CVE-2026-48774

Summary : ProxySQL 3.0.0–3.0.8 allows read-only requests to execute multi-statement backends, enabling unintended writes via the MCP run_sql_readonly tool. The input validator uses a blacklist/allowlist on the first statement, but then runs the full string against a backend connection created wit...

CVE-2026-54899

This CVE corresponds to a use-after-free in Oj:Parser symbol key cache toggle (Oj gem). Disabling symbol_keys on a reused Oj::Parser frees the internal key cache but does not null the d->key_cache pointer. The next parse reads from freed memory, causing a heap-use-after-free (as documented by ...

CVE-2026-48772

ProxySQL (versions 2.0.0–3.0.8) is vulnerable to a PROXY protocol v1 UNKNOWN frame bypass. The frontend accepts the PROXY UNKNOWN header and, despite the spec requiring ignoring the address fields, ProxySQL parses them via sscanf and writes a spoofed source address into the session, feeding i...

CVE-2026-48773

Summary of CVE-2026-48773 : ProxySQL (versions 2.0.18–3.0.8) contains a pre-authentication heap memory corruption in the MySQL/PostgreSQL protocol first-read paths. A remote, unauthenticated client can declare an oversized first packet length, and ProxySQL passes that attacker-controlled length t...

CVE-2026-49345

CVE-2026-49345 affects Mercator before 2025.05.19. The SSRF flaw resides in the CVE configuration panel (/admin/config/parameters) where ConfigurationController.testProvider() passes user input directly to curl_init() without validating scheme/host/IP. An authenticated user with configure permiss...

CVE-2026-23879

The connected advisory GHSA-q6rc-2cgv-63h7 documents an arbitrary file write vulnerability in py7zr (1.1.0, latest) where symbolic links can be crafted to bypass destination-directory restrictions during extractall. The root cause is insufficient checks on the full symlink path resolution, allowi...

CVE-2026-49344

Mercator (open source mapping app) prior to version 2025.05.19 is affected by CVE-2026-49344. The Query Engine endpoint /admin/queries/execute does not enforce an authorization gate, allowing any authenticated account (including read-only Auditor) to query models outside the intended scope (e.g.,...

CVE-2026-48715

CVE-2026-48715 affects the radvddump utility shipped with radvd (prior to v2.21). The issue is a stack buffer overflow in the Route Information option parser: during processing of a crafted ICMPv6 Router Advertisement, print_ff() copies up to 2032 bytes from packet data into a 16-byte on-stack st...

CVE-2026-49342

YARD (Ruby) prior to 0.9.44 is affected: its static cache lookup reads the request path before router path cleanup, allowing a traversal like /../yard-cache-secret.html to be joined with a document root and retrieve a sibling .html outside the intended static tree. The issue is addressed in versi...

CVE-2026-49340

gonic is a music streaming server / Subsonic API implementation. Before v0.21.0, a logic error in ServeCreateOrUpdatePlaylist lets any authenticated Subsonic user, including non-admins, write playlist M3U content to an attacker-controlled absolute filesystem path on the host and create intermedia...

CVE-2026-49338

The CVE covers gonic, a Subsonic-compatible music server. Before 0.21.0, Subsonic API endpoints /rest/deletePlaylist.view and /rest/getPlaylist.view allowed any authenticated user to delete or read any other user’s private playlist due to missing per-resource authorization. The playlist ID is bas...

CVE-2026-27878

Grafana Tempo is affected by CVE-2026-27878 due to a TraceQL query that uses a large exemplars hint value, which can cause the Tempo instance to allocate excessive memory and crash (out-of-memory) for an authenticated user, enabling a denial of service. The public documents describe the issue and...

CVE-2026-12726

AWX/AUTOMATION-CONTROLLER GitHub webhook integration vulnerability (CVE-2026-12726): processing of GitHub pull_request webhooks stores statuses_url from the payload without validating it points to a trusted GitHub API endpoint. If a job template uses a GitHub Personal Access Token as the webhook ...

CVE-2026-9375

urllib3 2.6.3 is vulnerable to a decompression bomb bypass in its streaming API when Brotli is enabled and preload_content is False. Three code paths in response.py bypass the max_length protection added in 2.6.0 to mitigate CVE-2025-66471: (1) negative max_length can result from buffer arithmeti...

CVE-2026-12238

The WP Go Maps WordPress plugin (up to version 10.1.01) is vulnerable to an authorization bypass that allows unauthenticated attackers to create arbitrary records in plugin tables (maps, markers, circles, polygons, polylines, rectangles, and point labels) by supplying a WPGMZA-namespaced CRUD-bac...

CVE-2026-49339

Summary: CVE-2026-49339 affects gonic’s getPlaylist/deletePlaylist endpoints. A path traversal-like flaw in the ownership check allows any authenticated Subsonic user to read or delete another user’s playlist and probe host paths. The root cause is that playlist.UserID is derived from the first p...

