9907 matches found
GHSA-2497-GP99-2M74 Pterodactyl endlessly reprocesses/reuploads activity log data due to SQLite max parameters limit not being considered
Summary Wings does not consider SQLite max parameter limit when processing activity log entries allowing for low privileged user to trigger a condition that floods the panel with activity records Details After wings sends activity logs to the panel it deletes the processed activity entries from t...
CVE-2026-1135
A security flaw has been discovered in itsourcecode Society Management System 1.0. This impacts an unknown function of the file /admin/activity.php. The manipulation of the argument Title results in cross site scripting. The attack may be launched remotely. The exploit has been released to the...
CVE-2026-21696
Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Starting in version 1.7.0 and prior to version 1.12.0, Wings does not consider SQLite max parameter limit when processing activity log entries allowing for low privileged user to trigger a conditi...
Infinite loop
Overview Affected versions of this package are vulnerable to Infinite loop due to improper handling of the SQLite maximum parameter limit in the activitycron component. An attacker can cause the system to repeatedly re-upload and reprocess the same activity log data by triggering a condition wher...
CVE-2026-21696 Endless reprocessing/reupload of activity log data due to SQLite max parameters limit not being considered
Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Starting in version 1.7.0 and prior to version 1.12.0, Wings does not consider SQLite max parameter limit when processing activity log entries allowing for low privileged user to trigger a conditi...
CVE-2026-21696 Endless reprocessing/reupload of activity log data due to SQLite max parameters limit not being considered
Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Starting in version 1.7.0 and prior to version 1.12.0, Wings does not consider SQLite max parameter limit when processing activity log entries allowing for low privileged user to trigger a conditi...
CVE-2026-21696
Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Starting in version 1.7.0 and prior to version 1.12.0, Wings does not consider SQLite max parameter limit when processing activity log entries allowing for low privileged user to trigger a conditi...
CVE-2026-21696
Wings (Pterodactyl) security issue CVE-2026-21696 affects version 1.7.0 through before 1.12.0. The bug arises from not honoring SQLite’s max parameter limit (32766) when deleting activity log entries, causing a query to fail with “too many SQL variables.” As a result, processed activity entries a...
CVE-2026-1119
A flaw has been found in itsourcecode Society Management System 1.0. The affected element is an unknown function of the file /admin/deleteactivity.php. Executing a manipulation of the argument activityid can lead to sql injection. It is possible to launch the attack remotely. The exploit has been...
CVE-2026-1135
A security flaw has been discovered in itsourcecode Society Management System 1.0. This impacts an unknown function of the file /admin/activity.php. The manipulation of the argument Title results in cross site scripting. The attack may be launched remotely. The exploit has been released to the...
CVE-2026-1135
A security flaw has been discovered in itsourcecode Society Management System 1.0. This impacts an unknown function of the file /admin/activity.php. The manipulation of the argument Title results in cross site scripting. The attack may be launched remotely. The exploit has been released to the...
CVE-2026-1135 itsourcecode Society Management System activity.php cross site scripting
A security flaw has been discovered in itsourcecode Society Management System 1.0. This impacts an unknown function of the file /admin/activity.php. The manipulation of the argument Title results in cross site scripting. The attack may be launched remotely. The exploit has been released to the...
CVE-2026-1135 itsourcecode Society Management System activity.php cross site scripting
A security flaw has been discovered in itsourcecode Society Management System 1.0. This impacts an unknown function of the file /admin/activity.php. The manipulation of the argument Title results in cross site scripting. The attack may be launched remotely. The exploit has been released to the...
CVE-2026-1135
A security flaw has been discovered in itsourcecode Society Management System 1.0. This impacts an unknown function of the file /admin/activity.php. The manipulation of the argument Title results in cross site scripting. The attack may be launched remotely. The exploit has been released to the...
Intern Membership Management System /add_activity.php File SQL Injection Vulnerability
Intern Membership Management System is an intern membership management system. The Intern Membership Management System suffers from a SQL injection vulnerability that originates from the lack of validation of the Title parameter in the file /intern/admin/addactivity.php for externally entered SQL...
PT-2026-3422
A security flaw has been discovered in itsourcecode Society Management System 1.0. This impacts an unknown function of the file /admin/activity.php. The manipulation of the argument Title results in cross site scripting. The attack may be launched remotely. The exploit has been released to the...
PT-2026-3490
Name of the Vulnerable Software and Affected Versions Wings versions 1.7.0 through 1.11.9 Description Wings, the server control plane for Pterodactyl, is affected by an issue where it does not account for SQLite’s maximum parameter limit when handling activity log entries. This allows a...
CVE-2026-1119
A flaw has been found in itsourcecode Society Management System 1.0. The affected element is an unknown function of the file /admin/deleteactivity.php. Executing a manipulation of the argument activityid can lead to sql injection. It is possible to launch the attack remotely. The exploit has been...
CVE-2026-1119
A flaw has been found in itsourcecode Society Management System 1.0. The affected element is an unknown function of the file /admin/deleteactivity.php. Executing a manipulation of the argument activityid can lead to sql injection. It is possible to launch the attack remotely. The exploit has been...
CVE-2026-1119 itsourcecode Society Management System delete_activity.php sql injection
A flaw has been found in itsourcecode Society Management System 1.0. The affected element is an unknown function of the file /admin/deleteactivity.php. Executing a manipulation of the argument activityid can lead to sql injection. It is possible to launch the attack remotely. The exploit has been...