CVE-2026-6159 code-projects Simple ChatBox Endpoint insert.php cross site scripting

A vulnerability has been found in code-projects Simple ChatBox up to 1.0. Affected by this vulnerability is an unknown functionality of the file /chatbox/insert.php of the component Endpoint. Such manipulation of the argument msg leads to cross site scripting. The attack may be performed from...

CVE-2026-6159 code-projects Simple ChatBox Endpoint insert.php cross site scripting

A vulnerability has been found in code-projects Simple ChatBox up to 1.0. Affected by this vulnerability is an unknown functionality of the file /chatbox/insert.php of the component Endpoint. Such manipulation of the argument msg leads to cross site scripting. The attack may be performed from...

CVE-2026-6159

A vulnerability has been found in code-projects Simple ChatBox up to 1.0. Affected by this vulnerability is an unknown functionality of the file /chatbox/insert.php of the component Endpoint. Such manipulation of the argument msg leads to cross site scripting. The attack may be performed from...

PT-2026-32260

A vulnerability has been found in code-projects Simple ChatBox up to 1.0. Affected by this vulnerability is an unknown functionality of the file /chatbox/insert.php of the component Endpoint. Such manipulation of the argument msg leads to cross site scripting. The attack may be performed from...

Code-Projects Simple ChatBox SQL注入漏洞

Code-Projects Simple ChatBox is a simple chat box system developed by Code-Projects as open source. Versions of Code-Projects Simple ChatBox 1.0 and earlier contained a SQL injection vulnerability. This vulnerability stemmed from incorrect handling of the msg parameter in the...

PT-2026-32262

A vulnerability was determined in code-projects Simple ChatBox up to 1.0. This affects an unknown part of the file /chatbox/insert.php of the component Endpoint. Executing a manipulation of the argument msg can lead to sql injection. It is possible to launch the attack remotely. The exploit has...

CVE-2026-29953

SQL Injection vulnerability in SchemaHero 0.23.0 via the column parameter to the columnAsInsert function in file plugins/postgres/lib/column.go...

CVE-2026-33643

SQL Injection vulnerability in SchemaHero 0.23.0 via the column parameter to the mysqlColumnAsInsert function in file plugins/mysql/lib/column.go...

EUVD-2026-17131

SQL Injection vulnerability in SchemaHero 0.23.0 via the column parameter to the columnAsInsert function in file plugins/postgres/lib/column.go...

CVE-2026-29953

SQL Injection vulnerability in SchemaHero 0.23.0 via the column parameter to the columnAsInsert function in file plugins/postgres/lib/column.go...

RUSTSEC-2026-0078 Symbol confusion after hasher panic in `intaglio` interners

Affected versions of this crate can leave all SymbolTable variants in an internally inconsistent state if a custom BuildHasher panics during HashMap::insert and the caller recovers with catchunwind. The intern implementations committed a vec.push... before the matching map.insert... completed. If...

CVE-2026-29953

SQL Injection vulnerability in SchemaHero 0.23.0 via the column parameter to the columnAsInsert function in file plugins/postgres/lib/column.go...

CVE-2026-33643

SQL Injection vulnerability in SchemaHero 0.23.0 via the column parameter to the mysqlColumnAsInsert function in file plugins/mysql/lib/column.go...

CVE-2026-33643

SQL Injection vulnerability in SchemaHero 0.23.0 via the column parameter to the mysqlColumnAsInsert function in file plugins/mysql/lib/column.go...

CVE-2026-33643

CVE-2026-33643 affects SchemaHero 0.23.0 with a SQL Injection flaw in the MySQL plugin path: the column.go processing in plugins/mysql/lib/column.go improperly handles the column parameter, allowing malicious input to alter table schema. Connected sources also describe similar risks in the Postgr...

CVE-2026-29953

CVE-2026-29953 corresponds to a SQL Injection vulnerability in SchemaHero 0.23.0. The issue is triggered via the column parameter to the columnAsInsert function in plugins/postgres/lib/column.go. The vulnerability is evidenced across multiple feeds (Red Hat, CIRCL, NVD, CVE records) with consiste...

CVE-2026-33643

SQL Injection vulnerability in SchemaHero 0.23.0 via the column parameter to the mysqlColumnAsInsert function in file plugins/mysql/lib/column.go...

SchemaHero 安全漏洞

SchemaHero is an open-source database schema management tool developed by SchemaHero. Version 0.23.0 of SchemaHero contains a security vulnerability. This vulnerability stems from the improper handling of the column parameter in the columnAsInsert function within the column.go file, which may lea...

OESA-2026-1766 glib2 security update

GLib is a bundle of three formerly five low-level system libraries written in C and developed mainly by GNOME. GLib's code was separated from GTK, so it can be used by software other than GNOME and has been developed in parallel ever since. Security Fixes: A flaw was found in GLib, which is...

EUVD-2026-16422

Information disclosure in the file URI processing of File Field Paths in Drupal File Field Paths 7.x prior to 7.1.3 on Drupal 7.x allows authenticated users to disclose other users’ private files via filename‑collision uploads. This can cause hooknodeinsert consumers for example, email attachment...