CVE-2026-2361

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a temporary view based on a function containing malicious code. When the anon.gettablesampleratio function is then called, the malicious code is executed with superuser privileges. This...

CVE-2026-2361

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a temporary view based on a function containing malicious code. When the anon.gettablesampleratio function is then called, the malicious code is executed with superuser privileges. This...

UBUNTU-CVE-2026-2361

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a temporary view based on a function containing malicious code. When the anon.gettablesampleratio function is then called, the malicious code is executed with superuser privileges. This...

CVE-2026-2361

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a temporary view based on a function containing malicious code. When the anon.gettablesampleratio function is then called, the malicious code is executed with superuser privileges. This...

CVE-2026-2361

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a temporary view based on a function containing malicious code. When the anon.gettablesampleratio function is then called, the malicious code is executed with superuser privileges. This...

PT-2026-7634

Name of the Vulnerable Software and Affected Versions PostgreSQL Anonymizer versions prior to 3.0.1 PostgreSQL versions 14 and 15 Description A flaw exists in PostgreSQL Anonymizer that could allow a user with CREATE privileges to gain superuser privileges. This occurs by creating a temporary vie...

CVE-2024-24780

Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. The attacker who has privilege to create UDF can register malicious function from untrusted URI. This issue affects Apache IoTDB: from 1.0.0 before 1.3.4. Users are recommended to upgrade to version 1.3.4, which fixes...

Apache Mod_cgi Bash Environment Variable Injection (Shellshock) Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache modcgi Bash Environment Variable Injection Shellshock Scanner', 'Description' = %q This module scans for the Shellshock vulnerability, a...

DynamicPHPCode Filtering Bypass leads to Remote Code Execution

Description The "Websites" module in Dolibarr CRM version 6.0.3 and below has "checkPHPCode" function check to ensure that the page not contains any malicious function. However, this funtion only check by using match word searching, that allows malicious authenticated user can bypass by using...

Can steal Fed contract's DOLA balance

Lines of code Vulnerability details Description Due to lack of protection control, it is possible to steal Fed contract's DOLA balance by using a malicious attackerMarket contract by callingFedtakeProfit public function. function takeProfitIMarket market public uint profit = getProfitmarket;...

PrintNightmare

This is a PoC Proof of Concept exploit for the Print Nightmare vulnerability, which affects Windows Print Spooler service. The repository contains a Visual Studio solution file EXP/POC.sln that includes a C++ project POC with a main function. The project uses the RPC Remote Procedure Call client...

GHSA-3RPF-5RQV-689Q PHP Code Injection by malicious function name in smarty

Template authors could inject php code by choosing a malicous function name. Sites that cannot fully trust template authors should update as soon as possible. Please upgrade to 3.1.39 or higher...

PHP Code Injection by malicious function name in smarty

Template authors could inject php code by choosing a malicous function name. Sites that cannot fully trust template authors should update as soon as possible. Please upgrade to 3.1.39 or higher...

Hackers with Credit Card Scrapers Continue to Target Magento

Attackers continue to take aim at the e-commerce platform Magento. Researchers said last week they came across a malicious function snuck into one of the platform’s modules in order to steal credit card information. Code for the function was injected into a .php file for SF9 Realex, a module that...

Shopify: CSV Excel Macro Injection Vulnerability in export list of current users - app.shopify.com

Hi , I have found that when a user tries to Export list of current users who installed his apps through: https://app.shopify.com/services/partners/apiclients//exportinstalledusers the fields of the CSV file are not properly escaped. which makes them vulnerable to CSV Excel Macro Injection...

Zaption: CSV Excel Macro Injection in Export Response

Scenario: An attacker creates a response like =AND21 in a tour that allows open response or discussion. Then when a user who created this tour clicks analytic and clicks to export responses as csv, he will see TRUE instead of =AND12 Meaning that cell is now active, and an attacker could make a...

Apache mod_cgi Bash Environment Variable Injection (Shellshock) Scanner

This module scans for the Shellshock vulnerability, a flaw in how the Bash shell handles external environment variables. This module targets CGI scripts in the Apache web server by setting the HTTPUSERAGENT environment variable to a malicious function definition. PROTIP: Use exploit/multi/handler...