Lucene search
K

302 matches found

CVE
CVE
added 2026/06/13 4:34 p.m.30 views

CVE-2026-6428

CVE-2026-6428 describes an SQL injection in Koha’s reports/catalogue_out.pl up to versions 22.11.37, 23.x, 24.x before 24.11.16, 25.05.x before 25.05.11, 25.11.x before 25.11.05, 26.05.x before 26.05.01, and 26.11.x before 26.11.00. The vulnerability arises from a vulnerable sink that concatenate...

7.6CVSS6AI score0.00244EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/13 4:34 p.m.6 views

CVE-2026-6428

SQL Injection in reports/catalogueout.pl in Koha Community Koha through 22.11.37, 23.x, 24.x before 24.11.16, 25.05.x before 25.05.11, 25.11.x before 25.11.05, 26.05.x before 26.05.01, and 26.11.x before 26.11.00 allows an authenticated staff user with the Reports module flag to read arbitrary da...

7.6CVSS6AI score0.00244EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/13 4:34 p.m.33 views

CVE-2026-6428

SQL Injection in reports/catalogueout.pl in Koha Community Koha through 22.11.37, 23.x, 24.x before 24.11.16, 25.05.x before 25.05.11, 25.11.x before 25.11.05, 26.05.x before 26.05.01, and 26.11.x before 26.11.00 allows an authenticated staff user with the Reports module flag to read arbitrary da...

7.6CVSS0.00244EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/13 4:34 p.m.15 views

EUVD-2026-36652

SQL Injection in reports/catalogueout.pl in Koha Community Koha through 22.11.37, 23.x, 24.x before 24.11.16, 25.05.x before 25.05.11, 25.11.x before 25.11.05, 26.05.x before 26.05.01, and 26.11.x before 26.11.00 allows an authenticated staff user with the Reports module flag to read arbitrary da...

9.8CVSS8.9AI score0.06022EPSS
Exploits8References3
Positive Technologies
Positive Technologies
added 2026/06/13 12:0 a.m.15 views

PT-2026-49097

SQL Injection in reports/catalogue out.pl in Koha Community Koha through 22.11.37, 23.x, 24.x before 24.11.16, 25.05.x before 25.05.11, 25.11.x before 25.11.05, 26.05.x before 26.05.01, and 26.11.x before 26.11.00 allows an authenticated staff user with the Reports module flag to read arbitrary...

7.6CVSS9AI score0.00244EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/04 4:1 p.m.14 views

CVE-2026-26378

Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via file upload function in Invoice features...

5.4CVSS6.2AI score0.003EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/04 4:1 p.m.14 views

CVE-2026-26379

Koha versions up to 25.11 contain a Server-Side Request Forgery SSRF vulnerability via the Z39.50/SRU server configuration. This allows authenticated attackers to perform internal network scanning and identify running services by analyzing server response times...

6.5CVSS5.8AI score0.00243EPSS
Exploits1References1
NVD
NVD
added 2026/06/03 7:16 p.m.10 views

CVE-2026-26378

Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via file upload function in Invoice features...

5.4CVSS0.003EPSS
Exploits1References3
NVD
NVD
added 2026/06/03 7:16 p.m.12 views

CVE-2026-26379

Koha versions up to 25.11 contain a Server-Side Request Forgery SSRF vulnerability via the Z39.50/SRU server configuration. This allows authenticated attackers to perform internal network scanning and identify running services by analyzing server response times...

6.5CVSS0.00243EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/06/03 12:0 a.m.8 views

CVE-2026-26378

Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via file upload function in Invoice features...

6.2AI score0.003EPSS
Exploits1References3
EUVD
EUVD
added 2026/06/03 12:0 a.m.13 views

EUVD-2026-34169

Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via file upload function in Invoice features...

6.2AI score0.003EPSS
Exploits1References3
CVE
CVE
added 2026/06/03 12:0 a.m.21 views

CVE-2026-26378

Affects Koha 25.11 and earlier. Cross-Site Scripting via the file upload function in Invoice features allows a remote attacker to execute arbitrary code. Root cause details are not provided beyond this description. No remediation or patch version is stated in the available documents.

5.4CVSS6.2AI score0.003EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/03 12:0 a.m.6 views

CVE-2026-26378

Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via file upload function in Invoice features...

6.2AI score0.003EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.18 views

PT-2026-46041

Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via file upload function in Invoice features...

6.2AI score0.003EPSS
Exploits1References4
EUVD
EUVD
added 2026/06/03 12:0 a.m.15 views

EUVD-2026-34170

An issue in Koha v.25.11 and before allows a remote attacker to execute arbitrary code via the Z39.50 configuration module...

6.2AI score0.00243EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/06/03 12:0 a.m.9 views

CVE-2026-26379

Koha versions up to 25.11 contain a Server-Side Request Forgery SSRF vulnerability via the Z39.50/SRU server configuration. This allows authenticated attackers to perform internal network scanning and identify running services by analyzing server response times...

6.5CVSS5.8AI score0.00243EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.17 views

PT-2026-46042

Name of the Vulnerable Software and Affected Versions Koha versions prior to 25.11 Description A Server-Side Request Forgery SSRF issue exists via the Z39.50/SRU server configuration, which allows authenticated attackers to perform internal network scanning and identify running services by...

6.5CVSS5.9AI score0.00243EPSS
Exploits1References5
CVE
CVE
added 2026/06/03 12:0 a.m.19 views

CVE-2026-26379

CVE-2026-26379 affects Koha v0: Koha v.25.11 and earlier, where the Z39.50 configuration module is the entry point. The issue enables a remote attacker to execute arbitrary code. The available sources do not specify the underlying root cause details or exact vulnerable file/function, nor do they ...

6.5CVSS5.8AI score0.00243EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/03 12:0 a.m.9 views

CVE-2026-26379

Koha versions up to 25.11 contain a Server-Side Request Forgery SSRF vulnerability via the Z39.50/SRU server configuration. This allows authenticated attackers to perform internal network scanning and identify running services by analyzing server response times...

5.8AI score0.00243EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/06/03 12:0 a.m.11 views

Koha 安全漏洞

Koha is a library automation management system developed by the Koha organization. Versions of Koha prior to 25.11 contained security vulnerabilities, which originated from the Z39.50 configuration module. These vulnerabilities could allow remote attackers to execute arbitrary code...

6.5CVSS6AI score0.00243EPSS
Exploits1References4
Rows per page
Query Builder