Aggregator

CVE-2022-2625 | PostgreSQL Non-Temporary Object dynamically-managed code resources (EUVD-2022-34872 / Nessus ID 236748)

Vuldb Updates
4 days 19 hours ago
A vulnerability marked as critical has been reported in PostgreSQL. Affected by this issue is some unknown functionality of the component Non-Temporary Object Handler. The manipulation leads to dynamically-managed code resources. This vulnerability is referenced as CVE-2022-2625. Remote exploitation of the attack is possible. No exploit is available. It is suggested to upgrade the affected component.
vuldb.com

CVE-2022-2629 | Top Bar Plugin up to 3.0.3 on WordPress Setting cross site scripting (EUVD-2022-34876)

Vuldb Updates
4 days 19 hours ago
A vulnerability classified as problematic was found in Top Bar Plugin up to 3.0.3 on WordPress. The affected element is an unknown function of the component Setting Handler. Such manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2022-2629. The attack can be launched remotely. No exploit exists. Upgrading the affected component is advised.
vuldb.com

Quasar Linux RAT Targets Developers With Fileless Execution and eBPF Rootkit

Cyber Security News
4 days 19 hours ago

A newly discovered Linux malware known as Quasar Linux, or QLNX, is actively targeting software developers and DevOps engineers with a level of sophistication rarely seen in Linux-focused threats. Unlike most malware that relies on files stored on disk, QLNX runs almost entirely in memory, making it very difficult for traditional security tools to detect. […]

The post Quasar Linux RAT Targets Developers With Fileless Execution and eBPF Rootkit appeared first on Cyber Security News.

Tushar Subhra Dutta

CVE-2026-9414 | SourceCodester Indian Invoicing System up to 0.x/1.0 Invoice Template Render Database-Backed /Invoicing/add_order.php customer_name cross site scripting (EUVD-2026-31616 / CNNVD-202605-5100)

Vuldb Updates
4 days 19 hours ago
A vulnerability categorized as problematic has been discovered in SourceCodester Indian Invoicing System up to 0.x/1.0. The impacted element is an unknown function of the file /Invoicing/add_order.php of the component Invoice Template Render Database-Backed. The manipulation of the argument customer_name results in cross site scripting. This vulnerability is cataloged as CVE-2026-9414. The attack may be launched remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2026-9410 | Sushmi-pal Invoice-System up to a0a3faa16dee2621b231ae227333f5761607283b Profile Workflow /profile ID improper authorization (EUVD-2026-31612 / CNNVD-202605-5104)

Vuldb Updates
4 days 19 hours ago
A vulnerability was found in Sushmi-pal Invoice-System up to a0a3faa16dee2621b231ae227333f5761607283b and classified as critical. This vulnerability affects unknown code of the file /profile of the component Profile Workflow. Such manipulation of the argument ID leads to improper authorization. This vulnerability is referenced as CVE-2026-9410. It is possible to launch the attack remotely. Furthermore, an exploit is available. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2026-9411 | SourceCodester Indian Invoicing System 1.0 Invoice Generation IGST_Invoice.php customer_name/category sql injection (EUVD-2026-31614 / CNNVD-202605-5102)

Vuldb Updates
4 days 19 hours ago
A vulnerability was found in SourceCodester Indian Invoicing System 1.0. It has been classified as critical. This issue affects some unknown processing of the file /Invoicing/IGST_Invoice.php of the component Invoice Generation Handler. Performing a manipulation of the argument customer_name/category results in sql injection. This vulnerability is identified as CVE-2026-9411. The attack can be initiated remotely. Additionally, an exploit exists.
vuldb.com

CVE-2026-9412 | SourceCodester Indian Invoicing System 1.0 Backend Endpoint access control (EUVD-2026-31613 / CNNVD-202605-5101)

Vuldb Updates
4 days 19 hours ago
A vulnerability was found in SourceCodester Indian Invoicing System 1.0. It has been declared as critical. Impacted is an unknown function of the component Backend Endpoint. Executing a manipulation can lead to improper access controls. This vulnerability is tracked as CVE-2026-9412. The attack can be launched remotely. Moreover, an exploit is present. Multiple endpoints are affected.
vuldb.com

CVE-2026-9413 | SourceCodester Indian Invoicing System 1.0 /Invoicing/category.php msg cross site scripting (EUVD-2026-31615 / CNNVD-202605-5103)

Vuldb Updates
4 days 19 hours ago
A vulnerability was found in SourceCodester Indian Invoicing System 1.0. It has been rated as problematic. The affected element is an unknown function of the file /Invoicing/category.php. The manipulation of the argument msg leads to cross site scripting. This vulnerability is listed as CVE-2026-9413. The attack may be initiated remotely. In addition, an exploit is available.
vuldb.com

CVE-2026-9609 | QianFox FoxCMS up to 1.2.6 Admin.php edit password recovery

VulDB Recent Entries
4 days 19 hours ago
A vulnerability, which was classified as critical, has been found in QianFox FoxCMS up to 1.2.6. This affects the function Edit of the file Admin.php. The manipulation leads to weak password recovery. This vulnerability is documented as CVE-2026-9609. The attack can be initiated remotely. Additionally, an exploit exists. The project was informed of the problem early through an issue report but has not responded yet.
vuldb.com

CVE-2026-9608 | QianFox FoxCMS up to 1.2.6 Administrator Backend /Tag/edit cross site scripting

VulDB Recent Entries
4 days 19 hours ago
A vulnerability classified as problematic was found in QianFox FoxCMS up to 1.2.6. The impacted element is an unknown function of the file /Tag/edit of the component Administrator Backend. Executing a manipulation can lead to cross site scripting. This vulnerability is registered as CVE-2026-9608. It is possible to launch the attack remotely. Furthermore, an exploit is available. The project was informed of the problem early through an issue report but has not responded yet.
vuldb.com

Managed ad