CVE-2026-44418

EcclesiaCRM is CRM Software for church management. In 8.0.0 and earlier, the ValidateInput function's default case in EcclesiaCRM's query view passes user-supplied POST parameters directly into SQL queries via strreplace without any sanitization, enabling SQL injection through query parameters th...

CVE-2026-44418

EcclesiaCRM is CRM Software for church management. In 8.0.0 and earlier, the ValidateInput function's default case in EcclesiaCRM's query view passes user-supplied POST parameters directly into SQL queries via strreplace without any sanitization, enabling SQL injection through query parameters th...

CVE-2026-44418 Incomplete fix for CVE-2026-35184: SQL Injection in phili67/ecclesiacrm

EcclesiaCRM is CRM Software for church management. In 8.0.0 and earlier, the ValidateInput function's default case in EcclesiaCRM's query view passes user-supplied POST parameters directly into SQL queries via strreplace without any sanitization, enabling SQL injection through query parameters th...

CVE-2026-6628

CVE-2026-6628 affects phili67 Ecclesia CRM up to version 8.0.0. The vulnerability is in the Query Viewer Component, specifically the ValidateInput function under /v2/query/view/, where manipulation of the custom argument leads to SQL injection. The issue can be triggered remotely and the exploit ...

CVE-2026-6628 phili67 Ecclesia CRM Query Viewer view ValidateInput sql injection

A flaw has been found in phili67 Ecclesia CRM up to 8.0.0. This affects the function ValidateInput of the file /v2/query/view/ of the component Query Viewer Component. This manipulation of the argument custom causes sql injection. The attack can be initiated remotely. The exploit has been publish...

CVE-2026-33937 Handlebars.js has JavaScript Injection via AST Type Confusion

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, Handlebars.compile accepts a pre-parsed AST object in addition to a template string. The value field of a NumberLiteral AST node is emitted directly into the generated JavaScript withou...

CVE-2026-27942 fast-xml-parser has stack overflow in XMLBuilder with preserveOrder

fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. Prior to version 5.3.8, the application crashes with stack overflow when user use XML builder with preserveOrder:true. Version 5.3.8 fixes the issue. As...

Unsafe Dependency Resolution

Overview lfx is a lfx is a command-line tool for running Langflow workflows. It provides two main commands: serve and run. Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the execglobals parameter in the validate endpoint. An attacker can execute arbitrary cod...

CVE-2025-40335

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate userq input args This will help on validating the userq input args, and rejecting for the invalid userq request at the IOCTLs first place...

SUSE CVE-2023-53722

In the Linux kernel, the following vulnerability has been resolved: md: raid1: fix potential OOB in raid1removedisk If rddev-raiddisk is greater than mddev-raiddisks, there will be an out-of-bounds in raid1removedisk. We have already found similar reports as follows: 1 commit d17f744e883b...

EUVD-2007-3587

Malware in sbrugna...

PT-2025-33634 · Portabilis · Portabilis I-Diario

Name of the Vulnerable Software and Affected Versions: Portabilis i-Diario versions up to 1.5.0 Description: A vulnerability exists in Portabilis i-Diario that allows for cross site scripting. The issue is located in the Informações Adicionais Page component, specifically within the...

PT-2025-21246 · Oa System · Oa System

Name of the Vulnerable Software and Affected Versions: OA System versions prior to 2025.01.01 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter at the "/inform/InformManageController.java...

SUSE CVE-2022-49740

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Check the count value of channel spec to prevent out-of-bounds reads This patch fixes slab-out-of-bounds reads in brcmfmac that occur in brcmfconstructchaninfo and brcmfenablebw402g when the count value of channel...

PT-2024-38656 · Special Minds Design · E-Commerce

Name of the Vulnerable Software and Affected Versions: Special Minds Design and Software e-Commerce versions prior to 22.11.2024 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL...

CVE-2021-32796 Misinterpretation of malicious XML input in xmldom

xmldom is an open source pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. xmldom versions 0.6.0 and older do not correctly escape special characters when serializing elements removed from their ancestor. This may lead to unexpected syntactic changes duri...

DEBIAN-CVE-2021-21366

xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. xmldom versions 0.4.0 and older do not correctly preserve system identifiers, FPIs or namespaces when repeatedly parsing and serializing maliciously crafted documents. This may lead to unexpect...

CVE-2019-0710 Windows Hyper-V Denial of Service Vulnerability

...

UBUNTU-CVE-2018-7712

The validateInputImageSize function in modules/imgcodecs/src/loadsave.cpp in OpenCV 3.4.1 allows remote attackers to cause a denial of service assertion failure because size.height = 120 may be false. Note: “OpenCV CVAssert is not an assertion C-like assert, it is regular C++ exception which can...

ASX to MP3 3.1.3.7 - '.m3u' Local Buffer Overflow

Exploit Title: Buffer Overflow via crafted malicious .m3u file Exploit Author: Parichay Rai Tested on: XP Service Pack 3 CVE : CVE-2017-15221 Description ------------ A buffer overflow Attack possible due to improper input mechanism Proof of Concept ---------------- !/usr/bin/python This exploit...