1361 matches found
CVE-2026-23460
In the Linux kernel, the following vulnerability has been resolved: net/rose: fix NULL pointer dereference in rosetransmitlink on reconnect syzkaller reported a bug 1, and the reproducer is available at 2. ROSE sockets use four sk-skstate values: TCPCLOSE, TCPLISTEN, TCPSYNSENT, and TCPESTABLISHE...
Focalboard doesn't sanitize category IDs before incorporating them into dynamic SQL statements
UNSUPPORTED WHEN ASSIGNED Focalboard version 8.0 fails to sanitize category IDs before incorporating them into dynamic SQL statements when reordering categories. An attacker can inject a malicious SQL payload into the category id field, which is stored in the database and later executed unsanitiz...
EUVD-2026-18651
UNSUPPORTED WHEN ASSIGNED Focalboard version 8.0 fails to sanitize category IDs before incorporating them into dynamic SQL statements when reordering categories. An attacker can inject a malicious SQL payload into the category id field, which is stored in the database and later executed unsanitiz...
GHSA-P32Q-V29X-WQ9R Focalboard doesn't sanitize category IDs before incorporating them into dynamic SQL statements
UNSUPPORTED WHEN ASSIGNED Focalboard version 8.0 fails to sanitize category IDs before incorporating them into dynamic SQL statements when reordering categories. An attacker can inject a malicious SQL payload into the category id field, which is stored in the database and later executed unsanitiz...
CVE-2026-23460
In the Linux kernel, the following vulnerability has been resolved: net/rose: fix NULL pointer dereference in rosetransmitlink on reconnect syzkaller reported a bug 1, and the reproducer is available at 2. ROSE sockets use four sk-skstate values: TCPCLOSE, TCPLISTEN, TCPSYNSENT, and TCPESTABLISHE...
CVE-2026-25773
UNSUPPORTED WHEN ASSIGNED Focalboard version 8.0 fails to sanitize category IDs before incorporating them into dynamic SQL statements when reordering categories. An attacker can inject a malicious SQL payload into the category id field, which is stored in the database and later executed unsanitiz...
CVE-2026-25773 Focalboard Second-Order SQL Injection in category reorder endpoint allows data exfiltration (unsupported product, no fix)
UNSUPPORTED WHEN ASSIGNED Focalboard version 8.0 fails to sanitize category IDs before incorporating them into dynamic SQL statements when reordering categories. An attacker can inject a malicious SQL payload into the category id field, which is stored in the database and later executed unsanitiz...
CVE-2026-25773 Focalboard Second-Order SQL Injection in category reorder endpoint allows data exfiltration (unsupported product, no fix)
UNSUPPORTED WHEN ASSIGNED Focalboard version 8.0 fails to sanitize category IDs before incorporating them into dynamic SQL statements when reordering categories. An attacker can inject a malicious SQL payload into the category id field, which is stored in the database and later executed unsanitiz...
CVE-2026-25773
UNSUPPORTED WHEN ASSIGNED Focalboard version 8.0 fails to sanitize category IDs before incorporating them into dynamic SQL statements when reordering categories. An attacker can inject a malicious SQL payload into the category id field, which is stored in the database and later executed unsanitiz...
CVE-2026-25773
CVE-2026-25773 — Focalboard 8.0 Second-Order SQL Injection in category reorder : The vulnerability arises from insufficient sanitization of category IDs used in dynamic SQL during category reordering. An authenticated attacker can store a malicious SQL payload in the category ID field, which is l...
CVE-2026-29132
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker with access to a victim's GINA account to bypass a second-password check and read protected emails...
Better Auth Has Two-Factor Authentication Bypass via Premature Session Caching (session.cookieCache)
Summary Under certain configurations, sessions may be considered valid before two-factor authentication 2FA is fully completed. This can allow access to authenticated routes without verifying the second factor. --- Description When two-factor authentication is enabled, the authentication flow...
Out-of-bounds Read
Overview electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Out-of-bounds Read in the second-instance event handler when parsing a crafted second-instance message via the...
GHSA-3C8V-CFP5-9885 Electron: Out-of-bounds read in second-instance IPC on macOS and Linux
Impact On macOS and Linux, apps that call app.requestSingleInstanceLock were vulnerable to an out-of-bounds heap read when parsing a crafted second-instance message. Leaked memory could be delivered to the app's second-instance event handler. This issue is limited to processes running as the same...
Electron: Out-of-bounds read in second-instance IPC on macOS and Linux
Impact On macOS and Linux, apps that call app.requestSingleInstanceLock were vulnerable to an out-of-bounds heap read when parsing a crafted second-instance message. Leaked memory could be delivered to the app's second-instance event handler. This issue is limited to processes running as the same...
EUVD-2026-18951
Electron: Out-of-bounds read in second-instance IPC on macOS and Linux...
PT-2026-30006
Impact On macOS and Linux, apps that call app.requestSingleInstanceLock were vulnerable to an out-of-bounds heap read when parsing a crafted second-instance message. Leaked memory could be delivered to the app's second-instance event handler. This issue is limited to processes running as the same...
PT-2026-30041
Name of the Vulnerable Software and Affected Versions Focalboard version 8.0 Description Focalboard version 8.0 does not properly sanitize category IDs before using them in SQL queries when reordering categories. This can allow an attacker to inject malicious SQL code into the category ID field,...
GO-2026-4914 Fleet's Apple MDM profile delivery has second-order SQL Injection that can compromise the database in github.com/fleetdm/fleet
Fleet's Apple MDM profile delivery has second-order SQL Injection that can compromise the database in github.com/fleetdm/fleet...
EUVD-2026-18144
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker with access to a victim's GINA account to bypass a second-password check and read protected emails...