1648 matches found
EUVD-2017-19007
Joomla Component Myportfolio 3.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the pid parameter. Attackers can send GET requests to index.php with malicious pid values in the task=project&view=grid...
CVE-2017-20280 Joomla Component Myportfolio 3.0.2 SQL Injection via pid Parameter
Joomla Component Myportfolio 3.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the pid parameter. Attackers can send GET requests to index.php with malicious pid values in the task=project&view=grid...
CVE-2017-20280
Joomla Component Myportfolio 3.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the pid parameter. Attackers can send GET requests to index.php with malicious pid values in the task=project&view=grid...
CVE-2017-20280
影
CVE-2026-48986
pamusb provides hardware authentication for Linux using removable media. In pamusb 0.9.1 and earlier, usbgetprocessparentid can cause an infinite loop DoS because it does not initialize ppid on failure. In pusblocallogin, the same variable is reused as input and output in a process-tree while loo...
PT-2026-50471
Name of the Vulnerable Software and Affected Versions chrome-devtools-mcp affected versions not specified Description On POSIX systems, specifically macOS and Linux sessions where the XDG RUNTIME DIR environment variable is unset, the daemon writes its PID file to a deterministic path in /tmp usi...
Pi-Hole Web 6.x < 6.4.2 (Core) Local Privilege Escalation (CVE-2026-41489)
According to its self-reported Core version, the Pi-Hole instance on the remote host is running a Core version between 6.0 and prior to 6.4.2. It is, therefore, affected by a local privilege escalation vulnerability: - Two shell scripts executed as root by systemd pihole-FTL-prestart.sh and...
CVE-2026-24067
Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes the XPC service com.slatedigital.connect.privileged.helper.tool2. The helper validates connecting XPC clients by obtaining the client's process identifier and...
CVE-2026-50564
CVE-2026-50564 concerns Fission’s Environment CRD prior to version 1.24.0, where spec.runtime.podSpec and spec.builder.podSpec were merged into runtime/builder pod specs without filtering. This allowed propagation of hostNetwork, hostPID, hostIPC, container privileged, and serviceAccountName from...
CVE-2026-24067
Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool (com.slatedigital.connect.privileged.helper.tool) that exposes the XPC service com.slatedigital.connect.privileged.helper.tool2. The root cause is a PID-based client validation that is vulnerable to a time-of-check time-of-u...
CVE-2026-24067 Slate Digital Connect macOS XPC PID validation privilege escalation
Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes the XPC service com.slatedigital.connect.privileged.helper.tool2. The helper validates connecting XPC clients by obtaining the client's process identifier and...
CVE-2026-24067 Slate Digital Connect macOS XPC PID validation privilege escalation
Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes the XPC service com.slatedigital.connect.privileged.helper.tool2. The helper validates connecting XPC clients by obtaining the client's process identifier and...
PT-2026-48401
Name of the Vulnerable Software and Affected Versions Slate Digital Connect version 1.37.0 Description The software installs a privileged helper tool, 'com.slatedigital.connect.privileged.helper.tool', which exposes the XPC service 'com.slatedigital.connect.privileged.helper.tool2'. The helper...
Fission 安全漏洞
Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.24.0 contain security vulnerabilities. These vulnerabilities arise from the exposure of spec.runtime.podSpec and spec.builder.podSpec in the Environment CRD during merging, without filterin...
CVE-2026-46295 KVM: x86: Do IRR scan in __kvm_apic_update_irr even if PIR is empty
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Do IRR scan in kvmapicupdateirr even if PIR is empty Fall back to apicfindhighestvector when PID.ON is set but PIR turns out to be empty, to correctly report the highest pending interrupt from the existing IRR. In a...
CVE-2025-60477
A NULL pointer dereference in the gffilterpidresolvefiletemplateex function /filtercore/filterpid.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted file...
CVE-2026-46259
In the Linux kernel, the following vulnerability has been resolved: procfs: fix missing RCU protection when reading realparent in dotaskstat When reading /proc/pid/stat, dotaskstat accesses task-realparent without proper RCU protection, which leads to: cpu 0 cpu 1 ----- ----- dotaskstat var =...
EUVD-2026-34121
In the Linux kernel, the following vulnerability has been resolved: procfs: fix missing RCU protection when reading realparent in dotaskstat When reading /proc/pid/stat, dotaskstat accesses task-realparent without proper RCU protection, which leads to: cpu 0 cpu 1 ----- ----- dotaskstat var =...
CVE-2025-60477
A NULL pointer dereference in the gffilterpidresolvefiletemplateex function /filtercore/filterpid.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted file...
CVE-2025-60477
A NULL pointer dereference in the gffilterpidresolvefiletemplateex function /filtercore/filterpid.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted file...