CVE-2026-5806

A security vulnerability has been detected in code-projects Easy Blog Site 1.0. This affects an unknown function of the file /posts/update.php. The manipulation of the argument postTitle leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed publicly a...

CVE-2026-4573 SourceCodester Simple E-learning System HTTP GET Parameter delete_post.php sql injection

A security vulnerability has been detected in SourceCodester Simple E-learning System 1.0. This affects an unknown part of the file /includes/formhandlers/deletepost.php of the component HTTP GET Parameter Handler. The manipulation of the argument postid leads to sql injection. It is possible to...

EUVD-2022-1904

Malicious code in bioql PyPI...

CVE-2022-41193

Due to lack of proper memory management, when a victim opens a manipulated Encapsulated Post Script .eps, ai.x3d file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based...

CVE-2022-32238

When a user opens manipulated Encapsulated Post Script .eps, ai.x3d files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application...

CVE-2023-32190

mlocate's %post script allows RUNUPDATEDBAS user to make arbitrary files world readable by abusing insecure file operations that run with root privileges...

UBUNTU-CVE-2023-32190

mlocate's %post script allows RUNUPDATEDBAS user to make arbitrary files world readable by abusing insecure file operations that run with root privileges...

CVE-2023-32190 mlocate's %post script allows RUN_UPDATEDB_AS user to make arbitrary files world readable

mlocate's %post script allows RUNUPDATEDBAS user to make arbitrary files world readable by abusing insecure file operations that run with root privileges...

CVE-2023-32190

mlocate's %post script allows RUNUPDATEDBAS user to make arbitrary files world readable by abusing insecure file operations that run with root privileges...

CVE-2023-32190

CVE-2023-32190 affects the mlocate package (notably OpenSUSE-derived distributions). The vulnerability stems from an insecure chmod/permissions handling in the %post script, allowing a local attacker to abuse root-run file operations to make arbitrary files world-readable. Impact is localized to ...

SUSE: Security Advisory (SUSE-SU-2023:4672-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Moderate: Red Hat Security Advisory: java-17-openjdk security and bug fix update

An update for java-17-openjdk is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Millhouse-Project SQL注入漏洞

Millhouse-Project is a blog page for the individual developer Thérèse Scott Rossi. A security vulnerability exists in Millhouse-Project version 1.414, which stems from a Remote Code Execution RCE vulnerability in component/addpostsql.php...

PT-2023-25814 · Unknown · Millhouse-Project

Name of the Vulnerable Software and Affected Versions: Millhouse-Project version 1.414 Description: A remote code execution issue was found in the component /add post sql.php, allowing for potential code execution. Recommendations: For Millhouse-Project version 1.414, consider restricting access ...

VulnCheck KEV: CVE-2014-4725

The MailPoet Newsletters wysija-newsletters plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/themes/mailp/...

PT-2022-25716 · Sap · Sap 3D Visual Enterprise Viewer

Name of the Vulnerable Software and Affected Versions: SAP 3D Visual Enterprise Viewer version 9 Description: The issue arises due to improper memory management. When a victim opens a manipulated Encapsulated Post Script .eps, ai.x3d file from untrusted sources, it can trigger Remote Code...

CVE-2022-32238

When a user opens manipulated Encapsulated Post Script .eps, ai.x3d files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application...

Design/Logic Flaw

When a user opens manipulated Encapsulated Post Script .eps, ai.x3d files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application...

GHSA-24W5-W6FW-QQX7 Jenkins Global Post Script Plugin missing permission check

Jenkins Global Post Script Plugin does not perform permission checks on a method implementing form validation. This allows users with Overall/Read permission to list the files contained in $JENKINSHOME/global-post-script that can be used by the plugin...

Jenkins Global Post Script Plugin missing permission check

Jenkins Global Post Script Plugin does not perform permission checks on a method implementing form validation. This allows users with Overall/Read permission to list the files contained in $JENKINSHOME/global-post-script that can be used by the plugin...