CVE-2019-25726

All in One Video Downloader 1.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send requests to the admin interface with UNION-based SQL injection payloads in the id...

Malicious code in shiroai (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8cde2f64fd59e62071433f92eab83a4817f0b306ff1735aa8c31ae31dcaf9830 shiroai is advertised as a CLI where the installer authenticates with their own API key via shiroai login . In practice, cli.js ignores any...

Security Bulletin: IBM InfoSphere Optim Archive Viewer is affected by multiple vulnerabilities in jsPDF (CVE-2026-24040, CVE-2026-24043, CVE-2026-24133, CVE-2026-24737)

Summary Multiple vulnerabilities in the jsPDF library used by IBM InfoSphere Optim Archive Viewer have been addressed by upgrading the library to version 4.0.0. Vulnerability Details CVEID:CVE-2026-24040 DESCRIPTION: jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, the addJS...

DEBIAN-CVE-2026-32814

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, when decoding a HEIF grid image with strictdecoding=false the default, a corrupted tile silently fails to decode and the library returns heiferrorOk with no indication of failure, leading to an uninitialized...

CVE-2021-47928 Opencart TMD Vendor System 3.x Blind SQL Injection via product route

Opencart TMD Vendor System 3.x contains a blind SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the productid parameter. Attackers can craft malicious SQL queries using time-based or content-based blind injection...

CVE-2026-33872 elixir-nodejs has Cross-User Data Leakage or Information Disclosure due to Worker Protocol Race Condition

elixir-nodejs provides an Elixir API for calling Node.js functions. A vulnerability in versions prior to 3.1.4 results in Cross-User Data Leakage or Information Disclosure due to a race condition in the worker protocol. The lack of request-response correlation creates a "stale response"...

CVE-2026-24040 jsPDF has a Shared State Race Condition in addJS Plugin

jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, the addJS method in the jspdf Node.js build utilizes a shared module-scoped variable text to store JavaScript content. When used in a concurrent environment e.g., a Node.js web server, this variable is shared across all requests. ...

CVE-2020-7964

An issue was discovered in Mirumee Saleor 2.x before 2.9.1. Incorrect access control in the checkoutCustomerAttach mutations allows attackers to attach their checkouts to any user ID and consequently leak user data e.g., name, address, and previous orders of any other customer...

CVE-2025-12492 Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin <= 2.11.0 - Unauthenticated Sensitive Information Exposure

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11.0 via the ajaxgetmembers function. This is due to the use of a...

EUVD-2021-11111

Malware in sbrugna...

EUVD-2025-21119

Malicious code in bioql PyPI...

EUVD-2022-29619

Malicious code in bioql PyPI...

CVE-2025-22392

Out-of-bounds read in firmware for some IntelR AMT and IntelR Standard Manageability may allow a privileged user to potentially enable information disclosure via network access...

CVE-2023-47298

CVE-2023-47298 affects NCR Terminal Handler 1.5.1. The issue is broken access control on the SOAP API endpoint, allowing a low-privilege authenticated user to query and obtain information about all application users, including usernames, roles, security groups, and account statuses. Public refere...

PT-2025-12032 · Unknown · Transformeroptimus/Superagi

Name of the Vulnerable Software and Affected Versions: transformeroptimus/superagi affected versions not specified Description: An information disclosure issue exists, allowing an attacker to leak sensitive user information, including names, emails, and passwords. This can be achieved by attempti...

PayPal,Credit Card and Debit Card Payment SQL注入漏洞

PayPal,Credit Card and Debit Card Payment is a PayPal, Credit Card and Debit Card Payment software by janobe individual developer. A SQL injection vulnerability exists in PayPal,Credit Card and Debit Card Payment version 1.0. An attacker can use this vulnerability to send a specially crafted quer...

Simple Online Banking System 1.0 SQL Injection

Exploit Title: Simple Online Banking System - SQLi Authentication Bypass Date: 6 Jul, 2024 CVE: N/A Exploit Author: bRpsd Vendor Homepage: https://www.sourcecodester.com/php/14868/banking-system-using-php-free-source-code.html Software Link:...

CVE-2024-24595

Allegro AI’s open-source version of ClearML stores passwords in plaintext within the MongoDB instance, resulting in a compromised server leaking all user emails and passwords...

CentOS 8 : python-urllib3 (CESA-2024:0116)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2024:0116 advisory. - urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide any helpers for managing...

Google Nest Security Breach

Google Nest is a smart home product from Google, Inc. in the United States. Google Nest has a security vulnerability that stems from root code execution and user data leakage...