CVE-2026-33672

Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to a method injection vulnerability affecting the POSIXREGEXSOURCE object. Because the object inherits from Object.prototype, specially crafted POSIX bracket expressions e.g., :constructor: ca...

PT-2022-8648 · Mkcms · Mkcms

Name of the Vulnerable Software and Affected Versions: MKCMS version 6.2 Description: The issue is related to SQL injection. It occurs via the /ucenter/reg.php API endpoint, specifically through the name parameter. Recommendations: For MKCMS version 6.2, as a temporary workaround, consider...

PT-2019-14278 · Go · Gorm

Name of the Vulnerable Software and Affected Versions: GORM versions prior to 1.9.10 Description: The issue allows SQL injection via incomplete parentheses. It is noted that misusing GORM by passing untrusted user input where GORM expects trusted SQL fragments is a vulnerability in the applicatio...

PT-2018-9595 · Cebe · Cebe Markdown Parser

Name of the Vulnerable Software and Affected Versions: cebe markdown parser versions 1.2.0 and earlier Description: The issue allows a maliciously crafted script to be executed, potentially resulting in the loss of user data and sensitive user information. This can be exploited by crafting a thre...