SQL Injection

Overview @mikro-orm/sql is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Supports MongoDB, MySQL, PostgreSQL and SQLite databases as well as usage with vanilla JavaScript. Affected versions of this package are vulnerable to SQL Injection via improper...

Zabbix 7.0.x < 7.0.14 / 7.2.x < 7.2.8 Information Disclosure (ZBX-26988)

The version of Zabbix Server installed on the remote host is affected by a vulnerability. Due to a bug in Zabbix API, the hostprototype.get method lists all host prototypes to users that do not have any user groups assigned to them. Note that Nessus has not tested for this issue but has instead...

SUSE CVE-2026-22262

Suricata is a network IDS, IPS and NSM engine. While saving a dataset a stack buffer is used to prepare the data. Prior to versions 8.0.3 and 7.0.14, if the data in the dataset is too large, this can result in a stack overflow. Versions 8.0.3 and 7.0.14 contain a patch. As a workaround, do not us...

CVE-2026-22262

CVE-2026-22262 affects Suricata (network IDS/IPS/NSM). When saving a dataset, a stack buffer can overflow if the dataset data is too large, before patches were applied. Affected versions are prior to 8.0.3 and 7.0.14, which include the fixes. Remediation: upgrade to 8.0.3+ or 7.0.14+. As a workar...

CVE-2026-22262

Suricata is a network IDS, IPS and NSM engine. While saving a dataset a stack buffer is used to prepare the data. Prior to versions 8.0.3 and 7.0.14, if the data in the dataset is too large, this can result in a stack overflow. Versions 8.0.3 and 7.0.14 contain a patch. As a workaround, do not us...

CVE-2026-22261

CVE-2026-22261 affects Suricata (IDS/IPS/NSM engine). Affected: versions prior to 8.0.3 and 7.0.14 with inefficiencies in X-Forwarded-For (XFF) handling, especially for alerts not triggered in a transaction, causing severe slowdowns. The vulnerability is addressed in Suricata 8.0.3 and 7.0.14 via...

EUVD-2019-3101

Malware in sbrugna...

EUVD-2020-12594

Malware in sbrugna...

EUVD-2019-3102

Malware in sbrugna...

MongoDB Server 访问控制错误漏洞

MongoDB Server is a set of open source NoSQL databases from the American company MongoDB. The database provides collection-oriented storage, dynamic querying, data replication and automatic failover. A security vulnerability exists in MongoDB Server that stems from the possibility that an...

OESA-2024-2230 redis security update

Redis is an advanced key-value store. It is often referred to as a dattructure server since keys can contain strings, hashes ,lists, sets anorted sets. Security Fixes: Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its...

CVE-2023-45145 Redis Unix-domain socket may have be exposed with the wrong permissions for a short time window.

Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask2 is used, this creates a race condition that enables, during a short period of time, another process...

PHP 7.0.x < 7.0.14 DoS Vulnerability - Linux

PHP is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...

PHP 7.0.x < 7.0.14 DoS Vulnerability - Windows

PHP is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...

CVE-2021-21436

Agents are able to see and link Config Items without permissions, which are defined in General Catalog. This issue affects: OTRS AG OTRSCIsInCustomerFrontend 7.0.x version 7.0.14 and prior versions...

CVE-2021-21436

Agents are able to see and link Config Items without permissions, which are defined in General Catalog. This issue affects: OTRS AG OTRSCIsInCustomerFrontend 7.0.x version 7.0.14 and prior versions...

CVE-2019-11426

An XSS issue was discovered in app/admincp/template/admincp.header.php in idreamsoft iCMS 7.0.14 via the admincp.php?app=config tab parameter...

Google Search Appliance dynamic navigation cross-site scripting vulnerability

Overview Google Search Appliance GSA devices contain a cross-site scripting XSS vulnerability when dynamic navigation is enabled. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' Google Search Appliance versions earlier than 7.2.0.G.114 and...

Apache Tomcat SecurityConstraints Security Bypass Vulnerability

Apache Tomcat is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat";...