113 matches found
CVE-2026-48017 DbGate: Remote Code Execution via functionName injection in loadReader endpoint
DbGate is cross-platform database manager. In versions 7.1.8 and prior, the POST /runners/load-reader endpoint in DbGate accepts a functionName parameter that is directly interpolated into a JavaScript code template without any sanitization or validation. An authenticated user with basic access, ...
CVE-2026-48017
Summary (CVE-2026-48017) DbGate
Exploit for CVE-2026-48017
CVE-2026-48017 — Remote Code Execution in DbGate via function...
GHSA-HV83-GGC4-V385 DbGate: Remote Code Execution via functionName injection in loadReader endpoint
Summary The POST /runners/load-reader endpoint in DbGate accepts a functionName parameter that is directly interpolated into a JavaScript code template without any sanitization or validation. An authenticated user with basic access, no special permissions required can inject arbitrary JavaScript...
DbGate: Remote Code Execution via functionName injection in loadReader endpoint
Summary The POST /runners/load-reader endpoint in DbGate accepts a functionName parameter that is directly interpolated into a JavaScript code template without any sanitization or validation. An authenticated user with basic access, no special permissions required can inject arbitrary JavaScript...
GHSA-WM5R-5QP3-5VXF Authenticated Remote Code Execution via loadReader functionName code injection in DbGate
Summary DbGate is vulnerable to authenticated Remote Code Execution RCE. Any user with valid DbGate credentials can execute arbitrary OS commands as root by exploiting an unsanitized functionName parameter in the /runners/load-reader endpoint. The require = null mitigation is trivially bypassed v...
DbGate: Unauthenticated Remote Code Execution via JSON Script Runner
Summary DbGate's JSON script runner POST /runners/start allows remote code execution via code injection in the functionName parameter of JSON script assign commands. The functionName value is interpolated directly into dynamically generated JavaScript source code via string concatenation. The...
PT-2026-47062
🚨 Multiple Critical Vulnerabilities Disclosed in DbGate Several severe vulnerabilities in DbGate can allow attackers to achieve remote code execution: • CVE-2026-47668 - Unauthenticated RCE via JSON Script Runner dbgate-serve • CVE-2026-47669 - Zip Slip arbitrary file write leading to RCE •...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013643)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013643 advisory. In the Linux kernel, the following vulnerability has been resolved: pinctrl: check the return value of pinmuxops::getfunctionname While the API contract in docs...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011292)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011292 advisory. In the Linux kernel, the following vulnerability has been resolved: pinctrl: check the return value of pinmuxops::getfunctionname While the API contract in docs...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007493)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007493 advisory. In the Linux kernel, the following vulnerability has been resolved: pinctrl: check the return value of pinmuxops::getfunctionname While the API contract in docs...
The vulnerability of the H5FS__sinfo_serialize_node_cb function in the src/H5FScache.c component of the HDF5 processing library allows a attacker to trigger a service failure.
The vulnerability of the H5FSsinfoserializenodecb function in the src/H5FScache.c component of the HDF5 processing library is related to the failure of the operation outside of the buffer in memory. Exploiting this vulnerability could allow an attacker to cause a service failure...
CVE-2026-3728
A vulnerability was determined in Tenda F453 1.0.0.3/1.If. This issue affects the function fromSetCfm of the file /goform/setcfm. This manipulation of the argument funcname/funcpara1 causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been publicly...
Tenda F453 安全漏洞
The Tenda F453 is a wireless router produced by the Chinese company Tenda. There is a security vulnerability in the Tenda F453 1.0.0.3/1.If version. This vulnerability stems from incorrect operations with parameters funcname/funcpara1 in the file/goform/setcfm, which may lead to a stack buffer...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: pinctrl: Check the return value of pinmuxops::getfunctionname. While the API contract in the documentation does not explicitly specify this, the generic implementation of the getfunctionname callback from struct pinmuxops –...
SUSE CVE-2020-37167
ClamAV versions prior to 0.103.0-rc contain a vulnerability in function name processing through the ClamBC bytecode interpreter that allows attackers to manipulate bytecode function names. Attackers can exploit the weak input validation in function name encoding to potentially execute malicious...
CVE-2020-37167
ClamAV versions prior to 0.103.0-rc contain a vulnerability in function name processing through the ClamBC bytecode interpreter that allows attackers to manipulate bytecode function names. Attackers can exploit the weak input validation in function name encoding to potentially execute malicious...
Linux Distros Unpatched Vulnerability : CVE-2020-37167
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ClamAV versions prior to 0.103.0-rc contain a vulnerability in function name processing through the ClamBC bytecode interpreter that allows attackers to...
CVE-2020-37167
ClamAV versions prior to 0.103.0-rc contain a vulnerability in function name processing through the ClamBC bytecode interpreter that allows attackers to manipulate bytecode function names. Attackers can exploit the weak input validation in function name encoding to potentially execute malicious...
UBUNTU-CVE-2020-37167
ClamAV ClamBC bytecode interpreter contains a vulnerability in function name processing that allows attackers to manipulate bytecode function names. Attackers can exploit the weak input validation in function name encoding to potentially execute malicious bytecode or cause unexpected behavior in...