CVE-2026-6031

The CVE concerns code-projects Simple IT Discussion Forum 1.0. The vulnerability is in the add-category-function.php file, where manipulation of the Category argument enables SQL injection. This is a NETWORK, low-complexity issue with no required privileges or user interaction, and it is exploita...

CVE-2026-6031 code-projects Simple IT Discussion Forum add-category-function.php sql injection

A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. This affects an unknown function of the file /add-category-function.php. Such manipulation of the argument Category leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the...

Backdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend Servers

Unknown threat actors have hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla to push a poisoned version containing a backdoor. The incident impacts Smart Slider 3 Pro version 3.5.1.35 for WordPress, per WordPress security company Patchstack. Smart Slider 3 is a...

Security Bulletin: Segmentation Fault Vulnerability in Rust time crate on Unix Systems (v0.2.7–v0.2.22) affects watsonx.data

Summary A vulnerability in the Rust time crate v0.2.7–v0.2.22 can cause segmentation faults on Unix-like systems when environment variables are set from a different thread. Windows and WebAssembly targets are unaffected. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2020-26235...

Security Bulletin: Use-After-Free Vulnerability in c-ares read_answers() Function (v1.32.3–v1.34.4) affects watsonx.data

Summary CVE-2025-31498 - A use-after-free vulnerability exists in c-ares v1.32.3–v1.34.4 within the readanswers function. It can occur when processanswer re-enqueues queries under certain DNS conditions, potentially leading to crashes or unexpected behavior. This can affect watsonx.data...

Security Bulletin: runc File Descriptor Leak Leads to Container Escape Vulnerability (Fixed in 1.1.12), affects watsonx.data

Summary runc ≤ 1.1.11 contains a file descriptor leak vulnerability that can allow container processes to access the host filesystem, leading to potential container escape and host compromise. Fixed in version 1.1.12. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2024-21626...

Security Bulletin: tough-cookie Prototype Pollution Vulnerability in CookieJar, affects watsonx.data

Summary ough-cookie versions prior to 4.1.3 are vulnerable to prototype pollution when using CookieJar with rejectPublicSuffixes=false due to improper object initialization. Fixed in version 4.1.3. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2023-26136 DESCRIPTION: Versions of t...

Security Bulletin: XSS Vulnerability in React Router meta()/Meta APIs During SSR, affects watsonx.data

Summary React Router @remix-run/react 1.15.0–2.17.0, react-router 7.0.0–7.8.2 is vulnerable to XSS in meta/Meta APIs when generating script:ld+json tags in Framework Mode. Arbitrary JavaScript could execute during SSR if untrusted content is used. No impact occurs in Declarative Mode BrowserRoute...

Security Bulletin: Decompression Bomb Vulnerability in urllib3 affects watsonx.data

Summary urllib3 versions ≥1.24 and 2.6.0 are vulnerable to unbounded decompression chains. A malicious server can trigger excessive CPU and memory usage by sending many nested compression steps. The issue is fixed in version 2.6.0. This can affect watsonx.data. Vulnerability Details...

Security Bulletin: Decompression Bomb Vulnerability in Undic, affects watsonx.data

Summary Undici versions prior to 7.18.0 and 6.23.0 are vulnerable to unbounded decompression chains. Malicious servers can exploit this to trigger high CPU usage and excessive memory allocation due to thousands of compression steps. This can affect watsonx.data. Vulnerability Details...

Security Bulletin: Eclipse Jetty HTTP/2 DoS Vulnerability affects watsonx.data

Summary A flaw in the Eclipse Jetty HTTP/2 server implementation causes improper cleanup of connections when handling invalid HTTP/2 requests. When malformed or invalid requests are received, the server fails to correctly release active connections and associated resources. This can affect...

EUVD-2026-21231

Dual-Algorithm CertificateVerify out-of-bounds read. When processing a dual-algorithm CertificateVerify message, an out-of-bounds read can occur on crafted input. This can only occur when --enable-experimental and --enable-dual-alg-certs is used when building wolfSSL...

DEBIAN-CVE-2026-5393

Dual-Algorithm CertificateVerify out-of-bounds read. When processing a dual-algorithm CertificateVerify message, an out-of-bounds read can occur on crafted input. This can only occur when --enable-experimental and --enable-dual-alg-certs is used when building wolfSSL...

CVE-2026-5393

Dual-Algorithm CertificateVerify out-of-bounds read. When processing a dual-algorithm CertificateVerify message, an out-of-bounds read can occur on crafted input. This can only occur when --enable-experimental and --enable-dual-alg-certs is used when building wolfSSL...

UBUNTU-CVE-2026-5393

Dual-Algorithm CertificateVerify out-of-bounds read. When processing a dual-algorithm CertificateVerify message, an out-of-bounds read can occur on crafted input. This can only occur when --enable-experimental and --enable-dual-alg-certs is used when building wolfSSL...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the DoTls13CertificateVerify process when handling a dual-algorithm CertificateVerify message due to improper bounds checking on crafted input. An attacker can cause the application to read memory outside the...

PT-2026-31889

Name of the Vulnerable Software and Affected Versions code-projects Simple IT Discussion Forum version 1.0 Description A flaw exists in code-projects Simple IT Discussion Forum version 1.0 that allows for SQL injection via manipulation of the Category argument in the /add-category-function.php...

PT-2026-31890

Name of the Vulnerable Software and Affected Versions Simple Laundry System version 1.0 Description A flaw exists in Simple Laundry System 1.0, specifically within the /checkcheckout.php file. Manipulation of the serviceId argument can lead to cross site scripting, potentially allowing for remote...

Code-Projects Simple IT Discussion Forum 代码注入漏洞

Code-Projects Simple IT Discussion Forum is a simple forum developed by Code-Projects as open source. Version 1.0 of the code-projects Simple Laundry System has a code injection vulnerability. This vulnerability stems from incorrect handling of the parameter serviceId in the file...

CVE-2026-5393

Dual-Algorithm CertificateVerify out-of-bounds read. When processing a dual-algorithm CertificateVerify message, an out-of-bounds read can occur on crafted input. This can only occur when --enable-experimental and --enable-dual-alg-certs is used when building wolfSSL...