8 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-43915
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.11.0 contain a stored cross-site scripting XSS vulnerability in the...
PT-2025-44322
Name of the Vulnerable Software and Affected Versions Wazuh versions prior to 4.11.0 Description Wazuh is a platform for threat prevention, detection, and response. A flaw exists in the w copy event for log function where it references memory after it has been freed, initially allocated in OS...
CVE-2025-10692
The endpoint POST /api/staff/get-new-tickets concatenates the user-controlled parameter departmentId directly into the SQL WHERE clause without parameter binding. As a result, an authenticated staff user level ≥ 1 can inject SQL to alter the filter logic, effectively bypassing department scoping...
CVE-2025-10696 OpenSupports 4.11.0 — Insecure Direct Object Reference in supervised list
OpenSupports exposes an endpoint that allows the list of 'supervised users' for any account to be edited, but it does not validate whether the actor is the owner of that list. A Level 1 staff member can modify the supervision relationship of a third party the target user, who can then view the...
EUVD-2025-32372
The endpoint POST /api/staff/get-new-tickets concatenates the user-controlled parameter departmentId directly into the SQL WHERE clause without parameter binding. As a result, an authenticated staff user level ≥ 1 can inject SQL to alter the filter logic, effectively bypassing department scoping...
Red Hat FreeIPA Access Control Error Vulnerability
Red Hat FreeIPA is a comprehensive security information management solution. An access control error vulnerability exists in FreeIPA version 4.11.0 that stems from a lack of granting, resulting in requests being accepted regardless of rule compliance...
PYSEC-2023-249
Gradio is an open-source Python package that allows you to quickly build a demo or web application for your machine learning model, API, or any arbitary Python function. Versions of gradio prior to 4.11.0 contained a vulnerability in the /file route which made them susceptible to file traversal...
CVE-2019-11853
Several potential command injections vulnerabilities exist in the AT command interface of ALEOS before 4.11.0, and 4.9.4...