EUVD-2026-29036

A flaw has been found in bettercap up to 2.41.5. Affected by this issue is some unknown functionality of the file modules/mysqlserver/mysqlserver.go of the component MySQL Server. Executing a manipulation can lead to integer coercion error. The attack can be launched remotely. The attack requires...

CVE-2026-2903

A flaw has been found in skvadrik re2c up to 4.4. Impacted is the function checkandmergespecialrules of the file src/parse/ast.cc. This manipulation causes null pointer dereference. The attack can only be executed locally. The exploit has been published and may be used. Patch name:...

UBUNTU-CVE-2025-9394

A flaw has been found in PoDoFo 1.1.0-dev. This issue affects the function PdfTokenizer::DetermineDataType of the file src/podofo/main/PdfTokenizer.cpp of the component PDF Dictionary Parser. Executing manipulation can lead to use after free. It is possible to launch the attack on the local host...

AZL-65996 CVE-2024-48916 affecting package ceph for versions less than 16.2.10-9

Ceph is a distributed object, block, and file storage platform. In versions 19.2.3 and below, it is possible to send an JWT that has "none" as JWT alg. And by doing so the JWT signature is not checked. The vulnerability is most likely in the RadosGW OIDC provider. As of time of publication, a kno...

WordPress Metform Elementor Contact Form Builder Plugin <= 3.3.1 is vulnerable to Sensitive Data Exposure

Software Metform Elementor Contact Form Builder Type Plugin Vulnerable versions = 3.3.1 Fixed in 3.3.2 OWASP Top 10 A5: Security Misconfiguration Classification Sensitive Data Exposure CVE CVE-2023-0689 Patch priority Low CVSS severity Low 4.3 Developer Wpmet PSID 4be7cb75c51f Credits Ramuel Gall...

Amazon Linux AMI : rubygem-rake (ALAS-2020-1384)

It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1384 advisory. There is an OS command injection vulnerability in Ruby Rake 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character |. CVE-2020-8130 Tenable has extracted the preceding...

We-Com OpenData CMS 2.0 SQL Injection

Exploit Title: We-com OpenData CMS 2.0 Authentication Bypass / SQL Injection Google Dork:N/A Date: 2020-04-17 Exploit Author: @ThelastVvV Vendor Homepage: https://www.we-com.it/ Version: 2.0 Tested on: 5.5.0-kali1-amd64 --------------------------------------------------------- Vendor contact...

Slackware 14.0 / 14.1 / 14.2 / current : python (SSA:2019-293-01)

New python packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2019-293-01. The text itself is copyright C Slackware Linu...

S21SEC-011 - Multiple vulnerabilities in BEA WebLogic Server

ID: S21SEC-011-en Title: Multiple vulnerabilities in BEA WebLogic Server Date: 7/01/2003 Status: Patch published Scope: Remote command execution Platforms: Linux, Windows 2000, probably others Author: llmora Location: http://www.s21sec.com/en/avisos/s21sec-011-en.txt Release: Public S 2 1 S E C...