1706 matches found
SUSE CVE-2023-20593
An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information...
CVE-2026-0242 Trust Protection Foundation: SQL Injection Vulnerability
A SQL injection vulnerability in Trust Protection Foundation allows an authenticated attacker to execute arbitrary SQL commands against the product database. Successful exploitation could allow an attacker to read sensitive data, modify database contents, and escalate privileges to gain full...
EUVD-2026-29896
Successful exploitation of the SQL injection vulnerability could allow a remote authenticated attacker to execute arbitrary commands via a specific interface, potentially enabling the attacker to access, modify, or delete sensitive information within the database...
CVE-2026-6888
Successful exploitation of the SQL injection vulnerability could allow a remote authenticated attacker to execute arbitrary commands via a specific interface, potentially enabling the attacker to access, modify, or delete sensitive information within the database...
CVE-2025-46311
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2. An app may be able to access sensitive user data...
CVE-2026-34260 SQL injection vulnerability in SAP S/4HANA (SAP Enterprise Search for ABAP)
SAP S/4HANA SAP Enterprise Search for ABAP contains a SQL injection vulnerability that allows an authenticated attacker to inject malicious SQL statements through user-controlled input. The application directly concatenates this malicious user input into SQL queries, which are then passed to the...
EUVD-2026-29289
A race condition was addressed with additional validation. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An app may be able to access sensitive user data...
EUVD-2026-29268
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 26.5 and iPadOS 26.5, visionOS 26.5. An app may be able to access sensitive user data...
EUVD-2026-29213
An authorization issue was addressed with improved state management. This issue is fixed in macOS Tahoe 26.4. An app may be able to access sensitive user data...
CVE-2026-20193
Cisco Identity Services Engine (ISE) is affected by CVE-2026-20193 due to improper RBAC on the RADIUS Policy API endpoints. An authenticated, remote attacker with read-only Administrator privileges could bypass the web UI and call an affected endpoint to gain unauthorized read access to sensitive...
CVE-2026-41462
ProjeQtor versions 7.0 through 12.4.3 contain an unauthenticated SQL injection vulnerability in the login functionality where the login variable is directly concatenated into a SQL query without parameterization or sanitization. Attackers can inject arbitrary SQL expressions through the username...
Permissive Cross-domain Policy with Untrusted Domains
Overview copilot-api is a Turn GitHub Copilot into OpenAI/Anthropic API compatible server. Usable with Claude Code! Affected versions of this package are vulnerable to Permissive Cross-domain Policy with Untrusted Domains via the CORS policy combined with the unauthenticated /token endpoint. An...
CVE-2026-39110
SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 in the contactno parameter of the forgot password page forgot-password.php. This allows an unauthenticated attacker to manipulate backend SQL queries during authentication and retrieve...
Vulnerabilities in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of data - Accessing sensitive data - Execution of arbitrary code user privileges -...
EUVD-2026-22794
Adobe Framemaker versions 2022.8 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An attacker could leverage this vulnerability to access sensitive files or data on the system. Exploitation of this issue requires user interactio...
CVE-2026-30615
CVE-2026-30615 affects Windsurf 1.9544.26. The connected sources describe a prompt-injection vulnerability that occurs when Windsurf processes attacker-controlled HTML content, enabling remote command execution and manipulation of the local MCP configuration, including automatic registration of a...
SQL Injection
Overview krayin/laravel-crm is a hand tailored CRM framework built on some of the hottest opensource technologies such as Laravel a PHP framework and Vue.js a progressive Javascript framework. Affected versions of this package are vulnerable to SQL Injection via the rottenlead parameter in the...
SAMSUNG Mobile devices 安全漏洞
Samsung Mobile devices are a series of mobile devices produced by South Korea’s Samsung Corporation, including smartphones and tablets. There are security vulnerabilities in Samsung Mobile Devices, which stem from the leakage of sensitive information. This vulnerability may allow neighboring...
CVE-2026-35556 Plaintext storage of a password in OpenPLC_V3
OpenPLCV3 is vulnerable to a Plaintext Storage of a Password vulnerability that could allow an attacker to retrieve credentials and access sensitive information...
CVE-2026-35556
OpenPLCV3 is vulnerable to a Plaintext Storage of a Password vulnerability that could allow an attacker to retrieve credentials and access sensitive information...