CVE-2026-26460

A HTML Injection vulnerability exists in the Dashboard module of Vtiger CRM 8.4.0. The application fails to properly neutralize user-supplied input in the tabid parameter of the DashBoardTab view getTabContents action, allowing an attacker to inject arbitrary HTML content into the dashboard...

CVE-2025-70936

Vtiger CRM 8.4.0 contains a reflected cross-site scripting XSS vulnerability in the MailManager module. Improper handling of user-controlled input in the folder parameter allows a specially crafted, double URL-encoded payload to be reflected and executed in the context of an authenticated user s...

[SECURITY] Fedora 44 Update: dtkgui-5.7.30-4.fc44

Dtkgui is the GUI module for DDE look and feel...

EUVD-2026-21996

Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via module search. This issue affects Pandora FMS: from 777 through 800...

EUVD-2026-21990

Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via WebServerModuleDebug. This issue affects Pandora FMS: from 777 through 800...

CVE-2026-6199

A vulnerability was found in Tenda F456 1.0.0.5. Impacted is the function fromqossetting of the file /goform/qossetting. The manipulation of the argument page results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made public and could be used...

CVE-2026-6199 Tenda F456 qossetting fromqossetting stack-based overflow

A vulnerability was found in Tenda F456 1.0.0.5. Impacted is the function fromqossetting of the file /goform/qossetting. The manipulation of the argument page results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made public and could be used...

CVE-2025-3756

A vulnerability exists in the command handling of the IEC 61850 communication stack included in the product revisions listed as affected in this CVE. An attacker with access to IEC 61850 networks could exploit the vulnera bility by using a specially crafted 61850 packet, forcing the communication...

CVE-2026-40097

A flaw was found in Step CA, an online certificate authority. A remote attacker can trigger a Denial of Service DoS by sending a specially crafted attestation key AK certificate with an empty Extended Key Usage EKU extension during Trusted Platform Module TPM device attestation. This causes an...

CVE-2026-30813

Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via module search. This issue affects Pandora FMS: from 777 through 800...

CVE-2026-30809

Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via WebServerModuleDebug. This issue affects Pandora FMS: from 777 through 800...

CVE-2026-30813 SQL Injection in Module Search leads to Database Compromise

Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via module search. This issue affects Pandora FMS: from 777 through 800...

CVE-2026-30813

Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via module search. This issue affects Pandora FMS: from 777 through 800...

CVE-2026-30813

CVE-2026-30813 describes an SQL Injection vulnerability in Pandora FMS versions 777 through 800, caused by improper neutralization of special elements in SQL commands used during the module search. The affected component is the module search functionality; root cause is inadequate input handling ...

CVE-2026-30813 SQL Injection in Module Search leads to Database Compromise

Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via module search. This issue affects Pandora FMS: from 777 through 800...

CVE-2026-30809

The vulnerability CVE-2026-30809 affects Pandora FMS with WebServerModuleDebug in versions 777–800, caused by improper neutralization of special elements in OS commands (OS Command Injection). The CVE List also notes that this can lead to remote code execution. Attack vector is network with no us...

CVE-2026-30809 OS Command Injection in WebServerModuleDebug via Blacklist Bypass leads to Remote Code Execution

Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via WebServerModuleDebug. This issue affects Pandora FMS: from 777 through 800...

CVE-2026-36945

Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/clients/manageclient.php...

CVE-2026-40395

Varnish Enterprise before 6.0.16r12 allows a "workspace overflow" denial of service daemon panic for shared VCL. The headerplus.writereq0 function from vmodheaderplus updates the underlying req0, which is normally the original read-only request from which req is derived readable and writable from...

EUVD-2026-21879

Out-of-bounds write vulnerability in the WEB module.Impact: Successful exploitation of this vulnerability will affect availability and confidentiality...