CVE-2026-49336

The CVE concerns @microsoft/kiota-http-fetchlibrary (TypeScript) in versions 1.0.0-preview.97–1.0.0-preview.101, where RedirectHandler’s scrubSensitiveHeaders uses case-sensitive deletion (delete headers.Authorization, delete headers.Cookie) on a headers object already lower-cased by FetchRequest...

CVE-2026-49293

CVE-2026-49293 affects js-toml up to v1.1.0. The parsing of hexadecimal/octal/binary integer literals uses a hand-written parseBigInt loop that multiplies the BigInt accumulator by the radix for every digit, yielding an O(n^2) time complexity in the length of the literal. A single TOML document c...

CVE-2026-49288

Statamic CMS patch for CVE-2026-49288 fixes a missing authorization on Control Panel fieldtype endpoints that allowed an authenticated CP user to view restricted metadata and content (entries, assets, users, roles, groups, etc.). The issue could disclose titles, custom field values, entry content...

CVE-2026-49291

mcp-memory-service (semantic memory layer for AI apps) exposed the HTTP MCP JSON-RPC endpoint at /mcp such that OAuth read scope allowed mutating actions. Before patch 10.65.3, a read-only OAuth client could invoke tools/call to reach store_memory and delete_memory, bypassing REST write scope che...

CVE-2023-54357

CVE-2023-54357 affects Joomla com_booking 2.4.9. The vulnerability is an information disclosure in the getUserData function of the customer controller, permitting unauthenticated attackers to enumerate user accounts by brute-forcing the id parameter via requests like index.php?option=com_booking&...

CVE-2019-25762

CVE-2019-25762 affects Joomla! component JoomProject 1.1.3.2. The vulnerability is an information disclosure via the projects endpoint, where unauthenticated attackers can query index.php with option=com_jpprojects&view=projects&tmpl=component&format=json to retrieve user IDs, names, and email ad...

CVE-2019-25761

The CVE-2019-25761 entry concerns Joomla! component JoomCRM 1.1.1, where an SQL injection vulnerability exists in the deal_id parameter. authenticated attackers can craft GET requests to index.php?option=com_joomcrm&view=contacts to inject SQL and read sensitive data, including table names and sc...

CVE-2019-25760

CVE-2019-25760 describes a Local File Inclusion in Joomla! Easy Shop 1.2.3. An unauthenticated attacker can read arbitrary server files by supplying a base64-encoded file path via the file parameter in a GET request to index.php with option=com_easyshop and task=ajax.loadImage. Affected files inc...

CVE-2019-25759

The CVE-2019-25759 entry describes an SQL injection in Joomla! component vbizz 1.0.7 where an authenticated attacker can craft the payid parameter to execute arbitrary SQL via POST to the employee management interface, potentially exposing database version and names. The provided sources confirm ...

CVE-2026-49287

Statamic CMS (Laravel/Git) had an incomplete fix for CVE-2026-41175; in-memory collection sorting was not protected. CVE-2026-49287 notes that prior to 5.73.23 and 6.20.0, the patch covered the query builder but not in-memory sorting. This could allow a front-end template that passes request inpu...

CVE-2019-25758

CVE-2019-25758 affects Joomla! component vBizz 1.0.7. The vulnerability is an unrestricted file upload in the profile_pic parameter, enabling authenticated attackers to upload arbitrary PHP files. By submitting malicious files via POST to the employee view endpoint, attackers can place PHP code i...

CVE-2019-25757

CVE-2019-25757 affects Joomla vWishlist 1.0.1. The vulnerability is an SQL injection in the vproductid and userid parameters that authenticated attackers can exploit by sending crafted POST requests to the component, enabling extraction of sensitive database information (e.g., version and databas...

CVE-2026-49290

Slopsmith (CVE-2026-49290) contains a path-traversal vulnerability in archive extractors prior to version 0.2.9-alpha.5 that allows writing arbitrary files outside the extraction directory by crafted PSARC or sloppak archives. The issue affects three extractors: lib/psarc.py::unpack_psarc (PSARC ...

CVE-2019-25756

CVE-2019-25756 affects Joomla! Component vAccount 2.0.2. The vulnerability is an SQL injection in the vaccount-dashboard/expense endpoint, where an unauthenticated attacker can inject payloads via the vid parameter to perform arbitrary SQL queries and exfiltrate sensitive data such as database ve...

CVE-2019-25755

CVE-2019-25755 details: Joomla Component vReview 1.9.11 has an SQL injection in the editReview task via the cmId parameter. Unauthenticated attackers can send POST requests with URL-encoded SQL UNION payloads to extract database data (usernames, passwords, versions). Impact per sources is high (C...

CVE-2019-25754

Joomla Component vRestaurant 1.9.4 contains an SQL injection in the menu-listing-layout endpoint. An unauthenticated attacker can send crafted POST requests with SQL payloads in the keysearch parameter to extract database table names and sensitive information. The vulnerability arises from improp...

CVE-2019-25753

The CVE-2019-25753 entry concerns Joomla! Component VMap 1.9.6, where an SQL injection vulnerability exists in the latlngbound parameter. An unauthenticated attacker can craft GET requests to index.php with options com_vmap&task=loadmarker containing SQL payloads to manipulate database queries an...

