CVE-2026-27134

Summary of CVE-2026-27134 (Strimzi) : A flaw in Strimzi 0.49.0–0.50.0 causes misconfiguration of trusted certificates for mTLS when using a custom Cluster/Clients CA with a multistage CA chain. Consequently, all CAs in the chain are trusted and users with certificates signed by any CA in the chai...

EUVD-2011-5250

Malware in sbrugna...

GHSA-X485-RHG3-CQR4 Spree Commerce is vulnerable to RCE through Search API

Spreecommerce versions prior to 0.50.x contain a remote command execution vulnerability in the API's search functionality. Improper input sanitation allows attackers to inject arbitrary shell commands via the searchinstanceeval parameter, which is dynamically invoked using Ruby’s send method. Thi...

Spree Commerce is vulnerable to RCE through Search API

Spreecommerce versions prior to 0.50.x contain a remote command execution vulnerability in the API's search functionality. Improper input sanitation allows attackers to inject arbitrary shell commands via the searchinstanceeval parameter, which is dynamically invoked using Ruby’s send method. Thi...

PT-2025-34107 · Undefined · Undefined

Spreecommerce versions prior to 0.50.x contain a remote command execution vulnerability in the API's search functionality. Improper input sanitation allows attackers to inject arbitrary shell commands via the searchinstance eval parameter, which is dynamically invoked using Ruby’s send method. Th...

CVE-2023-28838 GLPI vulnerable to SQL injection through dynamic reports

GLPI is a free asset and IT management software package. Starting in version 0.50 and prior to versions 9.5.13 and 10.0.7, a SQL Injection vulnerability allow users with access rights to statistics or reports to extract all data from database and, in some cases, write a webshell on the server...

com.github.delegacy.youngbot:young-bot-core (>=0.0.1 <=0.0.3), com.github.delegacy.youngbot:young-bot-dispatcher (>=0.0.1 <=0.0.3) +65 more potentially affected by CVE-2019-16771 via com.linecorp.armeria:armeria (>=0.50.0 <=0.96.0)

com.linecorp.armeria:armeria MAVEN version =0.50.0, =0.0.1, =0.0.1, =0.0.2, =0.0.1, =0.0.1, =0.0.2, =0.0.1, =0.0.1, =0.88.0, =0.50.0, =0.84.0, =0.50.0, =0.50.0, =0.50.0, =0.50.0, =0.96.0 and more Source cves: CVE-2019-16771 Source advisory: OSV:GHSA-24R8-FM9R-CPJ2...

BKWorks ProPHP 0.50b1 - Authentication Bypass

BKWorks ProPHP 0.50 Beta 1 Auth Bypass SQL Injection + Discovered By SirGod + www.mortal-team.org + www.h4cky0u.org + Dork : Powered by BKWorks ProPHP Version 0.50 Beta 1 + SQL Injection Login Bypass - Login as : Username : admin ' or ' 1=1 Password : anything or nothing And you will be logged...

Debian Security Advisory DSA 1498-1 (libimager-perl)

The remote host is missing an update to libimager-perl announced via advisory DSA 1498-1. OpenVAS Vulnerability Test $Id: deb14981.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1498-1 libimager-perl Authors: Thomas Reinke Copyright: Copyright c 2008 E-Sof...

CVE-2006-0202

CVE-2006-0202 affects PayPal Web Services (aka PHP Toolkit) 0.50 and possibly earlier. The issue is due to insecure filesystem permissions: ipn/logs/ipn_success.txt is world-readable, allowing local users to view payment data, and ipn/logs is world-writable, enabling local users to delete or repl...

CVE-2003-0648

Multiple buffer overflows in vfte, based on FTE, before 0.50, allow local users to execute arbitrary code...