9 matches found
CVE-2026-56064
Subscriber SQL Injection in Tourfic = 2.22.5 versions...
CVE-2026-48967
Subscriber SQL Injection in Geo Mashup = 1.13.19 versions...
CVE-2026-48967 WordPress Geo Mashup plugin <= 1.13.19 - SQL Injection vulnerability
Subscriber SQL Injection in Geo Mashup = 1.13.19 versions...
CVE-2026-40766
Subscriber SQL Injection in MasterStudy LMS = 3.7.25 versions...
CVE-2026-52700 WordPress WCMultiShipping plugin <= 3.0.2 - SQL Injection vulnerability
Subscriber SQL Injection in WCMultiShipping = 3.0.2 versions...
PT-2026-49482
Subscriber SQL Injection in GamiPress = 7.8.7 versions...
Important: postgresql18
Issue Overview: Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use searchpath to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's choice. Versions...
Important: postgresql17
Issue Overview: Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use searchpath to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's choice. Versions...
PostgreSQL -- Multiple vulnerabilities
The PostgreSQL project reports: Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use searchpath to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's...