Azure Linux 3.0 Security Update: postgresql (CVE-2024-10979)

The version of postgresql installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-10979 advisory. - Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to...

CVE-2025-14051

A flaw has been found in youlaitech youlai-mall 1.0.0/2.0.0. Affected is the function getById/updateAddress/deleteAddress of the file /mall-ums/app-api/v1/addresses/. Executing manipulation can lead to improper control of dynamically-identified variables. The attack can be executed remotely. The...

CVE-2025-14085

A vulnerability has been found in youlaitech youlai-mall 1.0.0/2.0.0. This impacts an unknown function of the file /app-api/v1/orders/. The manipulation of the argument orderId leads to improper control of dynamically-identified variables. Remote exploitation of the attack is possible. The exploi...

CVE-2025-14051

CVE-2025-14051 affects youlaitech youlai-mall versions 1.0.0 through 2.0.0. The vulnerability resides in the functions getById(), updateAddress(), and deleteAddress() in the file /mall-ums/app-api/v1/addresses/. Exploitation can be performed remotely, and public exploits have been published. Reme...

EUVD-2024-33389

Malicious code in bioql PyPI...

Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2025-1818)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-40632

Linkerd is an open source, ultralight, security-first service mesh for Kubernetes. In affected versions when the application being run by linkerd is susceptible to SSRF, an attacker could potentially trigger a denial-of-service DoS attack by making requests to localhost:4191/shutdown. Linkerd cou...

CVE-2022-36337

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow vulnerability in the MebxConfiguration driver leads to arbitrary code execution. Control of a UEFI variable under the OS can cause this overflow when read by BIOS code...

FreeBSD : PostgreSQL -- PL/Perl environment variable changes execute arbitrary code (a03636f4-a29f-11ef-af48-6cc21735f730)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the a03636f4-a29f-11ef-af48-6cc21735f730 advisory. PostgreSQL project reports: Incorrect control of environment variables in PostgreSQL PL/Perl allows an...

PT-2024-8138

Name of the Vulnerable Software and Affected Versions: PostgreSQL versions prior to 17.1 PostgreSQL versions prior to 16.5 PostgreSQL versions prior to 15.9 PostgreSQL versions prior to 14.14 PostgreSQL versions prior to 13.17 PostgreSQL versions prior to 12.21 Description: The issue is related t...

CVE-2022-36337

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow vulnerability in the MebxConfiguration driver leads to arbitrary code execution. Control of a UEFI variable under the OS can cause this overflow when read by BIOS code...

CVE-2020-7606

docker-compose-remote-api through 0.1.4 allows execution of arbitrary commands. Within 'index.js' of the package, the function 'execserviceName, cmd, fnStdout, fnStderr, fnExit' uses the variable 'serviceName' which can be controlled by users without any sanitization...

kppw 最新版注入(有点奇葩)

简要描述： 人生第一发代码审计 详细说明： 首先给厂商说句抱歉，测试demo的时候把demo搞挂了 漏洞文件:control/ajax/balance.php 看代码 $arrSellerInfo = dbfactory::getonesprintf'select from %s a left join %s b on a.uid = b.uid where a.uid =%s',TABLEPRE.'witkeyspace',TABLEPRE.'witkeyshop',intval$id; if$arrSellerInfo'shopbackstyle' $arrBackgroudStyl...