1049 matches found
CVE-2026-13743
CubeSpace CW0057 Reaction Wheel firmware versions prior to 5.0.20 are vulnerable to an Improper Verification of Cryptographic Signature vulnerability. This could allow an attacker with physical access to the product to upload arbitrary malicious firmware to the device without authentication...
CVE-2026-13743
CVE-2026-13743 affects CubeSpace CW0057 Reaction Wheel firmware versions prior to 5.0.20. The issue is an improper verification of cryptographic signatures that allows an attacker with physical access to upload arbitrary malicious firmware without authentication. Per the sources, impact includes ...
SUSE-SU-2026:22506-1 Security update for lcms2
This update for lcms2 fixes the following issues - CVE-2026-41254: integer overflow in CubeSize in cmslut.c bsc1264994. - CVE-2026-42798: integer overflow in ParseCube in cmscgats.c bsc1263703...
MGASA-2026-0214 Updated lcms2 packages fix security vulnerability
Little CMS lcms2 through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the multiplication. CVE-2026-41254...
Brickcom多款产品 安全漏洞
Brickcom Cube, among others, are products of the Brickcom company. The Brickcom Cube is a series of indoor network surveillance cameras. The Brickcom Dome is a series of hemispherical network surveillance cameras. The Brickcom Bullet is a series of gun-type network surveillance cameras. Several o...
Brickcom多款产品 访问控制错误漏洞
Brickcom Cube, among others, are products of the Brickcom company. The Brickcom Cube is a series of indoor network surveillance cameras. The Brickcom Dome is a series of hemispherical network surveillance cameras. The Brickcom Bullet is a series of gun-type network surveillance cameras. Several o...
CVE-2026-39428
CubeCart is an ecommerce software solution. Prior to 6.6.0, a Stored Cross-Site Scripting XSS vulnerability exists in CubeCart v6.x. An attacker with administrative privileges can inject malicious JavaScript payloads into multiple fields during the creation or modification of a product. These...
CVE-2026-21719
An OS command injection vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an administrative privilege to execute an arbitrary OS command...
Medium: lcms2
Issue Overview: Little CMS lcms2 through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the multiplication. CVE-2026-41254 Little CMS lcms2 2.16 through 2.18 before 2.19 has an integer overflow in ParseCube in cmscgats.c. CVE-2026-42798 Affected...
CVE-2026-45054
CubeCart is an ecommerce software solution. Prior to 6.7.0, the admin orders-transactions listing page admin.php?g=orders&node=transactions builds a raw ORDER BY SQL fragment from the attacker-controlled $GET'sort' array without column or direction validation. Both the column key and the directio...
CVE-2026-45708 CubeCart: Authenticated RCE via Invoice Template → Order Print
CubeCart is an ecommerce software solution. Prior to 6.7.3, an admin with documents edit permission can save raw into the Invoice Editor. The next time any admin clicks Print on any order, the rendered template is written to files/print..php. files/.htaccess ships an explicit allow from all...
CVE-2026-45714 CubeCart: Server-Side Template Injection (SSTI) in Smarty Templates leading to RCE
CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Server-Side Template Injection SSTI vulnerability exists in multiple modules of CubeCart including Email Templates, Invoices, Documents, and Contact Forms. The application unsafely evaluates user-supplied input using the...
CVE-2026-45054 CubeCart: Authenticated SQL Injection via `sort[]` Parameter in Admin Orders Transactions Listing
CubeCart is an ecommerce software solution. Prior to 6.7.0, the admin orders-transactions listing page admin.php?g=orders&node=transactions builds a raw ORDER BY SQL fragment from the attacker-controlled $GET'sort' array without column or direction validation. Both the column key and the directio...
CVE-2026-45054 CubeCart: Authenticated SQL Injection via `sort[]` Parameter in Admin Orders Transactions Listing
CubeCart is an ecommerce software solution. Prior to 6.7.0, the admin orders-transactions listing page admin.php?g=orders&node=transactions builds a raw ORDER BY SQL fragment from the attacker-controlled $GET'sort' array without column or direction validation. Both the column key and the directio...
CVE-2026-44376
CubeCart (v6.x) prior to 6.7.0 contains an unauthenticated Reflected XSS in the search feature. Root cause is a logic flaw in classes/catalogue.class.php that reflects unsanitized user input when a search returns exactly one product, bypassing existing filters. Consequences include the execution ...
CVE-2026-39358 CubeCart: Time-based Blind SQL Injection
CubeCart is an ecommerce software solution. Prior to 6.6.0, Authenticated Time-Based Blind SQL Injection vulnerabilities were identified in the sorting parameters sortprice, sortactivity, sortadmin, and sortcustomer of the Products and Logs endpoints in CubeCart v6.x. This allows an attacker to...
CubeCart 跨站脚本漏洞
CubeCart is an open-source e-commerce software developed by CubeCart. Versions of CubeCart prior to 6.7.0 had a cross-site scripting vulnerability. This vulnerability stemmed from a logical flaw in the search function. When only one product was returned during a search, uncleaned user input was...
OESA-2026-2128 lcms2 security update
LittleCMS intends to be an OPEN SOURSE small-footprint color management engine,with special focus on accuracy and performence.It uses the International Color Consortium standard ICC, which is the modern standard when regarding to color management. The ICC specification is widely used and is...
SUSE CVE-2026-42798
Little CMS lcms2 2.16 through 2.18 before 2.19 has an integer overflow in ParseCube in cmscgats.c...
Integer Overflow or Wraparound
Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the ParseCube function in cmscgats.c. An attacker can cause a denial of service or potentially access sensitive information by providing specially crafted input that triggers an integer overflow...