28872 matches found
CVE-2021-47853
...
CVE-2021-47853
phpPgAdmin 7.13.0 is affected by a remote command execution vulnerability described in Red Hat CVE-2021-47853, where an authenticated attacker can manipulate SQL queries to run arbitrary operating system commands via COPY FROM PROGRAM after creating a table and uploading a crafted .txt file. This...
EUVD-2026-3661
Hasura GraphQL 1.3.3 contains a remote code execution vulnerability that allows attackers to execute arbitrary shell commands through SQL query manipulation. Attackers can inject commands into the runsql endpoint by crafting malicious GraphQL queries that execute system commands through...
CVE-2021-47748 Hasura GraphQL 1.3.3 - Remote Code Execution
Hasura GraphQL 1.3.3 contains a remote code execution vulnerability that allows attackers to execute arbitrary shell commands through SQL query manipulation. Attackers can inject commands into the runsql endpoint by crafting malicious GraphQL queries that execute system commands through...
CVE-2021-47748
Hasura GraphQL 1.3.3 contains a remote code execution vulnerability that allows attackers to execute arbitrary shell commands through SQL query manipulation. Attackers can inject commands into the runsql endpoint by crafting malicious GraphQL queries that execute system commands through...
CVE-2021-47748 Hasura GraphQL 1.3.3 - Remote Code Execution
Hasura GraphQL 1.3.3 contains a remote code execution vulnerability that allows attackers to execute arbitrary shell commands through SQL query manipulation. Attackers can inject commands into the runsql endpoint by crafting malicious GraphQL queries that execute system commands through...
CVE-2021-47748
CVE-2021-47748 concerns Hasura GraphQL 1.3.3, describing a remote code execution via SQL query manipulation. Attackers can inject commands into the run_sql endpoint, leveraging PostgreSQL COPY FROM PROGRAM to execute system commands. Connected sources corroborate the RCE vector and affected compo...
PT-2026-3821
Brother BRAdmin Professional 3.75 contains an unquoted service path vulnerability in the BRA Scheduler service that allows local users to potentially execute arbitrary code. Attackers can place a malicious executable named 'BRAdmin' in the C:Program Files x86Brother directory to gain local system...
PT-2026-3806
Name of the Vulnerable Software and Affected Versions phpPgAdmin version 7.13.0 Description An authenticated attacker can execute arbitrary system commands through SQL query manipulation. This is achieved by creating a custom table, uploading a malicious .txt file, and utilizing the COPY FROM...
ROS-20260120-7335
A vulnerability in the bpfprogram function of the driver drivers/net/ppp/pppgeneric.c of the Linux kernel is related to the use of an uninitialized pointer. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
MiracleLinux 9 : firefox-102.15.0-1.el9.ML.1 (AXSA:2023-6389:32)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6389:32 advisory. Mozilla: Memory corruption in IPC CanvasTranslator CVE-2023-4573 Mozilla: Memory corruption in IPC ColorPickerShownCallback CVE-2023-4574 Mozilla:...
100,000 WordPress Sites Affected by Privilege Escalation Vulnerability in Advanced Custom Fields: Extended WordPress Plugin
On December 10th, 2025, we received a submission for a Privilege Escalation vulnerability in Advanced Custom Fields: Extended, a WordPress plugin with more than 100,000+ active installations. This vulnerability makes it possible for an unauthenticated attacker to grant themselves administrative...
CVE-2025-14235
Buffer overflow in XPS font fpgm data processing on Small Office Multifunction Printers and Laser Printers which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. : Satera LBP670C Series/Satera MF750C Series firmware v06....
CVE-2021-47807
Sync Breeze 13.6.18 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in service binaries located in 'Program Files' directories to inject malicious...
CVE-2021-47807
Sync Breeze 13.6.18 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in service binaries located in 'Program Files' directories to inject malicious...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004124)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004124 advisory. A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001565)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001565 advisory. In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attac...
CVE-2021-47810
WibuKey Runtime 6.51 contains an unquoted service path vulnerability in the WkSvW32.exe service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\PROGRAM FILES X86\WIBUKEY\SERVER\WkSvW32.exe' to inject malicious executables and...
CVE-2021-47807 Sync Breeze 13.6.18 - 'Multiple' Unquoted Service Path
Sync Breeze 13.6.18 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in service binaries located in 'Program Files' directories to inject malicious...
CVE-2021-47807
Sync Breeze 13.6.18 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in service binaries located in 'Program Files' directories to inject malicious...