CVE-2026-28517

openDCIM version 23.04, through commit 4467e9c4, contains an OS command injection vulnerability in reportnetworkmap.php. The application retrieves the 'dot' configuration parameter from the database and passes it directly to exec without validation or sanitization. If an attacker can modify the...

CVE-2026-28517

openDCIM version 23.04, through commit 4467e9c4, contains an OS command injection vulnerability in reportnetworkmap.php. The application retrieves the 'dot' configuration parameter from the database and passes it directly to exec without validation or sanitation. If an attacker can modify the...

CVE-2026-28515

openDCIM version 23.04, through commit 4467e9c4, contains a missing authorization vulnerability in install.php and container-install.php. The installer and upgrade handler expose LDAP configuration functionality without enforcing application role checks. Any authenticated user can access this...

CVE-2026-28516

OpenDCIM 23.04 (commit 4467e9c4) contains a SQL injection in Config::UpdateParameter. install.php and container-install.php interpolate user input into SQL without prepared statements, allowing an authenticated user to execute arbitrary SQL against the database. The vulnerability is documented as...

openDCIM SQL注入漏洞

openDCIM is an open-source data center inventory management DCIM application. Version 23.04 of openDCIM contains a SQL injection vulnerability. This vulnerability stems from the use of Config::UpdateParameter without using prepared statements or input sanitization, which may lead to SQL injection...

openDCIM 操作系统命令注入漏洞

openDCIM is an open-source data center inventory management DCIM application. Version 23.04 of openDCIM contains a vulnerability related to operating system command injection. This vulnerability stems from the lack of validation or cleanup of user input in the reportnetworkmap.php file, which may...

openDCIM Cross-Site Scripting Vulnerability

openDCIM is openDCIM open source a data center inventory management DCIM application . openDCIM version 23.04 cross-site scripting vulnerability , the vulnerability stems from the file /scripts/uploadifive.php parameter Filedata on the user-supplied data lack of effective filtering and escaping ,...

CVE-2025-10253

A vulnerability has been found in openDCIM 23.04. This vulnerability affects unknown code of the file /scripts/uploadifive.php of the component SVG File Handler. Such manipulation of the argument Filedata leads to cross site scripting. The attack can be launched remotely. The exploit has been...

openDCIM 安全漏洞

openDCIM is openDCIM open source a data center inventory management DCIM application . openDCIM version 23.04 cross-site scripting vulnerability , the vulnerability stems from the file /scripts/uploadifive.php parameter Filedata on the user-supplied data lack of effective filtering and escaping ,...

Mahara 24.04 < 24.04.1, 23.04 < 23.04.6 Information Disclosure Vulnerability

Mahara is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mahara:mahara"; if...

CVE-2024-39335

Supported versions of Mahara 24.04 before 24.04.1 and 23.04 before 23.04.6 are vulnerable to information being disclosed to an institution administrator under certain conditions via the 'Current submissions' page: Administration - Groups - Submissions...

CVE-2024-39335

CVE-2024-39335 affects Mahara: vulnerable versions 24.04 before 24.04.1 and 23.04 before 23.04.6 are susceptible to information disclosure to an institution administrator via the Current submissions page (Administration → Groups → Submissions). Root cause: information disclosure condition on that...

CVE-2024-45755

An issue was discovered in Centreon centreon-dsm-server 24.10.x before 24.10.0, 24.04.x before 24.04.3, 23.10.x before 23.10.1, 23.04.x before 23.04.3, and 22.10.x before 22.10.2. SQL injection can occur in the form to configure Centreon DSM slots. Exploitation is only accessible to authenticated...

CVE-2024-33854

Centreon Web contains a SQL Injection in the Graph Template component. Affected versions are 22.10.0–22.10.22, 23.04.0–23.04.18, 23.10.0–23.10.12, and 24.04.0–24.04.2; fixed in 22.10.23, 23.04.19, 23.10.13, and 24.04.3 respectively. Root cause is lack of protection of the SQL query structure. Rem...

Canopsis Cross-Site Scripting Vulnerability

Canopsis is an open source super vision solution from Canopsis Inc. A cross-site scripting vulnerability exists in Canopsis version 23.04-alpha3, which stems from the presence of a stored cross-site scripting XSS vulnerability...

Ubuntu 22.04 ESM / 23.04 : Fast DDS vulnerabilities (USN-6306-1)

The remote Ubuntu 22.04 ESM / 23.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6306-1 advisory. It was discovered that Fast DDS incorrectly handled certain inputs. A remote attacker could possibly use this issue to cause a denial of service...

Ubuntu 22.04 LTS / 23.04 : .NET regression (USN-6161-2)

The remote Ubuntu 22.04 LTS / 23.04 host has packages installed that are affected by a vulnerability as referenced in the USN-6161-2 advisory. USN-6161-1 fixed vulnerabilities in .NET. The update introduced a regression with regards to how the runtime imported X.509 certificates. This update fixe...