PT-2026-30472

SuiteCRM 7.10.7 contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the parentTab parameter. Attackers can send GET requests to the email module with malicious parentTab values using boolean-based SQL injection...

CVE-2026-5473

A vulnerability has been found in NASA cFS up to 7.0.0. The impacted element is the function pickle.load of the component Pickle Module. Such manipulation leads to deserialization. The attack needs to be performed locally. The attack requires a high level of complexity. The exploitability is...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the AddExtension function in the ExtractZip module. An attacker can write arbitrary files outside the intended directory by submitting a specially crafted VSIX file containing path traversal entries. Details A...

CVE-2026-5463

Command injection vulnerability in console.runmodulewithoutput in pymetasploit3 through version 1.0.6 allows attackers to inject newline characters into module options such as RHOSTS. This breaks the intended command structure and causes the Metasploit console to execute additional unintended...

EUVD-2018-21730

Hirschmann HiOS and HiSecOS products RSP, RSPE, RSPS, RSPL, MSP, EES, EESX, GRS, OS, RED, EAGLE contain an authentication bypass vulnerability in the HTTPS management module that allows unauthenticated remote attackers to gain administrative access by crafting specially formed HTTP requests...

CVE-2026-34770

CVE-2026-34770 concerns Electron apps using the powerMonitor module. The issue is a use-after-free: after the native PowerMonitor object is garbage-collected, OS-level resources (a Windows message window; a macOS shutdown handler) may still reference freed memory. A subsequent session-change even...

SUSE CVE-2026-31391

In the Linux kernel, the following vulnerability has been resolved: crypto: atmel-sha204a - Fix OOM -tfmcount leak If memory allocation fails, decrement -tfmcount to avoid blocking future reads...

CVE-2026-34229

Emlog is an open source website building system. Prior to version 2.6.8, there is a stored cross-site scripting XSS vulnerability in emlog comment module via URI scheme validation bypass. This issue has been patched in version 2.6.8...

CVE-2026-34717

OpenProject is an open-source, web-based project management software. Prior to version 17.2.3, the =n operator in modules/reporting/lib/report/operator.rb:177 embeds user input directly into SQL WHERE clauses without parameterization. This issue has been patched in version 17.2.3...

CVE-2018-25236 Hirschmann HiOS HiSecOS Authentication Bypass via HTTP Management

Hirschmann HiOS and HiSecOS products RSP, RSPE, RSPS, RSPL, MSP, EES, EESX, GRS, OS, RED, EAGLE contain an authentication bypass vulnerability in the HTTPS management module that allows unauthenticated remote attackers to gain administrative access by crafting specially formed HTTP requests...

CVE-2026-34229

Emlog is an open source website building system. Prior to version 2.6.8, there is a stored cross-site scripting XSS vulnerability in emlog comment module via URI scheme validation bypass. This issue has been patched in version 2.6.8...

CVE-2026-34229 Emlog: Stored XSS in Comment Module via URI Scheme Validation Bypass

Emlog is an open source website building system. Prior to version 2.6.8, there is a stored cross-site scripting XSS vulnerability in emlog comment module via URI scheme validation bypass. This issue has been patched in version 2.6.8...

CVE-2026-34229

CVE-2026-34229 affects Emlog prior to version 2.6.8, with a stored XSS in the comment module triggered via bypass of URI scheme validation. The underlying issue is a URI scheme validation bypass, allowing injection of script payloads into comments. The vulnerability is addressed in version 2.6.8 ...

EUVD-2026-18899

Emlog is an open source website building system. Prior to version 2.6.8, there is a stored cross-site scripting XSS vulnerability in emlog comment module via URI scheme validation bypass. This issue has been patched in version 2.6.8...

CVE-2026-3184 Util-linux: util-linux: access control bypass due to improper hostname canonicalization

A flaw was found in util-linux. Improper hostname canonicalization in the login1 utility, when invoked with the -h option, can modify the supplied remote hostname before setting PAMRHOST. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing...

EUVD-2026-18805

A vulnerability has been found in NASA cFS up to 7.0.0. The impacted element is the function pickle.load of the component Pickle Module. Such manipulation leads to deserialization. The attack needs to be performed locally. The attack requires a high level of complexity. The exploitability is...

CVE-2026-5476

CVE-2026-5476 affects NASA cFS up to 7.0.0 on 32-bit. The vulnerability is in CFE_TBL_ValidateCodecLoadSize (cfe/modules/tbl/fsw/src/cfe_tbl_passthru_codec.c) and is caused by an integer overflow. The documented attack complexity is high and exploitability is described as difficult. A fix is plan...

CVE-2026-5473

A vulnerability has been found in NASA cFS up to 7.0.0. The impacted element is the function pickle.load of the component Pickle Module. Such manipulation leads to deserialization. The attack needs to be performed locally. The attack requires a high level of complexity. The exploitability is...

CVE-2026-23449

A flaw was found in the Linux kernel's Traffic Equalizer TEQL network scheduler. When a TEQL device uses a lockless Queueing Discipline Qdisc as its root, a race condition can occur during the qdiscreset operation if it is not properly synchronized with the datapath. This can lead to a double-fre...

CVE-2026-35168

OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to version 2.10.2, the Aggiornamenti Updates module in OpenSTAManager contains a database conflict resolution feature op=risolvi-conflitti-database that accepts a JSON array of SQL statements via PO...