108 matches found
CVE-2026-43442
A flaw was found in the Linux kernel's iouring subsystem. An incorrect bounds check for 128-byte Submission Queue Entry SQE operations, when IORINGSETUPSQEMIXED is used without IORINGSETUPNOSQARRAY, allows an unprivileged local user to remap logical SQE positions to arbitrary physical indices. Th...
SUSE CVE-2026-42483
A heap-based buffer overflow in the Kerberos hash parser in hashcat v7.1.2 allows an attacker to cause a denial of service or possibly execute arbitrary code via a crafted Kerberos hash file. The issue affects modulehashdecode in multiple Kerberos-related modules because accountinfolen is...
CVE-2026-6451 CMS für Motorrad Werkstätten <= 1.0.0 - Cross-Site Request Forgery
The cms-fuer-motorrad-werkstaetten plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.0.0. This is due to missing nonce validation on all eight AJAX deletion handlers: vehiclescfmwdvehicle, contactscfmwdcontact, supplierscfmwdsupplier,...
WordPress plugin cms-fuer-motorrad-werkstaetten 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...
SUSE CVE-2026-31418
In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: drop logically empty buckets in mtypedel mtypedel counts empty slots below n-pos in k, but it only drops the bucket when both n-pos and k are zero. This misses buckets whose live entries have all been removed...
Marginal 安全漏洞
Marginal is an asset trading platform developed by Marginal OpenSource. There is a security vulnerability in Marginal, which stems from the execution of insecure downcasting operations. This vulnerability could allow attackers to settle large debt positions at a negligible cost for assets...
Valkey 缓冲区错误漏洞
Valkey is a flexible distributed key-value database developed by Valkey OpenSource. Versions prior to Valkey 9.0.2, 8.1.6, 8.0.7, and 7.2.12 contain a buffer error vulnerability. This vulnerability arises from the lack of validation of extended data packet positions in the cluster bus data packet...
WordPress plugin Advanced Ads – Ad Manager & AdSense 访问控制错误漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2023-45378
In the module "PrestaBlog" prestablog version 4.4.7 and before from HDclic for PrestaShop, a guest can perform SQL injection. The script ajax sliderpositions.php has a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection...
EUVD-2025-29813
Malicious code in bioql PyPI...
CVE-2025-10617
A weakness has been identified in SourceCodester Online Polling System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/positions.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been made...
CVE-2025-10617
A weakness has been identified in SourceCodester Online Polling System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/positions.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been made...
CVE-2025-10617
A weakness has been identified in SourceCodester Online Polling System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/positions.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been made...
CVE-2025-10617
CVE-2025-10617 affects SourceCodester Online Polling System 1.0. The vulnerability is in the sensitive file /admin/positions.php , where manipulation of the ID argument leads to an SQL injection. The attack can be initiated remotely and, per sources, the exploit has been publicly released. Connec...
CVE-2025-10617 SourceCodester Online Polling System positions.php sql injection
A weakness has been identified in SourceCodester Online Polling System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/positions.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been made...
CVE-2025-10617 SourceCodester Online Polling System positions.php sql injection
A weakness has been identified in SourceCodester Online Polling System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/positions.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been made...
SourceCodester Online Polling System SQL注入漏洞
SourceCodester Online Polling System is a SourceCodester open source online polling system. A SQL injection vulnerability exists in SourceCodester Online Polling System version 1.0, which stems from incorrect manipulation of the parameter ID in the file /admin/positions.php, which could lead to a...
PT-2025-38276
Name of the Vulnerable Software and Affected Versions: SourceCodester Online Polling System version 1.0 Description: A weakness exists in SourceCodester Online Polling System 1.0 related to SQL injection within the /admin/positions.php file. Manipulation of the ID argument can trigger this issue,...
CVE-2025-9627 Run Log <= 1.7.10 - Cross-Site Request Forgery to Settings Update
The Run Log plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.10. This is due to missing or incorrect nonce validation on the oirlpluginoptions function. This makes it possible for unauthenticated attackers to modify plugin settings includi...
MAL-2025-7959 Malicious code in @frozen-team-qa/positions-service (npm)
The package @frozen-team-qa/positions-service was found to contain malicious code...