CVE-2026-35202

Summary of vulnerability (CVE-2026-35202) : Pterodactyl Panel’s Client API suffers a race-condition in the database resource limiter. The code path in DatabaseController.php attempts to lock database allocations with lockForUpdate(), but the Laravel call is a no-op (no terminal operation is sent)...

EUVD-2026-34010

Pterodactyl is a free, open-source game server management panel. Prior to version 1.12.3, the Pterodactyl Client API has a logic flaw that lets users bypass their assigned limits for database allocations. This happens because the database locking mechanism used in the controllers is totally broke...

GHSA-FGMM-W5CX-VRFW Pterodactyl has a database resource limit bypass via race condition in Client API

Summary The Pterodactyl Client API has a logic flaw that lets users bypass their assigned limits for database allocations. This happens because the database locking mechanism used in the controllers is totally broken and doesn't actually lock anything. Details Inside DatabaseController.php, the...

Pterodactyl has a database resource limit bypass via race condition in Client API

Summary The Pterodactyl Client API has a logic flaw that lets users bypass their assigned limits for database allocations. This happens because the database locking mechanism used in the controllers is totally broken and doesn't actually lock anything. Details Inside DatabaseController.php, the...

CVE-2026-31863

Anytype Heart is the middleware library for Anytype. The challenge-based authentication for the local gRPC client API can be bypassed, allowing an attacker to gain access without the 4-digit code. This vulnerability is fixed in anytype-heart 0.48.4, anytype-cli 0.1.11, and Anytype Desktop 0.54.5...

Hubitat Elevation security vulnerability

Hubitat Elevation is a localized smart home control system developed by Hubitat Inc. Versions prior to Hubitat Elevation 2.4.2.157 contained security vulnerabilities. These vulnerabilities were caused by user-controllable keys that allowed unauthorized access, potentially allowing remote...

EUVD-2009-0632

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2021-2006

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Client product of Oracle MySQL component: C API. Supported versions that are affected are 8.0.19 and prior. Difficult to exploit...

PT-2024-3898 · Sap · Sap Crm Webclient Ui

Name of the Vulnerable Software and Affected Versions: SAP CRM WebClient UI versions S4FND 102 through S4FND 106 SAP CRM WebClient UI versions WEBCUIF 701 through WEBCUIF 801 Description: The SAP CRM WebClient UI does not sufficiently encode user-controlled inputs, resulting in a Cross-Site...

CVE-2023-30742

SAP CRM WebClient UI - versions S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 700, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting...

SAP CRM 安全漏洞

SAP CRM is a customer relationship management system from SAP, Germany. A security vulnerability exists in SAP CRM WebClient UI that originates from a vulnerability that allows an attacker to modify the HTTP verbs used in a request via a web server, which could lead to the exposure of form fields...

PT-2023-22191 · Sap · Sap Crm

Name of the Vulnerable Software and Affected Versions: SAP CRM WebClient UI versions S4FND 102, 103, 104, 105, 106, 107, WEBCUIF, 700, 701, 731, 730, 746, 747, 748, 800, 801 Description: The issue allows an authenticated attacker to modify HTTP verbs used in requests to the web server. This...

CVE-2023-23594

An authentication bypass vulnerability in the web client interface for the CL4NX printer before firmware version 1.13.3-u724r2 provides remote unauthenticated attackers with access to execute commands intended only for valid/authenticated users, such as file uploads and configuration changes...

CVE-2023-23594

The CVE-2023-23594 case concerns the CL4NX printer web client interface. Affected: CL4NX printer firmware prior to 1.13.3-u724_r2; vulnerability is an authentication bypass allowing remote, unauthenticated attackers to perform actions intended for authenticated users (e.g., file uploads, configur...

CVE-2023-23594

An authentication bypass vulnerability in the web client interface for the CL4NX printer before firmware version 1.13.3-u724r2 provides remote unauthenticated attackers with access to execute commands intended only for valid/authenticated users, such as file uploads and configuration changes...

SUSE CVE-2020-17470

An issue was discovered in FNET through 4.6.4. The code that initializes the DNS client interface structure does not set sufficiently random transaction IDs they are always set to 1 in fnetdnspoll in fnetdns.c. This significantly simplifies DNS cache poisoning attacks...

PT-2022-23378 · Mitel · Mitel Micollab

Name of the Vulnerable Software and Affected Versions: Mitel MiCollab versions through 9.5.0.101 Description: A vulnerability in the MiCollab Client API could allow an authenticated attacker to modify their profile parameters due to improper authorization controls. This could allow the attacker t...

PT-2022-5708 · Symantec · Symantec Endpoint Protection

Name of the Vulnerable Software and Affected Versions: Symantec Endpoint Protection Windows versions prior to 14.3 RU6/14.3 RU5 Patch 1 Description: The issue is related to a Security Control Bypass, which can potentially allow a threat actor to circumvent existing security controls. This...

Oracle MySQL Server 输入验证错误漏洞

Oracle MySQL Server is a relational database from Oracle Corporation USA. An input validation error vulnerability exists in MySQL Server. The vulnerability is caused due to incorrect input validation of the MySQL client C API component. A remotely authenticated user can exploit this vulnerability...

How to land on the Favourites view under Apps on StoreFront 1912?

To set the default landing page to 'Favourites' under the apps tab in 1912. By default, the landing page is 'Home'. The below script would help in achieving the same: Step 1: In the Storefront console, navigate to 'Manage Receiver for Web Sites' Step 2: Click configure and browse to 'Client...