CVE-2026-4240

A vulnerability was determined in Open5GS up to 2.7.6. The affected element is the function smfgxccacb/smfgyccacb/smfs6baaacb/smfs6bstacb of the component CCA Handler. This manipulation causes denial of service. The attack can be initiated remotely. The exploit has been publicly disclosed and may...

CVE-2026-4234

A security flaw has been discovered in SSCMS 7.4.0. This vulnerability affects unknown code of the file SitesAddController.Submit.cs of the component DDL Handler. The manipulation of the argument tableHandWrite results in sql injection. The attack can be executed remotely. The exploit has been...

CVE-2026-4191

A flaw has been found in JawherKl node-api-postgres up to 2.5. Affected is the function path.extname of the file index.js of the component Profile Picture Handler. This manipulation causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been published and m...

CVE-2026-4189

A weakness has been identified in phpipam up to 1.7.4. The impacted element is an unknown function of the file app/admin/sections/edit-result.php of the component Section Handler. Executing a manipulation of the argument subnetOrdering can lead to sql injection. The attack may be launched remotel...

CVE-2026-4175

A vulnerability was determined in Aureus ERP up to 1.3.0-BETA2. The affected element is an unknown function of the file plugins/webkul/chatter/resources/views/filament/infolists/components/messages/content-text-entry.blade.php of the component Chatter Message Handler. Executing a manipulation of...

CVE-2026-4173

A flaw has been found in CodePhiliaX Chat2DB up to 0.3.7. This vulnerability affects the function exportTable/exportTableColumnComment/exportView/exportProcedure/exportTriggers/exportTrigger/updateProcedure of the file DMDBManage.java of the component Database Export Handler. This manipulation...

CVE-2026-4168

A vulnerability was identified in Tecnick TCExam 16.5.0. This impacts an unknown function of the file /admin/code/tceeditgroup.php of the component Group Handler. Such manipulation of the argument Name leads to cross site scripting. The attack may be launched remotely. The exploit is publicly...

CVE-2026-4164

A flaw has been found in Wavlink WL-WN578W2 221110. Impacted is the function DeleteMaclist/SetName/GuestWifi of the file /cgi-bin/wireless.cgi of the component POST Request Handler. Executing a manipulation can lead to command injection. It is possible to launch the attack remotely. The exploit h...

CLSA-2026-1773668222 Fix CVE(s): CVE-2026-24481

SECURITY UPDATE: heap information disclosure in PSD handler - debian/patches/CVE-2026-24481.patch: zero-initialize pixel buffer in ReadPSDChannelZip to prevent heap info leak when ZIP-compressed layer data decompresses to fewer bytes than expected - CVE-2026-24481...

CVE-2026-4240 Open5GS CCA smf_s6b_sta_cb denial of service

A vulnerability was determined in Open5GS up to 2.7.6. The affected element is the function smfgxccacb/smfgyccacb/smfs6baaacb/smfs6bstacb of the component CCA Handler. This manipulation causes denial of service. The attack can be initiated remotely. The exploit has been publicly disclosed and may...

CVE-2026-4240

Open5GS CVE-2026-4240 affects the CCA Handler in versions up to 2.7.6. The vulnerable functions are smf_gx_cca_cb, smf_gy_cca_cb, smf_s6b_aaa_cb, and smf_s6b_sta_cb. Root cause: improper handling in the CCA Handler leads to denial of service. Impact is remote, with no authentication required for ...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the tableHandWrite argument in the DDL Handler process. An attacker can access or modify sensitive data and potentially disrupt application functionality by injecting crafted SQL statements remotely. Remediation There ...

CVE-2026-4234

A security flaw has been discovered in SSCMS 7.4.0. This vulnerability affects unknown code of the file SitesAddController.Submit.cs of the component DDL Handler. The manipulation of the argument tableHandWrite results in sql injection. The attack can be executed remotely. The exploit has been...

CVE-2026-4234

CVE-2026-4234 affects SSCMS 7.4.0, specifically the DDL Handler component and the file SitesAddController.Submit.cs . The vulnerability arises from the manipulation of the argument tableHandWrite , enabling a SQL injection . The attack can be executed remotely and the exploit has been publicly re...

CVE-2026-4215

A security flaw has been discovered in FlowCI flow-core-x up to 1.23.01. The impacted element is the function Save of the file core/src/main/java/com/flowci/core/config/service/ConfigServiceImpl.java of the component SMTP Host Handler. The manipulation results in server-side request forgery. The...

CVE-2026-4215 FlowCI flow-core-x SMTP Host ConfigServiceImpl.java save server-side request forgery

A security flaw has been discovered in FlowCI flow-core-x up to 1.23.01. The impacted element is the function Save of the file core/src/main/java/com/flowci/core/config/service/ConfigServiceImpl.java of the component SMTP Host Handler. The manipulation results in server-side request forgery. The...

SUSE CVE-2013-1085

Stack-based buffer overflow in the nim: protocol handler in Novell GroupWise Messenger 2.04 and earlier, and Novell Messenger 2.1.x and 2.2.x before 2.2.2, allows remote attackers to execute arbitrary code via an import command containing a long string in the filename parameter...

PT-2026-25854

Summary A critical unrestricted file upload vulnerability exists in the Documents & Files module of Admidio. Due to a design flaw in how CSRF token validation and file extension verification interact within UploadHandlerFile.php, an authenticated user with upload permissions can bypass file...

flow-core-x 代码问题漏洞

flow-core-x is a simple and powerful continuous integration and deployment server open source from flow.ci. Versions of flow-core-x 1.23.01 and earlier have code vulnerabilities. These vulnerabilities stem from a flaw in the Save function in the ConfigServiceImpl.java file within the SMTP Host...

Tenda AC8 安全漏洞

The Tenda AC8 is a wireless router produced by the Chinese company Tenda. The version 16.03.50.11 of the Tenda AC8 contains a security vulnerability. This vulnerability stems from the function checkisipv6 in the IPv6 Handler component, which relies on IP addresses for authentication purposes. As ...