Net::IMAP: Command Injection via non-synchronizing literal in "raw" argument

Several Net::IMAP commands accept a "raw data" argument that is sent verbatim after validation to prevent command injection. However, if a server does not support non-synchronizing literals, it may still be possible to inject arbitrary IMAP commands inside non-synchronizing literals. Details Raw...

CVE-2026-33142

OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.34, the fix for CVE-2026-32306 ClickHouse SQL injection via aggregate query parameters added column name validation to the aggregateBy method but did not apply the same validation to three other query...

CVE-2026-33142 OneUptime: ClickHouse SQL Injection via unvalidated column identifiers in sort, select, and groupBy parameters

OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.34, the fix for CVE-2026-32306 ClickHouse SQL injection via aggregate query parameters added column name validation to the aggregateBy method but did not apply the same validation to three other query...

CVE-2026-33025

AVideo is a video-sharing Platform. Versions prior to 8.0 contain a SQL Injection vulnerability in the getSqlFromPost method of Object.php. The $POST'sort' array keys are used directly as SQL column identifiers inside an ORDER BY clause. Although realescapestring was applied, it only escapes...

CVE-2026-33025

AVideo is a video-sharing Platform. Versions prior to 8.0 contain a SQL Injection vulnerability in the getSqlFromPost method of Object.php. The $POST'sort' array keys are used directly as SQL column identifiers inside an ORDER BY clause. Although realescapestring was applied, it only escapes...

CVE-2026-33025 AVideo-Encoder is Vulnerable to Authenticated SQL Injection via ORDER BY Clause

AVideo is a video-sharing Platform. Versions prior to 8.0 contain a SQL Injection vulnerability in the getSqlFromPost method of Object.php. The $POST'sort' array keys are used directly as SQL column identifiers inside an ORDER BY clause. Although realescapestring was applied, it only escapes...

CVE-2026-33025

AVideo versions before 8.0 are affected by a SQL injection in getSqlFromPost() in Object.php, where $_POST['sort'] keys are used directly as ORDER BY identifiers. Although real_escape_string() is applied, it only escapes string-context chars and does not protect SQL identifiers. The issue is fixe...

EUVD-2026-13559

AVideo is a video-sharing Platform. Versions prior to 8.0 contain a SQL Injection vulnerability in the getSqlFromPost method of Object.php. The $POST'sort' array keys are used directly as SQL column identifiers inside an ORDER BY clause. Although realescapestring was applied, it only escapes...

GHSA-GCG3-C5P2-CQGG OneUptime ClickHouse vulnerable to SQL Injection via unvalidated column identifiers in sort, select, and groupBy parameters

The fix for GHSA-p5g2-jm85-8g35 ClickHouse SQL injection via aggregate query parameters added column name validation to the aggregateBy method but did not apply the same validation to three other query construction paths in StatementGenerator. The toSortStatement, toSelectStatement, and...

PT-2026-26198

The fix for GHSA-p5g2-jm85-8g35 ClickHouse SQL injection via aggregate query parameters added column name validation to the aggregateBy method but did not apply the same validation to three other query construction paths in StatementGenerator. The toSortStatement, toSelectStatement, and...

EUVD-2025-36745

Malicious code in sort-keys-fix npm...

Malicious Package

Overview sort-keys-fix is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2025-49043 Malicious code in sort-keys-fix (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6fd040f6b48ad761cb38f7172921ad9f1a82689c1ac612e6f936271eaf1f08d1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in sort-keys-fix (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6fd040f6b48ad761cb38f7172921ad9f1a82689c1ac612e6f936271eaf1f08d1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in typescript-sort-keys (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9936ccc8347b00204eae711ecf8b26d6d9444300021678c11327776463123325 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview typescript-sort-keys is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

EUVD-2025-36798

Malicious code in typescript-sort-keys npm...

MAL-2025-49060 Malicious code in typescript-sort-keys (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9936ccc8347b00204eae711ecf8b26d6d9444300021678c11327776463123325 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

EUVD-2025-36854

Malicious code in sort-keys-plus npm...

Malicious code in sort-keys-plus (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1259b4a5ee855447736b9ec48a05b35f1c23446060a98aa5f1fc29a0e825db09 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...