GHSA-76W8-MQX4-WJRF Doctrine DBAL SQL injection possibility

The identifier quoting in Doctrine DBAL has a potential security problem when user-input is passed into this function, making the security aspect of this functionality obsolete. If you make use of AbstractPlatform::quoteIdentifier or Doctrine::quoteIdentifier please upgrade immediately. The ORM...

Doctrine DBAL SQL injection possibility

The identifier quoting in Doctrine DBAL has a potential security problem when user-input is passed into this function, making the security aspect of this functionality obsolete. If you make use of AbstractPlatform::quoteIdentifier or Doctrine::quoteIdentifier please upgrade immediately. The ORM...

CVE-2021-32026

CVE-2021-32026 affects the NATS server (nats-server) prior to version 2.2.3. The issue arises when TLS parameters are supplied via CLI flags, which overrides the default restricted ciphersuite settings and allows negotiation of all ciphersuites supported by Go. The documented impact is potential ...

CVE-2023-33327

CVE-2023-33327 refers to a high-severity Privilege Escalation in the WordPress Leyka plugin (versions

CVE-2024-27281

CVE-2024-27281 affects Ruby/RDoc: parsing .rdoc_options as YAML allows object injection and remote code execution due to unrestrained class restoration (and also if a crafted cache is loaded). Affected RDoc versions are 6.3.3–6.6.2; fixed in RDoc 6.6.3.1 (and vendor-specific bumps: Ruby 3.0 users...

CVE-2024-27280

CVE-2024-27280 describes a buffer-overread in StringIO. The ungetbyte/ungetc methods can read past end, causing StringIO.gets to return memory values. Affected: Ruby 3.0.x up to 3.0.6 and 3.1.x up to 3.1.4; fixed in Ruby 3.0.x by stringio 3.0.1.1 for 3.0 users, and in Ruby 3.1.x by stringio 3.0.1...

CVE-2023-41651

CVE-2023-41651 corresponds to a WordPress plugin vulnerability in the Multi-column Tag Map plugin (versions

CVE-2024-0042

Technical details are not publicly available in the provided documents. No affected products/versions or remediation specifics are listed. Monitor for updates.

CVE-2024-0027

The CVE-2024-0027 issue affects Google Android’s SnoozeHelper.java, where multiple methods can exhaust resources and cause a local boot loop/denial of service. Vulnerability details across connected sources consistently describe a DoS resulting from resource exhaustion with no extra privileges an...

CVE-2024-0022

CVE-2024-0022 affects Android’s CompanionDeviceManagerService.java. The issue is improper input validation that can cause a NotificationAccessConfirmationActivity to be launched for another user profile, enabling local information disclosure without extra privileges and without user interaction. ...

CVE-2024-23694

CVE-2024-23694 is an Android Bluetooth elevation-of-privilege issue reported in Pixel/Android bulletins. The connected OSV entry details a use-after-free in a paired Bluetooth LE audio device that can enable code execution with no user interaction, on affected Pixel and non-Pixel Android devices....

CVE-2023-31234

CVE-2023-31234: Tilda Publishing WordPress plugin

CVE-2024-23703

CVE-2024-23703 is reported in the Wear OS Security Bulletin (May 2024) with a local elevation of privilege (EoP) in the Framework component, rated High. The issue could allow a malicious app to escalate privileges with no additional execution privileges. Details in the bulletin indicate the full ...

CVE-2024-23702

CVE-2024-23702 is listed in the Wear OS/MAY 2024 bulletin as an Elevation of Privilege issue within the Framework component, enabling local privilege escalation by a malicious app with no extra execution privileges needed. The vulnerability is part of the 2024-05-01 patch level addressed in the W...

CVE-2024-23701

CVE-2024-23701 affects Wear OS (Framework component) and is listed in the May 2024 Wear OS Security Bulletin as a local escalation of privilege (EoP) vulnerability that can be exploited by a malicious app with no additional execution privileges required. The issue is classified as High severity. ...

CVE-2024-23700

CVE-2024-23700 is referenced in a Wear OS security bulletin as a Framework‑level vulnerability that could enable local privilege escalation by a malicious app with no extra privileges. PT-2026-3764 notes a PoC and claims the exploit can silently obtain permissions to read/write contacts, SMS, cal...

CVE-2023-27281

CVE-2023-27281 is impactfully documented in IBM’s bulletin for IBM Aspera Orchestrator 4.0.1, where the vulnerability manifests as observable response discrepancies that could allow a remote attacker to enumerate usernames. The connected IBM doc confirms affected product/version and describes the...

CVE-2023-27280

IBM Aspera Orchestrator 4.0.1 is affected by CVE-2023-27280, where weaker-than-expected cryptographic algorithms could allow an attacker to decrypt sensitive information. The IBM security bulletin for CVEs 2023-27280/27283/27281 states impact on 4.0.1 and recommends upgrading to 4.0.1 PL2 (Linux)...

CVE-2024-26321

CVE-2024-26321 pertains to vulnerabilities in ownCloud as documented by a pending CVE placeholder linked to real fixes. The connected advisory indicates an Authentication Bypass Using Pre-signed URLs in ownCloud, where improper validation may allow an attacker to bypass authentication and access ...

CVE-2024-26320

CVE-2024-26320 is linked to a vulnerability in ownCloud prior to 10.13.3, described in OpenVAS as an improper input validation issue. The connected advisories indicate related problems including a Denial of Service in the Comments API and potential authentication bypass; remediation is available ...