CVE-2026-6476 PostgreSQL pg_createsubscriber allows SQL injection via subscription name

SQL injection in PostgreSQL pgcreatesubscriber allows an attacker with pgcreatesubscription rights to execute arbitrary SQL as a superuser. The attack takes effect when pgcreatesubscriber next runs. Within major versions 17 and 18, minor versions before PostgreSQL 18.4 and 17.10 are affected...

CVE-2026-6476

SQL injection in PostgreSQL pgcreatesubscriber allows an attacker with pgcreatesubscription rights to execute arbitrary SQL as a superuser. The attack takes effect when pgcreatesubscriber next runs. Within major versions 17 and 18, minor versions before PostgreSQL 18.4 and 17.10 are affected...

BIT-JAVA-MIN-2022-21449

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 17.0.2 and 18; Oracle GraalVM Enterprise Edition: 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows...

PT-2026-20772

Stored Cross-Site Scripting XSS in Alkacon's OpenCms v18.0, which occurs when user input is not properly validated when sending a POST request to ‘/blog/new-article/org.opencms.ugc.CmsUgcEditService.gwt’ using the ‘text’ parameter...

CKEditor <= 46.1.0 Reflected XSS Vulnerability

CKEditor 5 is prone to a reflected cross-site scripting XSS vulnerability when used with Angular. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...

GHSA-XJHF-7833-3PM5 Volto affected by possible DoS by invoking specific URL by anonymous user

Impact When visiting a specific URL, an anonymous user could cause the NodeJS server part of Volto to quit with an error. Patches The problem has been patched and the patch has been backported to Volto major versions down until 16. It is advised to upgrade to the latest patch release of your...

CVE-2025-36047

Summary: CVE-2025-36047 affects IBM WebSphere Application Server Liberty 18.0.0.2–25.0.0.8, enabling DoS via specially crafted requests that exhaust memory. Affected IBM Bulletins identify Liberty-based deployments (e.g., WebSphere Liberty) in various IBM products (e.g., Watson Discovery Cartridg...

CVE-2025-24189

The issue was addressed with improved checks. This issue is fixed in Safari 18.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing maliciously crafted web content may lead to memory corruption...

RHSA-2025:1446 Red Hat Security Advisory: nodejs:18 security update

Bulletin has no description...

BIT-NODE-MIN-2023-30581

The use of proto in process.mainModule.proto.require can bypass the policy mechanism and require modules outside of the policy.json definition. This vulnerability affects all users using the experimental policy mechanism in all active release lines: v16, v18 and, v20. Please note that at the time...

Apple TV < 18 Multiple Vulnerabilities (121248)

According to its banner, the version of Apple TV on the remote device is prior to 18. It is therefore affected by multiple vulnerabilities as described in the 121248 %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid207682; scriptversion"1.1";...

Apple Safari Security Update (HT121241)

Apple Safari is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apple:safari"; ifdescription...

RHSA-2016:1425 Red Hat Security Advisory: rh-nginx18-nginx security update

Bulletin has no description...

Flipsnack 安全漏洞

Flipsnack is a publishing platform from Flipsnack, Inc. A security vulnerability exists in Flipsnack version v.18/03/2024. A local attacker exploited the vulnerability to obtain sensitive information via the reader.gz.js file...

PT-2024-22497 · Flipsnack · Flipsnack

Name of the Vulnerable Software and Affected Versions: Flipsnack version 18/03/2024 Description: An issue in Flipsnack allows a local attacker to obtain sensitive information via the reader.gz.js file. Recommendations: For Flipsnack version 18/03/2024, consider restricting access to the...

Node.js Multiple Vulnerabilities (Apr 2024) - Mac OS X

Node.js is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js"; ifdescription...

AZL-37121 CVE-2024-28863 affecting package nodejs18 for versions less than 18.20.3-1

node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js client within few...

CVE-2022-32222

CVE-2022-32222 affects Node.js on Linux, in the 18.x line prior to 18.40.0. The vulnerability stems from a default path for openssl.cnf that could become accessible to a non-admin user instead of /etc/ssl. The initial description does not quantify exploitation probability beyond access, but the p...

Electron 安全漏洞

Electron is a personal developer of a user to write cross-platform desktop application JavaScript framework. The framework is based on nodejs and Chromium and can be used to write cross-platform desktop applications using HTML and CSS. A security vulnerability exists in Electron version...

PT-2021-5985 · Adobe · After Effects

Name of the Vulnerable Software and Affected Versions: Adobe After Effects versions 22.0 and earlier Adobe After Effects versions 18.4.2 and earlier Description: The issue is related to an out-of-bounds read vulnerability in Adobe After Effects, which could lead to disclosure of sensitive memory...