postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation

A flaw was found in PostgreSQL. Due to improper neutralization of quoting syntax, affected versions potentially allow a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the affected function's result to constru...

DDSN Interactive cm3 Acora CMS 安全漏洞

DDSN Interactive cm3 Acora CMS is an enterprise web and mobile CMS from DDSN Interactive. A security vulnerability exists in DDSN Interactive cm3 Acora CMS version 10.1.1 that stems from the presence of an incorrect privilege modification vulnerability that can lead to account takeover and...

Prompt Injection

pandasai is vulnerable to Prompt Injection. The vulnerability is due to insufficient input validation in the interactive prompt function, allowing prompt injection to execute arbitrary Python code...

Arbitrary Code Injection

Overview pandasai is a Pandas AI is a Python library that integrates generative artificial intelligence capabilities into Pandas, making dataframes conversational. Affected versions of this package are vulnerable to Arbitrary Code Injection through the interactive prompt function. An attacker wit...

Top 3 Ransomware Threats Active in 2025

You arrive at the office, power up your system, and panic sets in. Every file is locked, and every system is frozen. A ransom demand flashes on your screen: "Pay $2 million in Bitcoin within 48 hours or lose everything." And the worst part is that even after paying, there's no guarantee you'll ge...

CVE-2024-56267

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in html5maps Interactive UK Map interactive-uk-map allows Stored XSS.This issue affects Interactive UK Map: from n/a through = 3.4.8...

CVE-2024-54319

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kundgenerator Kundgenerator kundgenerator allows Reflected XSS.This issue affects Kundgenerator: from n/a through = 1.0.6...

Online gaming safety for kids: learn how to protect your children

Children love online gaming, and it's no surprise they do it, considering it offers them fun and interactive…...

Security update for buildkit

This update for buildkit fixes the following issues: Update to version 0.12.5: update runc to v1.1.12 exec: add extra validation for submount sources fixes CVE-2024-23651, bsc1219267 oci: fix error handling on submount calls executor: recheck mount stub path within root after container run fixes...

CVE-2022-3365

Due to reliance on a trivial substitution cipher, sent in cleartext, and the reliance on a default password when the user does not set a password, the Remote Mouse Server by Emote Interactive can be abused by attackers to inject OS commands over theproduct's custom control protocol. A Metasploit...

CVE-2022-3365 Emote Interactive Remote Mouse Server command injection due to weak encoding

Due to reliance on a trivial substitution cipher, sent in cleartext, and the reliance on a default password when the user does not set a password, the Remote Mouse Server by Emote Interactive can be abused by attackers to inject OS commands over theproduct's custom control protocol. A Metasploit...

PT-2025-1362 · Emote Interactive · Remote Mouse Server

Name of the Vulnerable Software and Affected Versions: Remote Mouse Server by Emote Interactive version 4.110 Description: The issue arises due to the product's reliance on a trivial substitution cipher sent in cleartext and its use of a default password when no password is set by the user. This...

CVE-2024-56967

An issue in Cloud Whale Interactive Technology LLC. PolyBuzz iOS 2.0.20 allows attackers to access sensitive user information via supplying a crafted link...

CVE-2024-56967

An issue in Cloud Whale Interactive Technology LLC. PolyBuzz iOS 2.0.20 allows attackers to access sensitive user information via supplying a crafted link...

WordPress Interactive Page Hierarchy plugin <= 1.0.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Mika in WordPress Plugin Interactive Page Hierarchy versions = 1.0.1...

CVE-2025-22964

DDSN Interactive cm3 Acora CMS version 10.1.1 has an unauthenticated time-based blind SQL Injection vulnerability caused by insufficient input sanitization and validation in the "table" parameter. This flaw allows attackers to inject malicious SQL queries by directly incorporating user-supplied...

CVE-2025-22964

DDSN Interactive cm3 Acora CMS version 10.1.1 has an unauthenticated time-based blind SQL Injection vulnerability caused by insufficient input sanitization and validation in the "table" parameter. This flaw allows attackers to inject malicious SQL queries by directly incorporating user-supplied...

CVE-2025-22964

DDSN Interactive cm3 Acora CMS v10.1.1 is affected by an unauthenticated time-based blind SQL Injection in the table parameter due to insufficient input sanitization/validation. Impact includes unauthorized data access, data manipulation, and exposure of sensitive information. No public fix is do...

CVE-2024-56267

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in html5maps Interactive UK Map interactive-uk-map allows Stored XSS.This issue affects Interactive UK Map: from n/a through = 3.4.8...

CVE-2024-56267

CVE-2024-56267 describes a Stored XSS in the Interactive UK Map (Fla-shop.com) WordPress plugin. Affected: Interactive UK Map versions up to 3.4.8 (range stated as from n/a through 3.4.8). Impact per CVSS: abuse of confidential, integrity, and availability with Low severity (I/L/A) but overall ba...