3986 matches found
EUVD-2026-36132
Fedify has an incomplete SSRF mitigation after GHSA-p9cg-vqcc-grcx: validatePublicUrl allows special-use IPv4 ranges...
CVE-2026-57810
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Saad Iqbal APIExperts Square for WooCommerce woosquare allows Blind SQL Injection.This issue affects APIExperts Square for WooCommerce: from n/a through = 4.7.4...
CVE-2026-57707
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in quantumcloud Simple Business Directory Pro simple-business-directory-pro allows SQL Injection.This issue affects Simple Business Directory Pro: from n/a through = 15.9.4...
EUVD-2026-42370
Improper Neutralization of Special Elements in Data Query Logic vulnerability in Progress MOVEit Transfer Custom Reports modules. This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3...
CVE-2026-6818
The VikBooking Hotel Booking Engine & PMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'specialrequests' parameter in all versions up to, and including, 1.8.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
CVE-2026-6818 VikBooking Hotel Booking Engine & PMS <= 1.8.8 - Unauthenticated Stored Cross-Site Scripting via 'special_requests' Parameter
The VikBooking Hotel Booking Engine & PMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'specialrequests' parameter in all versions up to, and including, 1.8.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
Security Bulletin: Due to the use of IBM Db2, IBM Cloud Pak System is affected by multiple vulnerabilities
Summary Vulnerabilities found in IBM Db2 LUW that affect Foundation and IBM Tivoli Monitoring ITM pattern Types pTypes shipped with IBM Cloud Pak System. Vulnerabilities were addressed in IBM Cloud Pak System. IBM Cloud Pak System v2.3.6.1 has updated Foundation and ITM pTypes to Foundation versi...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via improper handling of user-supplied input in the Special:Drilldown process. An attacker can execute arbitrary SQL commands by injecting crafted input. Remediation Upgrade mediawiki/cargo to version 3.9.1 or higher...
CVE-2026-14363
The CVE-2026-14363 issue affects the MediaWiki Cargo Extension for MediaWiki, where improper neutralization of special elements in SQL queries (notably in Special:Drilldown) enables SQL injection. Reported impacts include unauthorized access, modification, or deletion of data in the database. Aff...
CVE-2026-14363 Cargo Extension: SQLi in Special:Drilldown
Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in The Wikimedia Foundation Mediawiki - Cargo Extension allows SQL Injection. This issue affects Mediawiki - Cargo Extension: from before 1.43.9,1.44.6,1.45.4...
CVE-2026-58029
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiChangeAuthenticationData.Php, includes/Api/ApiLinkAccount.Php, includes/Api/ApiRemoveAuthenticationData.Php, includes/Specials/SpecialLinkAccounts.Php,...
CVE-2026-58029
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiChangeAuthenticationData.Php, includes/Api/ApiLinkAccount.Php, includes/Api/ApiRemoveAuthenticationData.Php, includes/Specials/SpecialLinkAccounts.Php,...
CVE-2026-58029
CVE-2026-58029 affects Wikimedia Foundation MediaWiki and enables a full account takeover via BotPasswords and OAuth through action=changeauthenticationdata. Affected versions are MediaWiki: before 1.46.0, 1.45.4, 1.44.6, 1.43.9. The issue involves the API and Special pages: ApiChangeAuthenticati...
CVE-2026-58035
CVE-2026-58035 : In Wikimedia Foundation MediaWiki, the vulnerability is an improper neutralization of input during web page generation (XSS) tied to the file resources/src/mediawiki.Special.Block/SpecialBlock.Vue. The available sources confirm a cross-site scripting risk but do not provide concr...
PT-2026-54904
Name of the Vulnerable Software and Affected Versions MediaWiki affected versions not specified Description An issue exists involving improper neutralization of input during web page generation, leading to Cross-site Scripting XSS, where malicious scripts are injected into trusted websites. This...
CVE-2026-35097
The CVE affects KTM System e-BOK, where the password policy allows only numeric passwords up to six digits. Root cause is a restricted character set and short max length, resulting in weak credential requirements. The issue has been addressed by a patch published in June 2026. Remediation recomme...
CVE-2026-54636
Dokku is a docker-powered PaaS. Prior to 0.38.7, the cron plugin utilizes commands in the app.json file to manage system cron running as the Dokku user. An app.json cron command utilizing special shell characters - including, but not limited to, or ; - can break out of the Docker container and...
EUVD-2026-39806
Dokku is a docker-powered PaaS. Prior to 0.38.7, the cron plugin utilizes commands in the app.json file to manage system cron running as the Dokku user. An app.json cron command utilizing special shell characters - including, but not limited to, or ; - can break out of the Docker container and...
PT-2026-52854
Name of the Vulnerable Software and Affected Versions Dokku versions prior to 0.38.7 Description The cron plugin uses commands defined in the app.json file to manage system cron tasks running as the Dokku user. If a cron command in app.json contains special shell characters, such as or ;, it can...
Security Bulletin: Due to the use of IBM Db2, IBM Cloud Pak System is affected by multiple vulnerabilities
Summary Vulnerabilities found in IBM Db2 LUW that affect Foundation and IBM Tivoli Monitoring ITM pattern Types pTypes shipped with IBM Cloud Pak System. Vulnerabilities were addressed in IBM Cloud Pak System. IBM Cloud Pak System v2.3.6.0 has updated Foundation and ITM pTypes to Foundation versi...