PT-2026-6867

Summary A SQL Injection vulnerability exists in the ajax select.php endpoint when handling the componenti operation. An authenticated attacker can inject malicious SQL code through the optionsmatricola parameter. Proof of Concept Vulnerable Code File: modules/impianti/ajax/select.php:122-124 php...

sql-injection

SQL Injection Payloads List SQL Injection Payloads List...

Sleep Reveals the Nonce: Breaking ECDSA Using Sleep-Based Power Side-Channel Vulnerability

Security of Elliptic Curve Digital Signature Algorithm ECDSA depends on the secrecy of the per-signature nonce. Even partial nonce leakage can expose the long-term private key through lattice-based cryptanalysis. In this paper, we introduce a previously unexplored power side-channel vulnerability...

CVE-2020-36951

Phpscript-sgh 0.1.0 contains a time-based blind SQL injection vulnerability in the admin interface that allows attackers to manipulate database queries through the 'id' parameter. Attackers can exploit this vulnerability by crafting malicious payloads that trigger time delays, enabling them to...

PT-2026-4930

Name of the Vulnerable Software and Affected Versions Phpscript-sgh version 0.1.0 Description The software contains a time-based blind SQL injection issue in the admin interface. Attackers can manipulate database queries through the id parameter. Exploitation involves crafting malicious payloads...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005125)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005125 advisory. In the Linux kernel, the following vulnerability has been resolved: MIPS: cevt-r4k: Don't call getc0compareint if timer irq is installed This avoids warning: 0.11805...

CVE-2021-47801

Vianeos OctoPUS 5 contains a time-based blind SQL injection vulnerability in the 'loginuser' parameter during authentication requests. Attackers can exploit this vulnerability by crafting malicious POST requests with specially constructed SQL payloads that trigger database sleep functions to...

PT-2026-3172

Vianeos OctoPUS 5 contains a time-based blind SQL injection vulnerability in the 'login user' parameter during authentication requests. Attackers can exploit this vulnerability by crafting malicious POST requests with specially constructed SQL payloads that trigger database sleep functions to...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001726)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001726 advisory. There is a sleep-in-atomic bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kernel by simulating a nfc device from user-space. Tenable has...

MiracleLinux 3 : kernel-2.6.18-53.17AXS3 (AXSA:2009-02:01)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2009-02:01 advisory. The kernel package contains the Linux kernel vmlinuz, the core of any Linux operating system. The kernel handles the basic functions of the operating...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: reject duplicate device on updates CVE-2025-38678 In the Linux kernel, the following vulnerability has been resolved: mm/ksm: fix flag-dropping behavior in ksmmadvise CVE-2025-40040 In the Lin...

Fedora 42 : webkitgtk (2025-3e5ba4315a)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-3e5ba4315a advisory. Correctly handle the program name passed to the sleep disabler. Ensure GStreamer is initialized before using the Quirks. Fix several crashes and...

SUSE CVE-2023-54306

In the Linux kernel, the following vulnerability has been resolved: net: tls: avoid hanging tasks on the txlock syzbot sent a hung task report and Eric explains that adversarial receiver may keep RWIN at 0 for a long time, so we are not guaranteed to make forward progress. Thread which took txloc...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993094)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993094 advisory. In the Linux kernel, the following vulnerability has been resolved: clk: qcom: ipq8074: dont disable gccsleepclksrc Once the usb sleep clocks are disabled, clock...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992739)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992739 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/sec - don't sleep when in softirq When kunpeng920 encryption driver is used to...

EUVD-2023-60498

In the Linux kernel, the following vulnerability has been resolved: net: tls: avoid hanging tasks on the txlock syzbot sent a hung task report and Eric explains that adversarial receiver may keep RWIN at 0 for a long time, so we are not guaranteed to make forward progress. Thread which took txloc...

CVE-2023-54306

In the Linux kernel, the following vulnerability has been resolved: net: tls: avoid hanging tasks on the txlock syzbot sent a hung task report and Eric explains that adversarial receiver may keep RWIN at 0 for a long time, so we are not guaranteed to make forward progress. Thread which took txloc...

UBUNTU-CVE-2023-54306

In the Linux kernel, the following vulnerability has been resolved: net: tls: avoid hanging tasks on the txlock syzbot sent a hung task report and Eric explains that adversarial receiver may keep RWIN at 0 for a long time, so we are not guaranteed to make forward progress. Thread which took txloc...

CVE-2023-54306

In the Linux kernel, the following vulnerability has been resolved: net: tls: avoid hanging tasks on the txlock syzbot sent a hung task report and Eric explains that adversarial receiver may keep RWIN at 0 for a long time, so we are not guaranteed to make forward progress. Thread which took txloc...

CVE-2023-54306 net: tls: avoid hanging tasks on the tx_lock

In the Linux kernel, the following vulnerability has been resolved: net: tls: avoid hanging tasks on the txlock syzbot sent a hung task report and Eric explains that adversarial receiver may keep RWIN at 0 for a long time, so we are not guaranteed to make forward progress. Thread which took txloc...