20 matches found
CVE-2026-44628
CVE-2026-44628 corresponds to an OFFIS DCMTK Toolkit Type Confusion issue. An unauthenticated attacker can crash the worklist server by sending a single crafted query when the server has a valid Called AE Title/storage directory, the expected lockfile, and at least one matching worklist record. T...
CVE-2026-4580 code-projects Simple Laundry System Parameters checkupdatestatus.php sql injection
A security flaw has been discovered in code-projects Simple Laundry System 1.0. This impacts an unknown function of the file /checkupdatestatus.php of the component Parameters Handler. The manipulation of the argument serviceId results in sql injection. The attack can be executed remotely. The...
EUVD-2022-24869
Malicious code in bioql PyPI...
EUVD-2024-46028
Malicious code in bioql PyPI...
CVE-2025-58993
CVE-2025-58993 affects the WordPress Tutor LMS plugin (Themeum Tutor LMS) up to version 3.7.4. It is a SQL Injection vulnerability caused by improper neutralization of input in SQL queries. CVSS v3.1 base score 7.6 (HIGH) with network attack vector, no user interaction, and high confidentiality i...
CVE-2025-20262
A vulnerability in the Protocol Independent Multicast Version 6 PIM6 feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, low-privileged, remote attacker to trigger a crash of the PIM6 process, resulting in a denia...
CVE-2024-51473
IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query...
CVE-2024-52615
A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected...
PT-2024-35400
Name of the Vulnerable Software and Affected Versions Avahi-daemon affected versions not specified Description A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected. Recommendations ...
Fortinet FortiAnalyzer Input Validation Error Vulnerability
Fortinet FortiAnalyzer is a set of centralized network security reporting solutions from the U.S. company Fiat Fortinet. The product is mainly used to collect network log data, and through the reporting suite of security events in the log, network traffic, Web content, etc. to analyze, report,...
CVE-2022-42428
This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results from the lack of...
CVE-2023-28867
In GraphQL Java aka graphql-java before 20.1, an attacker can send a crafted GraphQL query that causes stack consumption. The fixed versions are 20.1, 19.4, 18.4, 17.5, and 0.0.0-2023-03-20T01-49-44-80e3135...
YouDianCMS SQL注入漏洞
YouDianCMS is a website CMS. YoudianCMS version v9.5.0 suffers from a SQL injection vulnerability, which originates from the id parameter at /App/Lib/Action/Admin/SiteAction.class.php that lacks validation of externally entered SQL statements. An attacker can exploit this vulnerability to execute...
CVE-2020-9500
Some products of Dahua have Denial of Service vulnerabilities. After the successful login of the legal account, the attacker sends a specific log query command, which may cause the device to go down...
WordPress InLinks Plugin SQL Injection Vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL server set up a personal blog site.InLinks plugin is one of the link creation plugin. A SQL injection vulnerability exists in WordPress InLinks plugin...
SQL Injection Vulnerability in UFIDA Financials /target/services/userInfoWeb?wsdl Page
UFIDA Financials is a financial management software. A SQL injection vulnerability exists in the UFIDA Financial System /target/services/userInfoWeb?wsdl page. An attacker can exploit the vulnerability to obtain database information...
openSUSE Security Update : vte (openSUSE-SU-2010:0404-1)
VTE was vulnerable to an old title set+query attack which could be used by remote attackers to execute arbitrary code CVE-2010-2713. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update vte-2729. T...
SuSE 11.1 Security Update : vte, vte-debuginfo, vte-debugsource, vte-devel, vte-doc, vte-lang (SAT Patch Number 2718)
This update fixes a vulnerability of VTE to an old title set and query attack which could be used by remote attackers to execute arbitrary code. CVE-2010-2713 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11...
Ibrahim Ã?AKICI - Okul Portal Haber_Oku.asp SQL Injection
Ibrahim Ã?AKICI - Okul Portal HaberOku.asp SQL Injection source: https://www.securityfocus.com/bid/24379/info Ibrahim Ã?AKICI Okul Portal is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploi...
ISC BIND < 8.1.2 Inverse-Query Remote Overflow (deprecated)
Binary data 1015.prm...