112 matches found
CVE-2026-56282
Capgo before 12.128.2 has an information-disclosure vulnerability in the unauthenticated /replication endpoint that exposes internal PostgreSQL replication telemetry (e.g., replication slot names, confirmed_flush_lsn, restart_lsn) and database error messages. Access to this endpoint does not requ...
CVE-2026-56282
Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated /replication endpoint that exposes internal PostgreSQL replication telemetry including slot names and WAL LSN positions. Attackers can access this endpoint without authentication to retrieve sensitive...
CVE-2026-40996: Inbound WS-Security allows RSA PKCS#1 v1.5 key transport by default
Wss4jSecurityInterceptor defaulted allowRSA15KeyTransportAlgorithm to true , overriding Apache WSS4J’s safer default for validation RequestData . Inbound WS-Security decryption could therefore accept RSA PKCS1 v1.5 rsa-15 encrypted key material unless operators explicitly reconfigured the flag,...
CVE-2026-43442
A flaw was found in the Linux kernel's iouring subsystem. An incorrect bounds check for 128-byte Submission Queue Entry SQE operations, when IORINGSETUPSQEMIXED is used without IORINGSETUPNOSQARRAY, allows an unprivileged local user to remap logical SQE positions to arbitrary physical indices. Th...
SUSE CVE-2026-42483
A heap-based buffer overflow in the Kerberos hash parser in hashcat v7.1.2 allows an attacker to cause a denial of service or possibly execute arbitrary code via a crafted Kerberos hash file. The issue affects modulehashdecode in multiple Kerberos-related modules because accountinfolen is...
CVE-2026-6451 CMS für Motorrad Werkstätten <= 1.0.0 - Cross-Site Request Forgery
The cms-fuer-motorrad-werkstaetten plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.0.0. This is due to missing nonce validation on all eight AJAX deletion handlers: vehiclescfmwdvehicle, contactscfmwdcontact, supplierscfmwdsupplier,...
WordPress plugin cms-fuer-motorrad-werkstaetten 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...
SUSE CVE-2026-31418
In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: drop logically empty buckets in mtypedel mtypedel counts empty slots below n-pos in k, but it only drops the bucket when both n-pos and k are zero. This misses buckets whose live entries have all been removed...
Marginal 安全漏洞
Marginal is an asset trading platform developed by Marginal OpenSource. There is a security vulnerability in Marginal, which stems from the execution of insecure downcasting operations. This vulnerability could allow attackers to settle large debt positions at a negligible cost for assets...
Valkey 缓冲区错误漏洞
Valkey is a flexible distributed key-value database developed by Valkey OpenSource. Versions prior to Valkey 9.0.2, 8.1.6, 8.0.7, and 7.2.12 contain a buffer error vulnerability. This vulnerability arises from the lack of validation of extended data packet positions in the cluster bus data packet...
WordPress plugin Advanced Ads – Ad Manager & AdSense 访问控制错误漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2023-45378
In the module "PrestaBlog" prestablog version 4.4.7 and before from HDclic for PrestaShop, a guest can perform SQL injection. The script ajax sliderpositions.php has a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection...
EUVD-2025-29813
Malicious code in bioql PyPI...
CVE-2025-10617
A weakness has been identified in SourceCodester Online Polling System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/positions.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been made...
CVE-2025-10617
A weakness has been identified in SourceCodester Online Polling System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/positions.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been made...
CVE-2025-10617
A weakness has been identified in SourceCodester Online Polling System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/positions.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been made...
CVE-2025-10617
CVE-2025-10617 affects SourceCodester Online Polling System 1.0. The vulnerability is in the sensitive file /admin/positions.php , where manipulation of the ID argument leads to an SQL injection. The attack can be initiated remotely and, per sources, the exploit has been publicly released. Connec...
CVE-2025-10617 SourceCodester Online Polling System positions.php sql injection
A weakness has been identified in SourceCodester Online Polling System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/positions.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been made...
CVE-2025-10617 SourceCodester Online Polling System positions.php sql injection
A weakness has been identified in SourceCodester Online Polling System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/positions.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been made...
SourceCodester Online Polling System SQL注入漏洞
SourceCodester Online Polling System is a SourceCodester open source online polling system. A SQL injection vulnerability exists in SourceCodester Online Polling System version 1.0, which stems from incorrect manipulation of the parameter ID in the file /admin/positions.php, which could lead to a...