PT-2026-42579

Name of the Vulnerable Software and Affected Versions Simple Hierarchical Select SHS for Drupal 7 versions 7.x-1.0 through 7.x-1.10 Description Cross-site scripting risk exists due to improper output escaping of term-derived text. Malicious taxonomy term names can be rendered unsafely depending o...

CVE-2026-8114

A vulnerability was identified in JeecgBoot up to 3.9.1. Affected by this issue is some unknown functionality of the file /sys/dict/loadTreeData of the component JSON Object Handler. The manipulation of the argument condition leads to sql injection. The attack can be initiated remotely. The explo...

CVE-2026-8114 JeecgBoot JSON Object loadTreeData sql injection

A vulnerability was identified in JeecgBoot up to 3.9.1. Affected by this issue is some unknown functionality of the file /sys/dict/loadTreeData of the component JSON Object Handler. The manipulation of the argument condition leads to sql injection. The attack can be initiated remotely. The explo...

CVE-2026-8114 JeecgBoot JSON Object loadTreeData sql injection

A vulnerability was identified in JeecgBoot up to 3.9.1. Affected by this issue is some unknown functionality of the file /sys/dict/loadTreeData of the component JSON Object Handler. The manipulation of the argument condition leads to sql injection. The attack can be initiated remotely. The explo...

JeecgBoot 注入漏洞

JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. JeecgBoot versions 3.9.1 and earlier have a vulnerability related to injection attacks. This vulnerability stems from the parameter condition handled by the JSON object processor in the...

Linux Distros Unpatched Vulnerability : CVE-2025-71196

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - phy: stm32-usphyc: Fix off by one in probe The index variable is used as an index into the usbphyc-phys array which has usbphyc-nphys elements. So if it is equa...

SQL Injection

jeecg-boot is vulnerable to SQL Injection. The vulnerability is due to insufficient sanitization of the title parameter in the /sys/dict/loadTreeData endpoint, allowing attackers to inject malicious SQL statements and manipulate backend database queries...

CVE-2025-8806

A vulnerability was found in zhilink 智互联深圳科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0. It has been classified as critical. This affects an unknown part of the file /adpweb/a/sys/office/treeData. The manipulation of the argument extId leads to sql injection. It is possible to initiate...

PT-2025-32480 · Zhilink 智互联(深圳)科技有限公司 · Adp Application Developer Platform

Name of the Vulnerable Software and Affected Versions: zhilink 智互联深圳科技有限公司 ADP Application Developer Platform version 1.0.0 Description: A critical issue exists in the zhilink 智互联深圳科技有限公司 ADP Application Developer Platform. The vulnerability is due to a SQL injection that can be triggered by...

USN-7383-2 linux-realtime vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - x86 architecture; - Block layer subsystem; - Drivers core; - Ublk userspace block driver; -...

CVE-2024-36409

SuiteCRM is an open-source Customer Relationship Management CRM software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in Tree data entry point. Versions 7.14.4 and 8.6.1 contain a fix for this issue...

CVE-2024-36409

CVE-2024-36409 affects SuiteCRM before versions 7.14.4 and 8.6.1, where poor input validation enables an SQL Injection at the Tree data entry point. The root cause is inadequate input validation in the Tree entry point, allowing crafted input to alter database queries. Public advisories consisten...

CVE-2024-36409 SuiteCRM authenticated SQL Injection in TreeData entrypoint

SuiteCRM is an open-source Customer Relationship Management CRM software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in Tree data entry point. Versions 7.14.4 and 8.6.1 contain a fix for this issue...

SuiteCRM Security Breach

SuiteCRM is a customer relationship management system from the SuiteCRM team. SuiteCRM has a security vulnerability that stems from Inadequate input validation can lead to a SQL injection vulnerability at the Tree data entry point...

CVE-2023-38992

jeecg-boot v3.5.1 was discovered to contain a SQL injection vulnerability via the title parameter at /sys/dict/loadTreeData...

PT-2023-18008 · Google · Android Kernel

Name of the Vulnerable Software and Affected Versions: Android kernel Description: The issue is related to a possible out of bounds write in the load dt data function of storage.c due to a missing bounds check. This could lead to local escalation of privilege, requiring System execution privilege...

Fedora: Security Advisory for golang-etcd-bbolt (FEDORA-2022-3969b64d4b)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Cross-Site Scripting in jqtree

Affected versions of jqtree are vulnerable to cross-site scripting in the drag and drop functionality for modifying tree data. When a user attempts to drag a node to a different position in the hierarchy, script content existing within the node will be executed. Recommendation Update to 1.3.4 or...

UBUNTU-CVE-2019-8934

hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest...

The vulnerability of the getNodeSize function in the SQLite database management system allows attackers to carry out other attacks.

The vulnerability of the getNodeSize function in the SQLite database management system arises from the execution of an operation beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to exert other effects using the reduced size of RTree blobs within the...