731582 matches found
symfony/ux-live-component: XSS via attacker-controlled child component tag
Description Symfony\UX\LiveComponent\Util\ChildComponentPartialRenderer::createHtml interpolates the $childTag argument directly into the HTML output as a tag name, without escaping or validation. The value originates from client-controlled JSON childrenid.tag parsed by LiveComponentSubscriber an...
GHSA-38X5-RCV4-XF7X symfony/ux-live-component: XSS via attacker-controlled child component tag
Description Symfony\UX\LiveComponent\Util\ChildComponentPartialRenderer::createHtml interpolates the $childTag argument directly into the HTML output as a tag name, without escaping or validation. The value originates from client-controlled JSON childrenid.tag parsed by LiveComponentSubscriber an...
CVE-2026-48774 ProxySQL MCP run_sql_readonly executes side-effecting MySQL multi-statements despite read-only contract
ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In versions 3.0.0 through 3.0.8, ProxySQL's GenAI/MCP runsqlreadonly tool violates its documented read-only contract for MySQL targets. The tool validates only the full input string with a substring blacklist and first-keyword...
CVE-2026-48774 ProxySQL MCP run_sql_readonly executes side-effecting MySQL multi-statements despite read-only contract
ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In versions 3.0.0 through 3.0.8, ProxySQL's GenAI/MCP runsqlreadonly tool violates its documented read-only contract for MySQL targets. The tool validates only the full input string with a substring blacklist and first-keyword...
CVE-2026-48774
ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In versions 3.0.0 through 3.0.8, ProxySQL's GenAI/MCP runsqlreadonly tool violates its documented read-only contract for MySQL targets. The tool validates only the full input string with a substring blacklist and first-keyword...
CVE-2026-48774
Summary : ProxySQL 3.0.0–3.0.8 allows read-only requests to execute multi-statement backends, enabling unintended writes via the MCP run_sql_readonly tool. The input validator uses a blacklist/allowlist on the first statement, but then runs the full string against a backend connection created wit...
EUVD-2026-38075
ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In versions 3.0.0 through 3.0.8, ProxySQL's GenAI/MCP runsqlreadonly tool violates its documented read-only contract for MySQL targets. The tool validates only the full input string with a substring blacklist and first-keyword...
TypeORM: SQL Injection in UpdateQueryBuilder/SoftDeleteQueryBuilder orderBy (MySQL/MariaDB)
Impact Blind SQL injection vulnerability in UpdateQueryBuilder and SoftDeleteQueryBuilder affecting MySQL and MariaDB users. UpdateQueryBuilder and SoftDeleteQueryBuilder including their addOrderBy variants do not validate the order parameter against an allowlist of permitted values ASC/DESC. The...
GHSA-9GGV-8W38-R7PM TypeORM: SQL Injection in UpdateQueryBuilder/SoftDeleteQueryBuilder orderBy (MySQL/MariaDB)
Impact Blind SQL injection vulnerability in UpdateQueryBuilder and SoftDeleteQueryBuilder affecting MySQL and MariaDB users. UpdateQueryBuilder and SoftDeleteQueryBuilder including their addOrderBy variants do not validate the order parameter against an allowlist of permitted values ASC/DESC. The...
Joplin Plugin Persistence
This module installs a malicious Joplin plugin .jpl into the target's Joplin plugin directory. The plugin executes the payload each time Joplin is launched, providing persistent code execution. Joplin can not be running at the time of plugin installation, or it will be overwriten at shutdown. The...
cortex-plugin-hexstrike
Example Plugin Brief one-line description of what this plugin...
Unpatchable 'usbliter8' Exploit Breaks Apple A12 and A13 SecureROM Boot Chain
Security researchers at Paradigm Shift have published a working exploit, dubbed usbliter8 , that achieves arbitrary code execution inside the SecureROM of Apple's A12 and A13 chips. That code is burned into the silicon at manufacture. No software update can reach it. Affected devices will carry...
Hugo: XSS via unescaped code-fence language in default code block renderer
Hugo's default code-block renderer wrote the Markdown code-fence language / info-string into the wrapper without HTML escaping. A fence info-string containing a quote and a payload breaks out of the attribute and injects a live script element. This is not an issue if you fully trust every file...
GHSA-Q76J-GCG9-VXC6 Hugo: XSS via unescaped code-fence language in default code block renderer
Hugo's default code-block renderer wrote the Markdown code-fence language / info-string into the wrapper without HTML escaping. A fence info-string containing a quote and a payload breaks out of the attribute and injects a live script element. This is not an issue if you fully trust every file...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the default code block rendering. An attacker can execute arbitrary JavaScript in the context of users viewing generated pages by supplying a crafted code-fence language info-string containing malicious...
PhantomCommits-CTF
STS-PR-13: Code Review CTF — Writeups Writeups for STS-PR-1...
Security Bulletin: Vulnerabilities exists in IBM Netezza Software
Summary Vulnerabilities identified in IBM Netezza Software have been addressed in version 11.3.1.1. Vulnerability Details CVEID:CVE-2025-11226 DESCRIPTION: ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.18 in Java applications...
Security Bulletin: Vulnerabilities exists in IBM Netezza Software
Summary Vulnerabilities identified in IBM Netezza Software have been addressed in version 11.3.1.1. Vulnerability Details CVEID:CVE-2024-24786 DESCRIPTION: The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when...
CVE-2026-49260
PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.5.1, pontedilana/php-weasyprint builds the shell command for WeasyPrint by passing the binary path through escapeshellarg first and then checking the quoted result with isexecutable. On POSIX...
SUSE-SU-2026:22184-1 Security update for postgresql16
This update for postgresql16 fixes the following issues Security issues: - CVE-2026-6472: ensure the user has CREATE privilege on the schema specified bsc1265172. - CVE-2026-6473: integer overflows in memory-allocation calculations bsc1265173. - CVE-2026-6474: Guard against malicious time zone...