Opencart Divido - Sql Injection

OpenCart Divido plugin is susceptible to SQL injection id: CVE-2018-11231 info: name: Opencart Divido - Sql Injection author: ritikchaddha severity: high description: | OpenCart Divido plugin is susceptible to SQL injection impact: | This vulnerability can lead to data theft, unauthorized access,...

Postgrex: Channel-name SQL injection in `Postgrex.Notifications.listen/3`

Summary SQL injection in Postgrex.Notifications.listen/3: the channel argument is interpolated straight into LISTEN "..." / UNLISTEN "..." without escaping the " character. Any caller that lets a user influence the channel name e.g. a pub/sub bridge that uses a tenant id or topic slug as the...

Exploit for Server-Side Request Forgery in Vercel Next.Js

CVE-2026-44578 - Next.js WebSocket SSRF PoC Vulnerability:...

CVE-2026-40020

Attacker can use the IMAP SETACL command to inject the anyone permission to user's dovecot-acl file even if imapaclallowanyone=no. This causes folders to be spammed to all users. The impact is limited to being able to spam folders to other users, no unexpected access is gained. Install to fixed...

CVE-2026-25199

Instances deployed via the Proxmox extension allow unauthorized access to instances belonging to other tenants. This issue affects Apache CloudStack: from 4.21.0.0 through 4.22.0.0. The Proxmox extension for CloudStack improperly uses a user-editable instance setting, proxmoxvmid, to associate...

PocketBase vulnerable to account pre-hijacking via OAuth2 unverfied->verified autolinking upgrade

A pre-hijacking issue was discovered with the OAuth2 autolinking by Alardiians. In some situations, if an attacker knows the email address of the victim they can create and link an unverified PocketBase user in advance by authenticating with one of the OAuth2 app providers, e.g. "A". When the...

GHSA-PQ7P-MC74-G65W PocketBase vulnerable to account pre-hijacking via OAuth2 unverfied->verified autolinking upgrade

A pre-hijacking issue was discovered with the OAuth2 autolinking by Alardiians. In some situations, if an attacker knows the email address of the victim they can create and link an unverified PocketBase user in advance by authenticating with one of the OAuth2 app providers, e.g. "A". When the...

CVE-2026-7422

Insufficient packet validation in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to bypass all checksum and minimum-size validation by spoofing the Ethernet source MAC address to match one of the device's own registered endpoints, because the loopback detection...

DEBIAN-CVE-2026-40170

ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2qlogparameterssettransportparams serializes peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog is enabled, a remote peer can send sufficiently large transport...

Security Bulletin: IBM Sterling B2B Integrator and IBM Sterling File Gateway are vulnerable due to improper permission check vulnerability in Zookeeper (CVE-2025-58457)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway are vulnerable due to improper permission check vulnerability in Zookeeper Vulnerability Details CVEID:CVE-2025-58457 DESCRIPTION: Improper permission check in ZooKeeper AdminServer lets authorized clients to run snapshot and resto...

Security Bulletin: vulerability in IBM Spectrum Symphony with spring framework

Summary vulerability in IBM Spectrum Symphony with spring framework Vulnerability Details CVEID:CVE-2024-38820 DESCRIPTION: The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase has some Locale dependent exceptions that could...

ALPINE-CVE-2026-27859

A mail message containing excessive amount of RFC 2231 MIME parameters causes LMTP to use too much CPU. A suitably formatted mail message causes mail delivery process to consume large amounts of CPU time. Use MTA capabilities to limit RFC 2231 MIME parameters in mail messages, or upgrade to fixed...

CVE-2026-27859

A mail message containing excessive amount of RFC 2231 MIME parameters causes LMTP to use too much CPU. A suitably formatted mail message causes mail delivery process to consume large amounts of CPU time. Use MTA capabilities to limit RFC 2231 MIME parameters in mail messages, or upgrade to fixed...

CVE-2026-27859

A mail message containing excessive amount of RFC 2231 MIME parameters causes LMTP to use too much CPU. A suitably formatted mail message causes mail delivery process to consume large amounts of CPU time. Use MTA capabilities to limit RFC 2231 MIME parameters in mail messages, or upgrade to fixed...

CVE-2025-59032

ManageSieve AUTHENTICATE command crashes when using literal as SASL initial response. This can be used to crash ManageSieve service repeatedly, making it unavailable for other users. Control access to ManageSieve port, or disable the service if it's not needed. Alternatively upgrade to a fixed...

CVE-2025-59032

ManageSieve AUTHENTICATE command crashes when using literal as SASL initial response. This can be used to crash ManageSieve service repeatedly, making it unavailable for other users. Control access to ManageSieve port, or disable the service if it's not needed. Alternatively upgrade to a fixed...

UBUNTU-CVE-2025-59032

ManageSieve AUTHENTICATE command crashes when using literal as SASL initial response. This can be used to crash ManageSieve service repeatedly, making it unavailable for other users. Control access to ManageSieve port, or disable the service if it's not needed. Alternatively upgrade to a fixed...

UBUNTU-CVE-2026-27859

A mail message containing excessive amount of RFC 2231 MIME parameters causes LMTP to use too much CPU. A suitably formatted mail message causes mail delivery process to consume large amounts of CPU time. Use MTA capabilities to limit RFC 2231 MIME parameters in mail messages, or upgrade to fixed...

CVE-2026-33218

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, a client which can connect to the leafnode port can crash the nats-server with a certain malformed message pre-authentication. Versions 2.11.15 and 2.12.6 contain ...

CVE-2026-31898 jsPDF has a PDF Object Injection via FreeText color

jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.2.1, user control of arguments of the createAnnotation method allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to the following method, a user can inje...