1369 matches found
UBUNTU-CVE-2026-23275
In the Linux kernel, the following vulnerability has been resolved: iouring: ensure ctx-rings is stable for task work flags manipulation If DEFERTASKRUN | SETUPTASKRUN is used and task work is added while the ring is being resized, it's possible for the OR'ing of IORINGSQTASKRUN to happen in the...
DoJ Disrupts 3 Million-Device IoT Botnets Behind Record 31.4 Tbps Global DDoS Attacks
The U.S. Department of Justice DoJ on Thursday announced the disruption of command-and-control C2 infrastructure used by several Internet of Things IoT botnets like AISURU, Kimwolf, JackSkid, and Mossad as part of a court-authorized law enforcement operation. The effort also saw authorities from...
CVE-2026-32813
Admidio is an open-source user management solution. Versions 5.0.6 and below are vulnerable to arbitrary SQL Injection through the MyList configuration feature. The MyList configuration feature lets authenticated users define custom list column layouts, storing user-supplied column names, sort...
CVE-2026-32813 Admidio: Second-Order SQL Injection via List Configuration (lsc_special_field, lsc_sort, lsc_filter)
Admidio is an open-source user management solution. Versions 5.0.6 and below are vulnerable to arbitrary SQL Injection through the MyList configuration feature. The MyList configuration feature lets authenticated users define custom list column layouts, storing user-supplied column names, sort...
CVE-2026-32813 Admidio: Second-Order SQL Injection via List Configuration (lsc_special_field, lsc_sort, lsc_filter)
Admidio is an open-source user management solution. Versions 5.0.6 and below are vulnerable to arbitrary SQL Injection through the MyList configuration feature. The MyList configuration feature lets authenticated users define custom list column layouts, storing user-supplied column names, sort...
CVE-2026-32813
Admidio is an open-source user management solution. Versions 5.0.6 and below are vulnerable to arbitrary SQL Injection through the MyList configuration feature. The MyList configuration feature lets authenticated users define custom list column layouts, storing user-supplied column names, sort...
CVE-2026-32813 Admidio: Second-Order SQL Injection via List Configuration (lsc_special_field, lsc_sort, lsc_filter)
Admidio is an open-source user management solution. Versions 5.0.6 and below are vulnerable to arbitrary SQL Injection through the MyList configuration feature. The MyList configuration feature lets authenticated users define custom list column layouts, storing user-supplied column names, sort...
CVE-2026-32813
Admidio CVE-2026-32813 describes a second-order SQL injection in the MyList configuration feature. Versions 5.0.6 and earlier store user-supplied column names, sort directions, and filter conditions in adm_list_columns via prepared statements (safe write), but read these values back and interpola...
Textpattern CMS 安全漏洞
Textpattern CMS is a content management system based on PHP developed by the Textpattern team. Version 4.9.0 of Textpattern CMS has a security vulnerability, which stems from improper user input handling in the Atom feed XML elements. This vulnerability could lead to second-degree cross-site...
CVE-2026-29096
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, when creating or editing a report AORReports module, the fieldfunction parameter from POST data is saved directly into the aorfields table without any...
CVE-2026-29096 SuiteCRM vulnerable to Authenticated SQL Injection via unsanitized field_function in Report Fields
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, when creating or editing a report AORReports module, the fieldfunction parameter from POST data is saved directly into the aorfields table without any...
EUVD-2026-13351
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, when creating or editing a report AORReports module, the fieldfunction parameter from POST data is saved directly into the aorfields table without any...
CVE-2026-29096
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, when creating or editing a report AORReports module, the fieldfunction parameter from POST data is saved directly into the aorfields table without any...
CVE-2026-29096 SuiteCRM vulnerable to Authenticated SQL Injection via unsanitized field_function in Report Fields
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, when creating or editing a report AORReports module, the fieldfunction parameter from POST data is saved directly into the aorfields table without any...
PT-2026-26430
Name of the Vulnerable Software and Affected Versions SuiteCRM versions prior to 7.15.1 SuiteCRM versions prior to 8.9.3 Description SuiteCRM is an open-source Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, the field function parameter received...
org.hibernate/hibernate-core: Hibernate: Information disclosure and data deletion via second-order SQL injection
A flaw was found in Hibernate. A remote attacker with low privileges could exploit a second-order SQL injection vulnerability by providing specially crafted, unsanitized non-alphanumeric characters in the ID column when the InlineIdsOrClauseBuilder is used. This could lead to sensitive informatio...
org.hibernate/hibernate-core: Hibernate: Information disclosure and data deletion via second-order SQL injection
A flaw was found in Hibernate. A remote attacker with low privileges could exploit a second-order SQL injection vulnerability by providing specially crafted, unsanitized non-alphanumeric characters in the ID column when the InlineIdsOrClauseBuilder is used. This could lead to sensitive informatio...
org.hibernate/hibernate-core: Hibernate: Information disclosure and data deletion via second-order SQL injection
A flaw was found in Hibernate. A remote attacker with low privileges could exploit a second-order SQL injection vulnerability by providing specially crafted, unsanitized non-alphanumeric characters in the ID column when the InlineIdsOrClauseBuilder is used. This could lead to sensitive informatio...
org.hibernate/hibernate-core: Hibernate: Information disclosure and data deletion via second-order SQL injection
A flaw was found in Hibernate. A remote attacker with low privileges could exploit a second-order SQL injection vulnerability by providing specially crafted, unsanitized non-alphanumeric characters in the ID column when the InlineIdsOrClauseBuilder is used. This could lead to sensitive informatio...
Curl 7.33.0 < 8.19.0 Token Leak with Redirect and Netrc
The version of curl installed on the remote host is 7.33.0 prior to 8.19.0. It is, therefore, affected by a token leak with redirect and netrc vulnerability: - When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a redirect to a second URL, curl could leak that...