated Remote Code Execution RCE. Any user with valid DbGate credentials can execute arbitrary OS commands as root by exploiting an unsanitized functionName parameter in the /runners/load-reader endpoint. The require = null mitigation is trivially bypassed v...
DbGate: Unauthenticated Remote Code Execution via JSON Script Runner
Summary DbGate's JSON script runner POST /runners/start allows remote code execution via code injection in the functionName parameter of JSON script assign commands. The functionName value is interpolated directly into dynamically generated JavaScript source code via string concatenation. The...
PT-2026-47062
🚨 Multiple Critical Vulnerabilities Disclosed in DbGate Several severe vulnerabilities in DbGate can allow attackers to achieve remote code execution: • CVE-2026-47668 - Unauthenticated RCE via JSON Script Runner dbgate-serve • CVE-2026-47669 - Zip Slip arbitrary file write leading to RCE •...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013643)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013643 advisory. In the Linux kernel, the following vulnerability has been resolved: pinctrl: check the return value of pinmuxops::getfunctionname While the API contract in docs...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011292)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011292 advisory. In the Linux kernel, the following vulnerability has been resolved: pinctrl: check the return value of pinmuxops::getfunctionname While the API contract in docs...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007493)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007493 advisory. In the Linux kernel, the following vulnerability has been resolved: pinctrl: check the return value of pinmuxops::getfunctionname While the API contract in docs...
CVE-2026-3728
A vulnerability was determined in Tenda F453 1.0.0.3/1.If. This issue affects the function fromSetCfm of the file /goform/setcfm. This manipulation of the argument funcname/funcpara1 causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been publicly...
Tenda F453 安全漏洞
The Tenda F453 is a wireless router produced by the Chinese company Tenda. There is a security vulnerability in the Tenda F453 1.0.0.3/1.If version. This vulnerability stems from incorrect operations with parameters funcname/funcpara1 in the file/goform/setcfm, which may lead to a stack buffer...
SUSE CVE-2020-37167
ClamAV versions prior to 0.103.0-rc contain a vulnerability in function name processing through the ClamBC bytecode interpreter that allows attackers to manipulate bytecode function names. Attackers can exploit the weak input validation in function name encoding to potentially execute malicious...
CVE-2020-37167
ClamAV versions prior to 0.103.0-rc contain a vulnerability in function name processing through the ClamBC bytecode interpreter that allows attackers to manipulate bytecode function names. Attackers can exploit the weak input validation in function name encoding to potentially execute malicious...
Linux Distros Unpatched Vulnerability : CVE-2020-37167
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ClamAV versions prior to 0.103.0-rc contain a vulnerability in function name processing through the ClamBC bytecode interpreter that allows attackers to...
CVE-2020-37167
ClamAV versions prior to 0.103.0-rc contain a vulnerability in function name processing through the ClamBC bytecode interpreter that allows attackers to manipulate bytecode function names. Attackers can exploit the weak input validation in function name encoding to potentially execute malicious...
UBUNTU-CVE-2020-37167
ClamAV ClamBC bytecode interpreter contains a vulnerability in function name processing that allows attackers to manipulate bytecode function names. Attackers can exploit the weak input validation in function name encoding to potentially execute malicious bytecode or cause unexpected behavior in...
CVE-2020-37167 ClamAV ClamBC < 0.103.0-rc - 'ClamBC' Executable Regular Expression Error
ClamAV versions prior to 0.103.0-rc contain a vulnerability in function name processing through the ClamBC bytecode interpreter that allows attackers to manipulate bytecode function names. Attackers can exploit the weak input validation in function name encoding to potentially execute malicious...
CVE-2020-37167
CVE-2020-37167 affects ClamAV before 0.103.0-rc, where the ClamBC bytecode interpreter mishandles function name processing due to weak input validation in function name encoding. This can allow manipulation of bytecode function names and potentially execute malicious bytecode or cause unexpected ...