Overview
Description
Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via the pngimage with AddressSanitizer (ASan), the program leaks memory in various locations, eventually leading to high memory usage and causing the program to become unresponsive
Statistics
- 1 Post
- 1 Interaction
Last activity: 15 hours ago
Overview
- djangoproject
- Django
- django
05 Nov 2025
Published
08 Nov 2025
Updated
CVSS
Pending
EPSS
0.10%
KEV
Description
An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8.
The methods `QuerySet.filter()`, `QuerySet.exclude()`, and `QuerySet.get()`, and the class `Q()`, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the `_connector` argument.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank cyberstan for reporting this issue.
Statistics
- 1 Post
Last activity: 23 hours ago
Overview
- risesoft-y9
- Digital-Infrastructure
17 Jan 2026
Published
20 Jan 2026
Updated
CVSS v4.0
MEDIUM (6.9)
EPSS
0.04%
KEV
Description
A flaw has been found in risesoft-y9 Digital-Infrastructure up to 9.6.7. This affects an unknown function of the file source-code/src/main/java/net/risesoft/util/Y9PlatformUtil.java of the component REST Authenticate Endpoint. Executing a manipulation can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Statistics
- 1 Post
Last activity: 2 hours ago
Fediverse
Our autonomous verification engine detected and validated a SQL Injection (CVE-2026-1050) in Digital-Infrastructure in versions <= 9.6.7.
Key Findings:
Vulnerability: SQL Injection (SQLi).
Endpoint: /server-platform/services/rest/auth/authenticate3
Root Cause: Lack of prepared statements in Y9PlatformUtil.
Impact: Attackers can manipulate database queries to access unauthorized tenant data or compromise the server.
The vulnerability was confirmed with Zero False Positives using an executable Proof of Concept (PoC). We recommend immediate remediation by implementing parameterized queries.
Vulnerability details: https://github.com/risesoft-y9/Digital-Infrastructure/issues/2
Overview
- VibeThemes
- WPLMS Learning Management System for WordPress, WordPress LMS
09 Nov 2024
Published
12 Nov 2024
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
49.00%
KEV
Description
The WPLMS Learning Management System for WordPress, WordPress LMS theme for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation and permissions checks in the readfile and unlink functions in all versions up to, and including, 4.962. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). The theme is vulnerable even when it is not activated.
Statistics
- 1 Post
Last activity: 13 hours ago
Overview
- ASUSTOR
- ADM
- AD Domain
03 Feb 2026
Published
03 Feb 2026
Updated
CVSS v4.0
CRITICAL (9.5)
EPSS
0.10%
KEV
Description
When a specific function is enabled while joining a AD Domain from ADM, an improper input parameters validation vulnerability in a specific CGI program allowing an unauthenticated remote attacker to write arbitrary data to any file on the system. By exploiting this vulnerability, attackers can overwrite critical system files, leading to a complete system compromise.
Affected products and versions include: from ADM 4.1.0 through ADM 4.3.3.ROF1 as well as from ADM 5.0.0 through ADM 5.1.1.RCI1.
Statistics
- 1 Post
Last activity: 19 hours ago
Bluesky
Overview
Description
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable.
Statistics
- 1 Post
Last activity: 16 hours ago
Overview
- Oracle Corporation
- MySQL Cluster
20 Jan 2026
Published
21 Jan 2026
Updated
CVSS v3.1
MEDIUM (4.9)
EPSS
0.04%
KEV
Description
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Statistics
- 1 Post
Last activity: 15 hours ago
Overview
- Kubernetes
- ingress-nginx
03 Feb 2026
Published
03 Feb 2026
Updated
CVSS v3.1
LOW (3.1)
EPSS
Pending
KEV
Description
A security issue was discovered in ingress-nginx where the protection afforded by the `auth-url` Ingress annotation may not be effective in the presence of a specific misconfiguration.
If the ingress-nginx controller is configured with a default custom-errors configuration that includes HTTP errors 401 or 403, and if the configured default custom-errors backend is defective and fails to respect the X-Code HTTP header, then an Ingress with the `auth-url` annotation may be accessed even when authentication fails.
Note that the built-in custom-errors backend works correctly. To trigger this issue requires an administrator to specifically configure ingress-nginx with a broken external component.
Statistics
- 1 Post
Last activity: 14 hours ago
Overview
- Kubernetes
- ingress-nginx
03 Feb 2026
Published
03 Feb 2026
Updated
CVSS v3.1
MEDIUM (6.5)
EPSS
Pending
KEV
Description
A security issue was discovered in ingress-nginx where the validating admission controller feature is subject to a denial of service condition. By sending large requests to the validating admission controller, an attacker can cause memory consumption, which may result in the ingress-nginx controller pod being killed or the node running out of memory.
Statistics
- 1 Post
Last activity: 16 hours ago