MISP 安全漏洞

MISP is a set of open-source software solutions developed by MISP. This product is used for collecting, storing, distributing, and sharing network security metrics. It also includes functions for analyzing threats to network security and malware analysis. Prior to MISP 2.5.38, there were security...

CVE-2026-41143 YesWiki vulnerable to authenticated SQL Injection via id_fiche in EntryManager::formatDataBeforeSave()

YesWiki is a wiki system written in PHP. Prior to version 4.6.1, YesWiki bazar module contains a SQL injection vulnerability in tools/bazar/services/EntryManager.php at line 704. The $data'idfiche' value sourced from $POST'idfiche' is concatenated directly into a raw SQL query without any...

CVE-2018-25297

Wansview 1.0.2 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying oversized input strings. Attackers can inject 2000-byte payloads into the Camera name and DID number fields during camera addition to trigger application crashes...

PT-2026-26626

Textpattern CMS version 4.9.0 contains a second-order cross-site scripting vulnerability that allows attackers to inject malicious scripts by exploiting improper sanitization of user-supplied input in Atom feed XML elements. Attackers can embed unescaped payloads in parameters such as category th...

CRLF Injection

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to CRLF Injection via the writeSSE function when untrusted input containing carriage return or newline characters is passed to the event, id, or retry fields. An attacker can inject addition...

PT-2026-21314

Foscam Video Management System 1.1.6.6 contains a buffer overflow vulnerability in the UID field that allows local attackers to crash the application by supplying an excessively long string. Attackers can input a 5000-character buffer into the UID parameter during device addition to trigger an...

PT-2025-1415 · Open5Gs · Open5Gs

Name of the Vulnerable Software and Affected Versions: Open5GS MME versions prior to 2.6.4 Description: The issue is related to a reachable assertion in the Uplink NAS Transport packet handler. A packet missing its MME UE S1AP ID field causes Open5GS to crash. An attacker may repeatedly send such...

Magma 代码问题漏洞

Magma is an open source software platform from Magma Open Source. Provides network operators with an open, flexible and scalable mobile core network solution. Magma has a null pointer dereference vulnerability that can be exploited by an attacker to crash MME via S1AP E-RAB Release Response, a...

CVE-2024-54921

A SQL Injection was found in /studentsignup.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the username, firstname, lastname, and classid parameters...

CVE-2024-51377

An issue in Ladybird Web Solution Faveo Helpdesk & Servicedesk On-Premise and Cloud 9.2.0 allows a remote attacker to execute arbitrary code via the Subject and Identifier fields...

PT-2024-34613 · Ladybird Web Solution · Ladybird Web Solution Faveo Helpdesk & Servicedesk

Name of the Vulnerable Software and Affected Versions: Ladybird Web Solution Faveo Helpdesk & Servicedesk On-Premise and Cloud version 9.2.0 Description: An issue in the software allows a remote attacker to execute arbitrary code via the Subject and Identifier fields. This enables the attacker to...

Faveo Helpdesk 安全漏洞

Faveo Helpdesk is an open source ticketing system built on the Laravel framework by Ladybird Web Solution. Provides organizations with an automated helpdesk system to manage customer support. A security vulnerability exists in Faveo Helpdesk version 9.2.0 that originates from a remote attacker wh...

PayPal,Credit Card and Debit Card Payment SQL注入漏洞

PayPal,Credit Card and Debit Card Payment is a PayPal, Credit Card and Debit Card Payment software by janobe individual developer. A SQL injection vulnerability exists in PayPal,Credit Card and Debit Card Payment version 1.0. An attacker can use this vulnerability to send a specially crafted quer...

PT-2023-30732 · Unknown · Availability Booking Calendar

Name of the Vulnerable Software and Affected Versions: Availability Booking Calendar version 5.0 Description: The issue allows CSV injection via the unique ID field in the Reservations list component. Recommendations: For Availability Booking Calendar version 5.0, consider restricting access to t...

ChurchCRM SQL注入漏洞

ChurchCRM is an open source CRM system for churches. A security vulnerability exists in ChurchCRM versions 2.0.0 through 4.4.5. An attacker exploits the vulnerability to issue arbitrary SQL commands to the database by using unprocessed ENtyid, ID, and EID fields...

Openkm OpenKM 跨站脚本漏洞

Openkm OpenKM is a document management system from the Spanish company OpenKM Openkm. The system provides features such as version control, document history, and file sharing. A cross-site scripting vulnerability exists in OpenKM Community Edition, which stems from the product's uuid field failin...

UBUNTU-CVE-2019-7732

In Live555 0.95, a setup packet can cause a memory leak leading to DoS because, when there are multiple instances of a single field username, realm, nonce, uri, or response, only the last instance can ever be freed...

OhMiBod Remote app for Android and iOS User Impersonation Vulnerability

OhMiBod Remote app for Android and iOS is a wireless remote control app for Android and iOS based platforms. A security vulnerability exists in the OhMiBod Remote app for Android and iOS based platforms. A remote attacker can exploit the vulnerability by sniffing network traffic and editing the...