7 matches found
CVE-2026-45542
ESF-IDF (Espressif IoT Development Framework) versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0 suffer a heap buffer overflow in protocomm Security Scheme 2 (SRP6a) during session setup. The handle_session_command0() path copies a client-provided SRP6a username field into a smaller destination buffer,...
django: Django SQL injection in FilteredRelation column aliases
An SQL injection flaw has been discovered in the Django web framework. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the kwargs passed QuerySet.annotate or QuerySet.alias...
PT-2024-39691 · WordPress · Slimstat Analytics
Name of the Vulnerable Software and Affected Versions: SlimStat Analytics plugin for WordPress versions up to, and including, 5.2.6 Description: The issue is related to Stored Cross-Site Scripting via the resource parameter due to insufficient input sanitization and output escaping when logging...
SUSE CVE-2018-2698
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox...
Oracle VM VirtualBox Elevation of Privilege Vulnerability
Oracle Virtualization is the American Oracle Oracle company's set of hardware and software virtualization management solutions. Oracle VM VirtualBox is one of the virtual machine components. A security vulnerability exists in the Oracle VM VirtualBox component of Oracle Virtualization, versions...
Oracle VM VirtualBox Elevation of Privilege Vulnerability (CNVD-2018-02057)
Oracle Virtualization is the American Oracle Oracle company's set of hardware and software virtualization management solutions. Oracle VM VirtualBox is one of the virtual machine components. A security vulnerability exists in the Oracle VM VirtualBox component of Oracle Virtualization, versions...
php -- ini database truncation inside dba_replace() function
securityfocus research reports: A bug that leads to the emptying of the INI file contents if the database key was not found exists in PHP dba extension in versions 5.2.6, 4.4.9 and earlier. Function dbareplace are not filtering strings key and value. There is a possibility for the destruction of...