Advisory ROSA-SA-2026-3278

software: curl 8.7.1 OS: ROSA-CHROME unaffected versions = curl-8.7.1-7 affected versions curl-8.7.1-7 CVE-ID: CVE-2026-3784 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in curl involves incorrectly reusing an existing HTTP proxy connection CONNECT when making requests with different...

EUVD-2024-15869

Malicious code in bioql PyPI...

WordPress Newsletter plugin < 8.7.1 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Newsletter versions 8.7.1...

Kibana 8.x < 8.7.1 Multiples Vulnerabilities

According to its self-reported version number, the Kibana application running on the remote host is 8.x prior to 8.7.1. It is, therefore, affected by multiple vulnerabilities. - An attacker with write access to Kibana yaml or env configuration could add a specific payload that will attempt to...

BIT-SUITECRM-2024-49773 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in SuiteCRM

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Poor input validation in export allows authenticated user do a SQL injection attack. User-controlled input is used to build SQL query. currentpost parameter in export entry point can be abused ...

BIT-SUITECRM-2024-49774 ModuleScanner flaws in SuiteCRM

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. SuiteCRM relies on the blacklist of functions/methods to prevent installation of malicious MLPs. But this checks can be bypassed with some syntax constructions. SuiteCRM uses tokengetall to par...

BIT-SUITECRM-2024-50333 RCE in ModuleBuilder in SuiteCRM

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. User input is not validated and is written to the filesystem. The ParserLabel::addLabels function can be used to write attacker-controlled data into the custom language file that will be includ...

CVE-2024-49774

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. SuiteCRM relies on the blacklist of functions/methods to prevent installation of malicious MLPs. But this checks can be bypassed with some syntax constructions. SuiteCRM uses tokengetall to par...

CVE-2024-49773

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Poor input validation in export allows authenticated user do a SQL injection attack. User-controlled input is used to build SQL query. currentpost parameter in export entry point can be abused ...

CVE-2024-49772

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. In SuiteCRM versions 7.14.4, poor input validation allows authenticated user do a SQL injection attack. Authenticated user with low pivilege can leak all data in database. This issue has been...

CVE-2024-49773

SuiteCRM vulnerability CVE-2024-49773 involves poor input validation in the export functionality, where the authenticated user can abuse the current_post parameter to perform blind SQL injection via generateSearchWhere(), leading to potential information disclosure of personally identifiable info...

CVE-2024-49773 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in SuiteCRM

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Poor input validation in export allows authenticated user do a SQL injection attack. User-controlled input is used to build SQL query. currentpost parameter in export entry point can be abused ...

CVE-2024-49772 Authenticated SQL injection in AM_ProjectTemplates controller in SuiteCRM

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. In SuiteCRM versions 7.14.4, poor input validation allows authenticated user do a SQL injection attack. Authenticated user with low pivilege can leak all data in database. This issue has been...

PT-2024-34146

Name of the Vulnerable Software and Affected Versions: SuiteCRM versions prior to 7.14.6 SuiteCRM versions prior to 8.7.1 Description: The issue arises from the lack of validation of user input, which is then written to the filesystem. The ParserLabel::addLabels function can be exploited to write...

PT-2024-34145

Name of the Vulnerable Software and Affected Versions: SuiteCRM versions prior to 7.14.6 SuiteCRM versions prior to 8.7.1 Description: The issue is caused by insufficient input value validation, leading to Blind SQL injection in the DeleteRelationShip function. This allows for potential...

OPENSUSE-SU-2024:13805-1 curl-8.7.1-1.1 on GA media

These are all security issues fixed in the curl-8.7.1-1.1 package on the GA media of openSUSE Tumbleweed...

PT-2024-15332 · Hypr · Hypr Workforce Access

Name of the Vulnerable Software and Affected Versions: HYPR Workforce Access versions prior to 8.7.1 Description: The issue is related to an Improper Link Resolution Before File Access, also known as 'Link Following', which allows file manipulation in HYPR Workforce Access on MacOS...

HYPR Security Vulnerabilities

HYPR is a security application from HYPR that implements password-less security. A security vulnerability exists in HYPR Workforce Access versions prior to 8.7.1 that stems from incorrectly resolved file access links...

Upgrade Tomcat to fix CVE-2023-46589

h3. Issue Summary This is reproducible on Data Center: / Apache Tomcat should be upgraded to 8.5.96 and later or 9.0.83 or a later version to fix CVE-2023-46589|https://nvd.nist.gov/vuln/detail/CVE-2023-46589. h3. Environment From Confluence 6.10.0, which comes with Apache 9.0.8, up to Confluence...

Kibana 8.7.1 Security Updates (ESA-2023-07, ESA-2023-08)

Kibana arbitrary code execution ESA-2023-07 Kibana contains an arbitrary code execution flaw. An attacker with write access to Kibana yaml or env configuration could add a specific payload that will attempt to execute JavaScript code. This could lead to the attacker executing arbitrary commands o...