1470 matches found
netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree()
...
SUSE CVE-2025-23150
In the Linux kernel, the following vulnerability has been resolved: ext4: fix off-by-one error in dosplit Syzkaller detected a use-after-free issue in ext4insertdentry that was caused by out-of-bounds access due to incorrect splitting in dosplit. BUG: KASAN: use-after-free in...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection due to improper escaping of a query parameter in the postgres64, postgres7, postgres8, and postgres9 drivers. An attacker can execute arbitrary SQL statements by injecting malicious SQL code into the pginsertid method...
DEBIAN-CVE-2025-23150
In the Linux kernel, the following vulnerability has been resolved: ext4: fix off-by-one error in dosplit Syzkaller detected a use-after-free issue in ext4insertdentry that was caused by out-of-bounds access due to incorrect splitting in dosplit. BUG: KASAN: use-after-free in...
Vulnerability of the PostgresDB._process_insert_query() function (file web/db.py), a web application creation framework by web.py, allowing attackers to execute arbitrary SQL commands
The vulnerability of the PostgresDB.processinsertquery function located in the web/db.py file of the web.py web framework is related to the lack of security measures for SQL query structures. Exploiting this vulnerability allows an attacker to execute arbitrary SQL commands using the seqname...
Projectworlds Online Examination System 安全漏洞
Projectworlds Online Examination System is an online examination system from Projectworlds India. A security vulnerability exists in Projectworlds Online Examination System version 1.0, which stems from an incorrect manipulation of the parameter DocID in the file /inserdocprocess.php resulting in...
PT-2025-25809
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the fixed version Description A vulnerability in the Linux kernel has been resolved, related to the btrfs file system. The issue is caused by the incorrect order of arguments in the btrfs prelim ref function,...
DEBIAN-CVE-2025-3818
A vulnerability, which was classified as critical, was found in webpy web.py 0.70. Affected is the function PostgresDB.processinsertquery of the file web/db.py. The manipulation of the argument seqname leads to sql injection. It is possible to launch the attack remotely. The exploit has been...
UBUNTU-CVE-2025-3818
A vulnerability, which was classified as critical, was found in webpy web.py 0.70. Affected is the function PostgresDB.processinsertquery of the file web/db.py. The manipulation of the argument seqname leads to sql injection. It is possible to launch the attack remotely. The exploit has been...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection in the processinsertquery function in the PostgresDB class. An attacker who can control the tablename used in a query, which is passed to the seqname argument without escaping, can cause SQL to be executed. Remediation The...
WordPress WP Headers And Footers plugin <= 3.1.1 - Cross-Site Request Forgery to Arbitrary Options Update vulnerability
Cross-Site Request Forgery to Arbitrary Options Update vulnerability discovered by Carlos Ferreira in WordPress Plugin Insert Headers And Footers versions = 3.1.1...
SilverStripe 5.3.8 - Stored Cross Site Scripting (XSS) (Authenticated)
Exploit Title: SilverStripe 5.3.8 - Stored Cross Site Scripting XSS Authenticated Date: 2025-01-15 Exploit Author: James Nicoll Vendor Homepage: https://www.silverstripe.org/ Software Link: https://www.silverstripe.org/download/ Category: Web Application Version: 5.2.22 Tested on: SilverStripe...
PT-2025-18404
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.12.0-rc6-syzkaller-00318-ga9cda7c0ffed Description A use-after-free issue was detected in the ext4 insert dentry function due to out-of-bounds access caused by incorrect splitting in do split. This issue can le...
CVE-2025-31379
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in programphases Insert HTML Here insert-html-here allows Reflected XSS.This issue affects Insert HTML Here: from n/a through = 1.0...
CVE-2025-31379
CVE-2025-31379 : Reflected XSS in WordPress plugin "Insert HTML Here" (
CVE-2025-31379 WordPress Insert HTML Here plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in programphases Insert HTML Here allows Reflected XSS. This issue affects Insert HTML Here: from n/a through 1.0...
CVE-2025-31379 WordPress Insert HTML Here plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in programphases Insert HTML Here insert-html-here allows Reflected XSS.This issue affects Insert HTML Here: from n/a through = 1.0...
PT-2025-28989
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: In the Linux kernel, a flaw exists within the btrfs subsystem, specifically in the btrfs convert extent bit function. If the insert state function fails, it returns an error pointer...
SUSE CVE-2025-21959
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconncount: Fully initialize struct nfconncounttuple in inserttree Since commit b36e4523d4d5 "netfilter: nfconncount: fix garbage collection confirm race", cpu and jiffies32 were introduced to the struct...
CVE-2025-2779 Insert Headers and Footers Code – HT Script <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update
The Insert Headers and Footers Code – HT Script plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxdismiss function in all versions up to, and including, 1.1.2. This makes it possible for authenticated attackers, with...