CVE-2026-49271

CVE-2026-49271 affects libheif prior to 1.22.1. The uncompressed HEIF decoder validates icef compressed-unit offsets with unit_offset + unit_size, which can wrap and allow constructing iterators outside the compressed item buffer, causing an out-of-bounds heap read and crash. This vulnerability i...

CVE-2019-25752

CVE-2019-25752 affects the Joomla! extension J-BusinessDirectory 4.9.7 . The vulnerability is an SQL injection in the parameter screen path: attackers can inject UNION-based SQL via the type parameter when calling index.php with option=com_jbusinessdirectory&task=categories.getCategories, enablin...

CVE-2019-25751

CVE-2019-25751 affects Joomla’s J-ClassifiedsManager component, version 3.0.5. The vulnerability is an SQL injection in the displayads flow that does not require authentication. An attacker can inject malicious SQL through POST parameters, specifically categorySearch, adType, and citySearch, to e...

CVE-2019-25750

CVE-2019-25750 affects Joomla component J-MultipleHotelReservation version 6.0.7. The vulnerability is an SQL injection in the hotel_id parameter that allows unauthenticated attackers to execute arbitrary SQL queries by sending crafted payloads to the search-hotels endpoint (POST) using UNION SEL...

CVE-2026-49359

PhpWeasyPrint (pontedilana/php-weasyprint) prior to version 2.6.0 is vulnerable: the attachment option for Pdf can accept any value that passes filter_var(url), including http, https, ftp, file, and PHP streams like php://. The library fetches these values server-side via file_get_contents, allow...

CVE-2019-25749

Joomla J-CruisePortal 6.0.4 has an SQL injection in the cruises endpoint: authenticated attackers can send crafted SQL payloads via the guest_adult parameter in POST requests to read or modify database data. The CVSS indicates HIGH risk (7.1) with NETWORK, LOW exploit complexity, and LOW privileg...

CVE-2026-49286

CVE-2026-49286 - PhpWeasyPrint : The library (prior to 2.6.0) guards the output filename against the phar:// stream wrapper with a case-sensitive blacklist. Because PHP stream wrappers are case-insensitive, inputs like PHAR://, Phar:// bypass the check and reach fileExists() in prepareOutput(), a...

CVE-2019-25748

CVE-2019-25748 affects Joomla JHotelReservation 6.0.7. The issue is an SQL injection in the rooms parameter of the search-hotels endpoint, allowing unauthenticated attackers to send crafted SQL payloads via POST requests to extract sensitive data (e.g., database version details). Documented CVSS:...

CVE-2026-49260

CVE-2026-49260 affects PhpWeasyPrint prior to 2.5.1. The vulnerability arises from building the WeasyPrint command by passing the binary path through escapeshellarg() and then validating the quoted result with is_executable(); on POSIX systems this makes the bin path string contain quotes, causin...

CVE-2017-20282

CVE-2017-20282 concerns the Joomla! Component jCart for OpenCart 2.0, where an SQL injection vulnerability exists in the product_id parameter. The flaw lets unauthenticated attackers supply crafted values via GET requests to index.php with the query string option=com_jcart&route=product/product a...

CVE-2017-20281

Joomla! Component Extra Search 2.2.8 contains an SQL injection vulnerability in the establename parameter (index.php?option=com_extrasearch). The issue allows unauthenticated attackers to manipulate database queries and extract sensitive information. Evidence in CVE records and AttackerKB confirm...

CVE-2017-20280

影

CVE-2017-20279

Joomla Payage 2.05 is affected by an SQL injection in the aid parameter used in the make_payment task (unauthenticated access). The vulnerability allows manipulation of database queries, enabling extraction of sensitive data via boolean-based blind or time-based blind techniques. This is supporte...

CVE-2017-20278

CVE-2017-20278 : Joomla Component JoomRecipe 1.0.3 contains an SQL injection vulnerability exploitable via the category parameter in the all-recipes endpoint. Attacks can be performed by unauthenticated users to manipulate queries and extract sensitive database information. The connected document...

CVE-2017-20277

The CVE-2017-20277 entry concerns Joomla JoomRecipe 1.0.4. The connected Attackerkb entry confirms a bona fide vulnerability: a blind SQL injection in the search_author parameter on the search results page. Exploitation is described as sending POST requests to the search endpoint to perform boole...

CVE-2017-20276

Vulnerability: CVE-2017-20276 in Joomla! component SIMGenealogy 2.1.5. Impactful flaw: SQL injection via the type parameter in index.php when option=com_simgenealogy and view=latest are used; unauthenticated attackers can manipulate database queries and potentially exfiltrate data. Affected compo...

CVE-2017-20275

CVE-2017-20275 affects Joomla! Component PHP-Bridge 1.2.3. The vulnerability is an SQL injection in the id parameter of index.php when using option=com_phpbridge&view=phpview, allowing unauthenticated attackers to execute arbitrary SQL and extract database metadata (e.g., table and column names)....