CVE-2026-3120

Improper Control of Generation of Code 'Code Injection' vulnerability in Profelis Information and Consulting Trade and Industry Limited Company SambaBox allows OS Command Injection. This issue affects SambaBox: from 5.1 before 5.3...

CVE-2026-3120

Improper Control of Generation of Code 'Code Injection' vulnerability in Profelis Information and Consulting Trade and Industry Limited Company SambaBox allows OS Command Injection. This issue affects SambaBox: from 5.1 before 5.3...

CVE-2026-3120

Affected product: SambaBox (Profelis Information and Consulting) – versions 5.1 up to 5.3 (exclusive). Issue: Improper control of code generation leading to OS command injection. This is a network-vector vulnerability with no user interaction, potentially enabling remote command execution; CVSSv3...

PT-2026-36796

Improper Control of Generation of Code 'Code Injection' vulnerability in Profelis Information and Consulting Trade and Industry Limited Company SambaBox allows OS Command Injection. This issue affects SambaBox: from 5.1 before 5.3...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15

Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel versions 5.1 through 5.19.x, prior to 5.19.16, could be exploited by local attackers those capable of injecting WLAN frames to trigger use-after-free conditions, potentially allowing them to execute...

CVE-2026-1726

IBM Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2, 4.2.1, 5.0, and 5.1...

PT-2026-34578

IBM Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2, 4.2.1, 5.0, and 5.1...

CVE-2026-24732

CVE-2026-24732 affects Hallo Welt! GmbH BlueSpice Extension:NSFileRepo, with vulnerable versions 5.1–5.1.5 and 5.2–5.2.0. The issue is improper permission checks in the extension, allowing access to functionality not properly constrained by ACLs and bypassing electronic locks and access controls....

EUVD-2026-2428

Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting XSS vulnerability in the administrative interface within the Tools Status functionality. The path parameter is reflected into the HTML response without proper output encoding in include/admin/Tools/Status.php...

Moodle Prompt Injection Vulnerability (MSA-25-0053)

Moodle is prone to a prompt injection vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:moodle:moodle"; ifdescriptio...

TencentOS Server 4: python-django (TSSA-2025:0857)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0857 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

chromatrace (>=0.1.6 <=0.1.7), ddos-blocker (>=0.0.3 <=0.0.13) +21 more potentially affected by CVE-2025-64459 via django (>=5.1.0 <=5.1.13)

django PYPI version =5.1.0, =0.1.6, =0.0.3, =0.0.15, =2.7.0, =1.0.3, =0.6.2, =5.1.0, =0.2.30, =1.42.2, =1.21.0, =1.21.1.dev5 and more Source cves: CVE-2025-64459 Source advisory: OSV:PYSEC-2025-108...

EUVD-2018-3162

Malware in sbrugna...

chromatrace (>=0.1.6 <=0.1.7), ddos-blocker (>=0.0.3 <=0.0.13) +21 more potentially affected by CVE-2025-59681 via django (>=5.1.0 <=5.1.12)

django PYPI version =5.1.0, =0.1.6, =0.0.3, =0.0.15, =2.7.0, =1.0.3, =0.6.2, =5.1.0, =0.2.30, =1.42.2, =1.21.0, =1.21.1.dev5 and more Source cves: CVE-2025-59681 Source advisory: SNYK:PYTHON-DJANGO-13179650...

CVE-2025-59681

An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate, QuerySet.alias, QuerySet.aggregate, and QuerySet.extra are subject to SQL injection in column aliases, when using a suitably crafted dictionary, with dictionary expansion, as the kwarg...

Linux Distros Unpatched Vulnerability : CVE-2020-5197

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GitLab Community Edition CE and Enterprise Edition EE 5.1 through 12.6.1. It has Incorrect Access Control. CVE-2020-5197 Note that...

Linux Distros Unpatched Vulnerability : CVE-2020-28588

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An information disclosure vulnerability exists in the /proc/pid/syscall functionality of Linux Kernel 5.1 Stable and 5.4.66. More specifically, this issue has...

GHSA-M9G8-FXXM-XG86 Django SQL injection in HasKey(lhs, rhs) on Oracle

An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. Direct usage of the django.db.models.fields.json.HasKey lookup, when an Oracle database is used, is subject to SQL injection if untrusted data is used as an lhs value. Applications that use the...

CVE-2024-4554

Improper Input Validation vulnerability in OpenText NetIQ Access Manager leads to Cross-Site Scripting XSS attack. This issue affects Access Manager before 5.0.4.1 and 5.1...

PT-2024-23459 · Sonaar · Sonaar Music Mp3 Audio Player

Name of the Vulnerable Software and Affected Versions: Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar versions n/a through 5.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for...