13 matches found
PT-2026-22837
Name of the Vulnerable Software and Affected Versions OpenSTAManager versions 2.9.8 and earlier Description OpenSTAManager is a management software for technical assistance and invoicing. A privilege escalation and authentication bypass exists in versions 2.9.8 and earlier, allowing an attacker t...
EUVD-2026-5624
OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Time-Based Blind SQL Injection vulnerability in the global search functionality. The application fails to properly sanitize the term parameter before...
CVE-2025-69213
CVE-2025-69213 affects OpenSTAManager prior to 2.10-beta, with a SQL Injection in the ajax_complete.php endpoint (get_sedi) that concatenates user input from the idanagrafica parameter into the SQL query. The vulnerability enables an authenticated attacker to inject SQL via idanagrafica, potentia...
Webedition CMS 安全漏洞
Webedition CMS is an open source web application framework from German company Webedition. A security vulnerability exists in Webedition CMS version v2.9.8.8, which stems from the presence of a stored cross-site scripting vulnerability that could lead to the upload of a malicious SVG file and the...
CVE-2025-66404 mcp-server-kubernetes potential security issue in exec_in_pod tool
MCP Server Kubernetes is an MCP Server that can connect to a Kubernetes cluster and manage it. Prior to 2.9.8, there is a security issue exists in the execinpod tool of the mcp-server-kubernetes MCP Server. The tool accepts user-provided commands in both array and string formats. When a string...
CVE-2025-60103 WordPress ListingPro plugin <= 2.9.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in CridioStudio ListingPro listingpro-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingPro: from n/a through = 2.9.8...
Advisory ROSA-SA-2025-2689
Software: scipy 1.0.0 OS: ROSA Virtualization 3.0 packageevrstring: scipy-1.0.0-21.0.2 CVE-ID: CVE-2023-29824 BDU-ID: 2024-07432 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the PyFindObjects function of the PyFindObjects library for the open source Python programming language scipy is relat...
PT-2024-37469 · WordPress · پلاگین پرداخت دلخواه
Name of the Vulnerable Software and Affected Versions: پلاگین پرداخت دلخواه WordPress plugin versions 2.9.8 and earlier Description: The issue concerns a lack of CSRF check when resetting form fields, which could allow attackers to perform actions via a CSRF attack, making a logged-in admin reset...
SUSE CVE-2023-41038
Firebird is a relational database. Versions 4.0.0 through 4.0.3 and version 5.0 beta1 are vulnerable to a server crash when a user uses a specific form of SET BIND statement. Any non-privileged user with minimum access to a server may type a statement with a long CHAR length, which causes the...
CVE-2023-41171
NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability issue 3 of 4...
WordPress Plugin The Paid Memberships Pro SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
PT-2022-35804 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.14.298 Description: The issue is related to data-races around kcm-rx wait. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions prior to v4.14.298,...
GHSA-MX9V-GMH4-MGQW Deserialization of Untrusted Data in jackson-databind
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization...