CVE-2026-35566

REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-39319. Reason: This candidate is a duplicate of CVE-2026-39319. Notes: All CVE users should reference CVE-2026-39319 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental...

CVE-2026-35566

ChurchCRM prior to 7.1.0 contains a critical SQL injection due to unquoted use of $_SESSION['iCurrentFundraiser'] in FundRaiserStatement.php, sourced from FundRaiserEditor.php where InputUtils::legacyFilterInputArr() lacks the 'int' type specifier. The vulnerable value is used in a numeric SQL co...

CVE-2026-24419

OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Error-Based SQL Injection vulnerability in the Prima Nota Journal Entry module's add.php file. The application fails to validate that comma-separated...

EUVD-2016-4931

Malware in sbrugna...

EUVD-2012-5041

Malware in sbrugna...

EUVD-2022-0355

Malicious code in bioql PyPI...

CVE-2022-24845

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In affected versions, the return of .returnsint128 is not validated to fall within the bounds of int128. This issue can result in a misinterpretation of the integer value and lead to incorrect behavior. As of v0.3.0,...

CVE-2022-24845

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In affected versions, the return of .returnsint128 is not validated to fall within the bounds of int128. This issue can result in a misinterpretation of the integer value and lead to incorrect behavior. As of v0.3.0,...

Reviews Plus < 1.2.14 - Subscriber+ Reviews DoS

The plugin does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service in the review section when an authenticated user submit such rating and the reviews are set to be displayed on the post/page PoC Enable reviews for post/pages, and enable the "Show...

CVE-2019-19911

There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImagePlugin.py calling the range function on an unvalidated 32-bit integer if the number of bands is large. On Windows running 32-bit Python, this results in an OverflowError or MemoryError due to the 2 GB limit. However, on Linux...

MapsMarker.com e.U.: [Informational] Possible SQL Injection in inc/ajax-actions-frontend.php

At first, I thought, that my finding is a valid sql injection but I was wrong because of WordPress currently adding magic slashes to COOKIE/POST/GET - this is a very special behaviour which may be remove in the future. There are tons of requests to remove this "old" technique. Nevertheless I...

Simple Dynamic Web 0.1 - SQL Injection

Exploit Title.............. Simple Dynamic Web SQL Injection Google Dork................ N/A Date....................... 14/10/2016 Exploit Author............. lahilote Vendor Homepage............ http://www.sourcecodester.com/php/10888/simple-dynamic-web-site.html Software Link...

School Full CBT 0.1 - SQL Injection

School Full CBT 0.1 - SQL Injection Exploit Title.............. School Full CBT SQL Injection Google Dork................ N/A Date....................... 14/10/2016 Exploit Author............. lahilote Vendor Homepage............ http://www.sourcecodester.com/node/9859 Software Link...

Panda Global Protection 2010 local Dos

No description provided by source. include stdio.h include windows.h include winioctl.h include stdlib.h include string.h / Program : Panda Global Protection 2010 3.01.00 Homepage : http://www.pandasecurity.com Discovery : 2010/04/09 Author Contacted : 2010/07/15 Status of vuln : Patched ! Found ...

Design/Logic Flaw

Google Chrome before 23.0.1271.64 on Mac OS X does not properly validate an integer value during the handling of GPU command buffers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors...

CVE-2012-5118

Removed by vendor...

CVE-2012-5118

CVE-2012-5118 affects Google Chrome on Mac OS X prior to 23.0.1271.64. The vulnerability is an integer bounds/validation issue in GPU command buffers, which could allow a remote attacker to cause a denial of service or other unspecified impact. Publicly cited sources in the connected documents co...

CVE-2012-5118

Google Chrome before 23.0.1271.64 on Mac OS X does not properly validate an integer value during the handling of GPU command buffers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors...

PostgreSQL空字符CA SSL整数校验安全绕过漏洞

Bugraq ID: 37334 CVE ID：CVE-2009-4034 PostgreSQL是一款对象关系型数据库管理系统，支持扩展的SQL标准子集。 处理部分证书字段中嵌入空字符的SSL证书存在错误，攻击者可以利用漏洞伪造证书，进行中间人等攻击。 SSL证书中的空字符可用于伪造客户端或服务端验证，只影响启用了SSL，执行证书名校验或客户端证书验证，而其CA已经被诱骗发布了非法证书的用户。 PostgreSQL PostgreSQL 8.4.1 PostgreSQL PostgreSQL 8.3.8 PostgreSQL PostgreSQL 8.3.6 PostgreSQL...

webSPELL 4.2.0d (Linux) - Local File Disclosure

/ webSPELL ------------------------------ Possible Fix: $file = pregreplace'/^a-zA-Z0-9/','',addslashes$GET'id'; otherwise if $GET...