1365 matches found
EverShop SQL注入漏洞
EverShop is an open-source NodeJS e-commerce platform developed by EverShop. Versions of EverShop prior to 2.1.1 contained a SQL injection vulnerability. This vulnerability occurred when processing category updates and deletions, where the urlkey value was embedded into SQL statements through...
Authentication Bypass Using an Alternate Path or Channel
Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel in the UseRecoveryCode function, which fails to check the supplied userID before validating the second factor. A user in possession of the username and password of another user ca...
Authentication Bypass Using an Alternate Path or Channel
Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel in the UseRecoveryCode function, which fails to check the supplied userID before validating the second factor. A user in possession of the username and password of another user ca...
Authentication Bypass Using an Alternate Path or Channel
Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel in the UseRecoveryCode function, which fails to check the supplied userID before validating the second factor. A user in possession of the username and password of another user ca...
Authentication Bypass Using an Alternate Path or Channel
Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel in the UseRecoveryCode function, which fails to check the supplied userID before validating the second factor. A user in possession of the username and password of another user ca...
CVE-2025-68699
NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In version 0.24.6, NanoMQ has a protocol parsing / forwarding inconsistency when handling shared subscriptions $share/. A malformed SUBSCRIBE topic such as $share/ab missing the second / is not strictly validated during the...
Malicious code in gridifys (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 e5ce4a5dacaa769b90c359a5f03065f1d0418808b1ff366fe0d9cf6e21da4dd2 Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...
MAL-2026-732 Malicious code in gridifys (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 e5ce4a5dacaa769b90c359a5f03065f1d0418808b1ff366fe0d9cf6e21da4dd2 Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...
Malicious code in tabulapys (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f43be05d02e16c7d381e105a4eae9a2701039d29435e6d83cb982f607bda623d Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...
MAL-2026-698 Malicious code in tableshow (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4fe9c764b4cb621cdd65c3dee4c4cf00cc273aab33642ebce5690b3d5c8d71e1 Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...
Malicious code in tableapy (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 7adeff5bc226723e8e3241a36596e3e99094553770deda5e89ac8caf7c0e0f01 Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...
Malicious code in tabullates (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 499d47c3064299cb3d921b32ac9f22c2bab7b0b841b3de3a0cee3029625d5d26 Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005066)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005066 advisory. In the Linux kernel, the following vulnerability has been resolved: soc: qcom: llcc: Handle a second device without data corruption Usually there is only one llcc...
CVE-2026-22997
In the Linux kernel, the following vulnerability has been resolved: net: can: j1939: j1939xtprxrtssessionactive: deactivate session upon receiving the second rts Since j1939sessiondeactivateactivatenext in j1939tprxtimer is called only when the timer is enabled, we need to call...
UBUNTU-CVE-2026-23000
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix crash on profile change rollback failure mlx5enetdevchangeprofile can fail to attach a new profile and can fail to rollback to old profile, in such case, we could end up with a dangling netdev with a fully reset...
CVE-2026-22997
The CVE-2026-22997 issue affects the Linux kernel CAN/J1939 subsystem. The root cause is that j1939_session_deactivate_activate_next() is only invoked in j1939_tp_rxtimer() when the timer is enabled, allowing a refcount leak if the timer is cancelled without calling the function. This can lead to...
CVE-2026-22997 net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts
In the Linux kernel, the following vulnerability has been resolved: net: can: j1939: j1939xtprxrtssessionactive: deactivate session upon receiving the second rts Since j1939sessiondeactivateactivatenext in j1939tprxtimer is called only when the timer is enabled, we need to call...
Hibernate vulnerable to SQL Injection
A flaw was found in Hibernate. A remote attacker with low privileges could exploit a second-order SQL injection vulnerability by providing specially crafted, unsanitized non-alphanumeric characters in the ID column when the InlineIdsOrClauseBuilder is used. This could lead to sensitive informatio...
GHSA-2P5W-CVG5-GC5C Hibernate vulnerable to SQL Injection
A flaw was found in Hibernate. A remote attacker with low privileges could exploit a second-order SQL injection vulnerability by providing specially crafted, unsanitized non-alphanumeric characters in the ID column when the InlineIdsOrClauseBuilder is used. This could lead to sensitive informatio...
CVE-2026-0603
A flaw was found in Hibernate. A remote attacker with low privileges could exploit a second-order SQL injection vulnerability by providing specially crafted, unsanitized non-alphanumeric characters in the ID column when the InlineIdsOrClauseBuilder is used. This could lead to sensitive informatio...