Exploit for Deserialization of Untrusted Data in Nextgen Mirth_Connect

CVE-2023-43208-EXPLOIT Mirth Connect Remote Code Execution...

USN-8029-3 linux-azure vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - Nios II architecture; - PA-RISC architecture; - RISC-V architecture; -...

USN-8029-3: Linux kernel (Azure) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - Nios II architecture; - PA-RISC architecture; - RISC-V architecture; -...

[SECURITY] [DLA 4490-1] openssl security update

Debian LTS Advisory DLA-4490-1 [email protected] https://www.debian.org/lts/security/ Andreas Henriksson February 23, 2026 https://wiki.debian.org/LTS Package : openssl Version : 1.1.1w-0+deb11u5 CVE ID : CVE-2025-68160 CVE-2025-69418 CVE-2025-69419 CVE-2025-69420 CVE-2025-69421...

CVE-2026-2975

A security flaw has been discovered in FastApiAdmin up to 2.2.0. Affected by this vulnerability is the function resetapidocs of the file /backend/app/plugin/initapp.py of the component Custom Documentation Endpoint. The manipulation results in information disclosure. The attack may be performed...

CVE-2026-3057

A security flaw has been discovered in a54552239 pearProjectApi up to 2.8.10. Affected is the function dateTotalForProject of the file application/common/Model/Task.php of the component Backend Interface. The manipulation of the argument projectCode results in sql injection. The attack can be...

CVE-2026-3057 a54552239 pearProjectApi Backend Task.php dateTotalForProject sql injection

A security flaw has been discovered in a54552239 pearProjectApi up to 2.8.10. Affected is the function dateTotalForProject of the file application/common/Model/Task.php of the component Backend Interface. The manipulation of the argument projectCode results in sql injection. The attack can be...

CVE-2026-3057

CVE-2026-3057 affects the a54552239 pearProjectApi, specifically the Backend Interface component. The vulnerability resides in the function dateTotalForProject in application/common/Model/Task.php, where manipulating the projectCode argument leads to a SQL injection. The issue can be exploited re...

EUVD-2026-7410

A security flaw has been discovered in a54552239 pearProjectApi up to 2.8.10. Affected is the function dateTotalForProject of the file application/common/Model/Task.php of the component Backend Interface. The manipulation of the argument projectCode results in sql injection. The attack can be...

CVE-2026-25802 New API has Potential XSS in its MarkdownRenderer component

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to version 0.10.8-alpha.9, a potential unsafe operation occurs in component MarkdownRenderer.jsx, allowing for Cross-Site ScriptingXSS when the model outputs items containing tag. Version...

New API 安全漏洞

The New API is an interface software developed by QuantumNous. Versions of the New API prior to 0.10.8-alpha.10 contained a security vulnerability. This vulnerability stems from SQL LIKE wildcard injections in the/api/token/search endpoint, which could lead to denial-of-service attacks through...

📄 GrandStream GXP1600 Unauthenticated Remote Code Execution

An unauthenticated stack-based buffer overflow vulnerability exists in the HTTP API endpoint /cgi-bin/api.values.get. A remote attacker can leverage this vulnerability to achieve unauthenticated remote code execution RCE with root privileges on a target device. The vulnerability affects all six...

PT-2026-21745

Name of the Vulnerable Software and Affected Versions SonicOS affected versions not specified Description The software contains post-authentication stack-based buffer overflow vulnerabilities within its management interface. These issues stem from insufficient bounds checking in an ''API...

PT-2026-21751

Name of the Vulnerable Software and Affected Versions MindsDB versions prior to 25.9.1.1 Description MindsDB, a platform for building artificial intelligence from enterprise data, has a path traversal flaw in its /api/files interface. An authenticated attacker can exploit this to achieve remote...

MindsDB 路径遍历漏洞

MindsDB is a joint query engine developed by MindsDB Inc., designed specifically for AI agents and large language models. It can handle questions related to PB-level enterprise data. Versions of MindsDB prior to 25.9.1.1 had a path traversal vulnerability. This vulnerability stemmed from the...

api-gateway-deploy 安全漏洞

api-gateway-deploy is an API gateway for Bleon-ethical individual developers. Version 1.0.0 of api-gateway-deploy contains a security vulnerability. This vulnerability stems from an attack chain involving operating system command injection and privilege escalation, which could allow attackers to...

WSO2 API Manager和WSO2 Identity Server（IS） 安全漏洞

WSO2 API Manager and WSO2 Identity Server are both products of the American company WSO2. WSO2 API Manager is a set of API lifecycle management solutions. WSO2 Identity Server is an identity authentication server. Both WSO2 API Manager and WSO2 Identity Server have security vulnerabilities. These...

Caddy 跨站请求伪造漏洞

Caddy is an open-source, cross-platform HTTP/Web server developed by the Caddy company. Versions of Caddy prior to 2.11.1 contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the local Caddy management API accepting cross-domain requests when source forcing was n...

New API 跨站脚本漏洞

The New API is an interface software developed by QuantumNous. Versions of the New API prior to 0.10.8-alpha.9 contained a cross-site scripting vulnerability. This vulnerability stemmed from potentially unsafe operations within the MarkdownRenderer.jsx component, which could lead to cross-site...

CVE-2025-68930

Versions of the Traccar open-source GPS tracking system up to and including 6.11.1 contain a Cross-Site WebSocket Hijacking CSWSH vulnerability in the /api/socket endpoint. The application fails to validate the Origin header during the WebSocket handshake. This allows a remote attacker to bypass...