JIZHICMS SQL注入漏洞

JIZHICMS is an open-source content management system developed by JIZHI Corporation in China. Versions of jizhiCMS 2.5.6 and earlier had a SQL injection vulnerability. This vulnerability stemmed from incorrect handling of the parameter ‘data’ in the function ‘findAll’ of the ‘Model.php’ library i...

PT-2026-22299

A security vulnerability has been detected in jizhiCMS up to 2.5.6. Affected is the function findAll in the library frphp/lib/Model.php of the component Batch Interface. The manipulation of the argument data leads to sql injection. The attack is possible to be carried out remotely. The exploit ha...

Fleet: Authorization Bypass in certificate template batch deletion for team administrators

Summary A broken authorization check in Fleet’s certificate template deletion API could allow a team administrator to delete certificate templates belonging to other teams within the same Fleet instance. Impact Fleet supports certificate templates that are scoped to individual teams. In affected...

GHSA-5JVP-M9H4-253H Fleet: Authorization Bypass in certificate template batch deletion for team administrators

Summary A broken authorization check in Fleet’s certificate template deletion API could allow a team administrator to delete certificate templates belonging to other teams within the same Fleet instance. Impact Fleet supports certificate templates that are scoped to individual teams. In affected...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization through the certificate template batch deletion process. An attacker can remove certificate templates belonging to other teams by supplying arbitrary team identifiers and template IDs to the API endpoint...

Unauthorized Code Execution

nbconvert is vulnerable to unauthorized code execution. The vulnerability is due to improper handling of SVG-to-PDF conversion on Windows where a malicious inkscape.bat file in the working directory can be executed, which allows an attacker to run arbitrary code when a user performs the conversio...

CVE-2026-27629

InvenTree is an Open Source Inventory Management System. Prior to version 1.2.3, insecure server-side templates can be hijacked to expose secure information to the client. When generating custom batch codes, the InvenTree server makes use of a customizable jinja2 template, which can be modified b...

CVE-2026-25963 Fleet: Authorization Bypass in certificate template batch deletion for team administrators

Fleet is open source device management software. In versions prior to 4.80.1, a broken authorization check in Fleet’s certificate template deletion API could allow a team administrator to delete certificate templates belonging to other teams within the same Fleet instance. Fleet supports...

CVE-2026-25963 Fleet: Authorization Bypass in certificate template batch deletion for team administrators

Fleet is open source device management software. In versions prior to 4.80.1, a broken authorization check in Fleet’s certificate template deletion API could allow a team administrator to delete certificate templates belonging to other teams within the same Fleet instance. Fleet supports...

CVE-2026-25963 Fleet: Authorization Bypass in certificate template batch deletion for team administrators

Fleet is open source device management software. In versions prior to 4.80.1, a broken authorization check in Fleet’s certificate template deletion API could allow a team administrator to delete certificate templates belonging to other teams within the same Fleet instance. Fleet supports...

CVE-2026-27629

InvenTree is an Open Source Inventory Management System. Prior to version 1.2.3, insecure server-side templates can be hijacked to expose secure information to the client. When generating custom batch codes, the InvenTree server makes use of a customizable jinja2 template, which can be modified b...

CVE-2026-27629

InvenTree is an Open Source Inventory Management System. Prior to version 1.2.3, insecure server-side templates can be hijacked to expose secure information to the client. When generating custom batch codes, the InvenTree server makes use of a customizable jinja2 template, which can be modified b...

CVE-2026-27629 InvenTree Vulnerable to Server Side Template Injection (SSTI)

InvenTree is an Open Source Inventory Management System. Prior to version 1.2.3, insecure server-side templates can be hijacked to expose secure information to the client. When generating custom batch codes, the InvenTree server makes use of a customizable jinja2 template, which can be modified b...

EUVD-2026-8602

InvenTree is an Open Source Inventory Management System. Prior to version 1.2.3, insecure server-side templates can be hijacked to expose secure information to the client. When generating custom batch codes, the InvenTree server makes use of a customizable jinja2 template, which can be modified b...

CVE-2026-27629 InvenTree Vulnerable to Server Side Template Injection (SSTI)

InvenTree is an Open Source Inventory Management System. Prior to version 1.2.3, insecure server-side templates can be hijacked to expose secure information to the client. When generating custom batch codes, the InvenTree server makes use of a customizable jinja2 template, which can be modified b...

CVE-2026-27629

InvenTree prior to v1.2.3 is affected by a server-side template vulnerability in batch code generation. A staff user can modify the customizable Jinja2 template used during batch code creation via the API; if another user triggers the API call, the template executes in their user context, potenti...

CVE-2026-27629 InvenTree Vulnerable to Server Side Template Injection (SSTI)

InvenTree is an Open Source Inventory Management System. Prior to version 1.2.3, insecure server-side templates can be hijacked to expose secure information to the client. When generating custom batch codes, the InvenTree server makes use of a customizable jinja2 template, which can be modified b...

PT-2026-21846

Name of the Vulnerable Software and Affected Versions InvenTree versions prior to 1.2.3 Description InvenTree is an Open Source Inventory Management System. Prior to version 1.2.3, insecure server-side templates can be hijacked to expose secure information to the client. When generating custom...

GO-2026-4516 Kargo has an Authorization Bypass Vulnerability in Batch Resource Creation API Endpoints in github.com/akuity/kargo

Kargo has an Authorization Bypass Vulnerability in Batch Resource Creation API Endpoints in github.com/akuity/kargo...

Exploit for Command Injection in Microsoft

CVE-2025-54100-BYPASS- CVE-2025-54100 POC "simple" Bypass Patc...