CVE-2026-48613

SQL injection vulnerability in phpBB profile field migration due to improper handling of user-supplied profile field data during migration, allowing execution of arbitrary SQL queries. Only applies to phpBB forums that had been updated from versions prior to phpBB 3.3.8 and have not been updated ...

CVE-2026-48613

SQL injection vulnerability in phpBB profile field migration due to improper handling of user-supplied profile field data during migration, allowing execution of arbitrary SQL queries. Only applies to phpBB forums that had been updated from versions prior to phpBB 3.3.8 and have not been updated ...

CVE-2026-41500 electerm has Command Injection Vulnerability via runMac function

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.3.8, a command injection vulnerability exists in github.com/elcterm/electerm/npm/install.js:150. The runMac function appends attacker-controlled remote releaseInfo.name directly into an...

Electerm 命令注入漏洞

Electerm is a SSH/SFTP client developed by ZXDong262 from China, based on Electron. Versions of Electerm prior to 3.3.8 contained a command injection vulnerability. This vulnerability stemmed from the runLinux function, which directly concatenated the remote version string controlled by the...

EUVD-2025-24832

Malicious code in bioql PyPI...

CVE-2025-27847

In ESPEC North America Web Controller 3 before 3.3.8, /api/v4/auth/ users session privileges are not revoked on logout...

LetoDMS suffers from multiple cross-site scripting vulnerabilities (CNVD-2017-35521)

LetoDMS formerly known as MyDMS is a set of PHP and MySQL development of Web-based open source document management system . Multiple cross-site scripting vulnerabilities exist in versions of LetoDMS prior to 3.3.8. Remote attackers can use the parameters in the inc/inc.ClassUI.php or...