[SECURITY] Fedora 43 Update: forgejo-13.0.2-1.fc43

Forgejo pronounced /for=CB=88d=CD=A1=CA=92e.jo/ is a lightweight software f orge. Use it to host git repositories, track their issues and allow people to contribute to them!...

Linux Distros Unpatched Vulnerability : CVE-2021-36625

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An SQL Injection vulnerability exists in Dolibarr ERP/CRM 13.0.2 fixed version is 14.0.0 via a POST request to the countryid parameter in an UPDATE statement...

CVE-2025-9573

The CVE-2025-9573 entry concerns TYPO3 ns_backup (ns-backup) extension versions up to 13.0.2, where a command injection flaw exists in the generateBackup function. The root cause is improper handling of input that leads to arbitrary command execution when an administrator uses the extension’s bac...

CVE-2025-9573 Command Injection in extension "TYPO3 Backup Plus" (ns_backup)

The nsbackup extension through 13.0.2 for TYPO3 allows command injection...

TYPO3 ns_backup 安全漏洞

TYPO3 nsbackup is a TYPO3 extension to the TYPO3 open source. A security vulnerability exists in TYPO3 nsbackup version 13.0.2 and earlier that stems from allowing command injection...

PT-2025-35546

Name of the Vulnerable Software and Affected Versions: TYPO3 ns backup extension versions through 13.0.2 Description: The ns backup extension for TYPO3 allows command injection. Recommendations: Update to a version beyond 13.0.2...

BIT-DOLIBARR-2021-33816

The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shellexec are blocked but backticks are not blocked...

CVE-2023-46816

An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. A Server Site Template Injection SSTI vulnerability has been identified in the GecControl action. By using a crafted request, custom PHP code can be injected via the GetControl action because of missing input validation. A...

CVE-2023-46815

An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using a crafted request, custom PHP code can be injected via the Notes module because of missing input validation. An attacker with...

SugarCRM 13.0.1 Server-Side Template Injection

---------------------------------------------------------------------------- SugarCRM = 13.0.1 GetControl Server-Side Template Injection Vulnerability ---------------------------------------------------------------------------- - Software Link: https://www.sugarcrm.com - Affected Versions: Versio...

UBUNTU-CVE-2021-37517

An Access Control vulnerability exists in Dolibarr ERP/CRM 13.0.2, fixed version is 14.0.0,in the forgot-password function becuase the application allows email addresses as usernames, which can cause a Denial of Service...

Improper access control

An Access Control vulnerability exists in Dolibarr ERP/CRM 13.0.2, fixed version is 14.0.0,in the forgot-password function becuase the application allows email addresses as usernames, which can cause a Denial of Service...

UBUNTU-CVE-2021-36625

An SQL Injection vulnerability exists in Dolibarr ERP/CRM 13.0.2 fixed version is 14.0.0 via a POST request to the countryid parameter in an UPDATE statement...

CVE-2021-37517

Dolibarr ERP/CRM 13.0.2 is affected by CVE-2021-37517, an Access Control vulnerability in the forgot-password flow where email addresses can be used as usernames, enabling Denial of Service. Root cause: insufficient validation in forgot-password authentication. Impact: Denial of Service. Remediat...

PT-2022-10655 · Unknown · Dolibarr Erp/Crm

Name of the Vulnerable Software and Affected Versions: Dolibarr ERP/CRM versions 13.0.2 through 13.0.2 Description: An Access Control issue exists in the forgot-password function because the application allows email addresses as usernames, which can cause a Denial of Service. The issue is related...

CVE-2021-33816

The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shellexec are blocked but backticks are not blocked...

PT-2021-20331 · Dolibarr · Dolibarr

Name of the Vulnerable Software and Affected Versions: Dolibarr version 13.0.2 Description: The website builder module in Dolibarr allows remote PHP code execution due to an incomplete protection mechanism. Specifically, while system, exec, and shell exec are blocked, backticks are not blocked,...

PT-2021-20233 · Unknown · Dolibarr Erp/Crm

Name of the Vulnerable Software and Affected Versions: Dolibarr ERP and CRM version 13.0.2 Description: The issue allows for stored cross-site scripting XSS in the object details of the user-management feature. This can be demonstrated by using and characters in the onpointermove attribute of a...

Dolibarr 代码注入漏洞

Dolibarr is a software application. A modern software package to help manage your organization's activities. A security vulnerability exists in Dolibarr 13.0.2 that allows an attacker to remotely execute PHP code...

GHSA-9Q5W-79CV-947M Unsafe defaults in `remark-html`

Impact The documentation of remark-html has mentioned that it was safe by default. In practise the default was never safe and had to be opted into. This means arbitrary HTML can be passed through leading to potential XSS attacks. Patches The problem has been patched in 13.0.2 and 14.0.1:...