apache-gravitino (>=1.2.0 <=1.2.1rc2), cloudquery-plugin-sdk (=0.1.52) +14 more potentially affected by CVE-2026-32274 via black (>=26.1.0 <=26.3.0)

black PYPI version =26.1.0, =1.2.0, =0.4.0, =0.2.2, =2.189.0, =0.12.0, =0.7.4, =0.8.0, =0.1.8, =2.54.8, =0.17.1, =1.2.1, =0.1.2, =0.1.3 and more Source cves: CVE-2026-32274 Source advisory: SNYK:PYTHON-BLACK-15518063...

PT-2026-1735

Name of the Vulnerable Software and Affected Versions Polkit versions prior to 0.69.0 Description A race condition exists in the Polkit authorization check. This issue, present in versions before 0.69.0, can lead to similar problems as those described in CVE-2025-66005. Polkit authentication is...

PT-2026-1852

Lack of authorization of the InputManager D-Bus interface in InputPlumber versions before v0.63.0 can lead to local Denial-of-Service, information leak or even privilege escalation in the context of the currently active user session...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection due to a particular API endpoint modification by authenticated backoffice users, which allows the inclusion and execution of arbitrary SQL commands without proper sanitization or validation. An attacker can manipulate...

GHSA-287F-46J7-J4WH Umbraco Workflow's Backoffice users can execute arbitrary SQL

Impact Backoffice users can execute arbitrary SQL. Explanation of the vulnerability A Backoffice user can modify requests to a particular API endpoint to include SQL which will be executed by the server. Affected versions All versions Patches Workflow 10.3.9, 12.2.6, 13.0.6, Plumber 10.1.2...

CVE-2024-32872

Umbraco workflow provides workflows for the Umbraco content management system. Prior to versions 10.3.9, 12.2.6, and 13.0.6, an Umbraco Backoffice user can modify requests to a particular API endpoint to include SQL, which will be executed by the server. Umbraco Workflow versions 10.3.9, 12.2.6,...

CVE-2024-32872 Umbraco Workflow's Backoffice users can execute arbitrary SQL

Umbraco workflow provides workflows for the Umbraco content management system. Prior to versions 10.3.9, 12.2.6, and 13.0.6, an Umbraco Backoffice user can modify requests to a particular API endpoint to include SQL, which will be executed by the server. Umbraco Workflow versions 10.3.9, 12.2.6,...

CVE-2024-32872

Umbraco Workflow (and Plumber) are affected by an SQL injection vulnerability where a Backoffice user can modify requests to a specific API endpoint to inject SQL that is executed on the server. Affected versions prior to fixed releases include Umbraco Workflow 10.3.9, 12.2.6, and 13.0.6, and Plu...

MAL-2022-3516 Malicious code in gulpplumkber (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bd47464aa52fd5f08a53251d7e1d15de115fd0de331656cc6d71a5f337f24d0d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

plumberbluemountains.com.au Cross Site Scripting vulnerability OBB-2835822

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Up (Ultimate Plumber) - Tool For Writing Linux Pipes With Instant Live Preview

up is the Ultimate Plumber , a tool for writing Linux pipes in a terminal-based UI interactively, with instant live preview of command results. The main goal of the Ultimate Plumber is to help interactively and incrementally explore textual data in Linux, by making it easier to quickly build...

Plumber Game - Customized SSL, Dangerous filesystem permissions, Insecure KeyStore vulnerabilities

HackApp vulnerability scanner discovered that application Plumber Game published at the 'play' market has multiple vulnerabilities...

Plumber - Customized SSL, Dangerous filesystem permissions, WebView SSL handling enabled vulnerabilities

HackApp vulnerability scanner discovered that application Plumber published at the 'play' market has multiple vulnerabilities...