CVE-2026-28511 elabftw has entry title leakage through autocompletion search

eLabFTW is an open source electronic lab notebook. Prior to version 5.4.2, in certain cases, an authenticated user performing a numeric reference/search can return results that include resources the requesting user is not authorized to view. The exposed information is limited only the title...

SUSE CVE-2015-1858

Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service segmentation fault and crash and possibly execute arbitrary code via a crafted BMP image...

CVE-2018-16968

Citrix ShareFile StorageZones Controller before 5.4.2 allows Directory Traversal...

Zsh Local Stack Buffer Overflow Vulnerability

Zsh is an interactive command interpreter and command programming language used on Linux systems. A security vulnerability exists in the shell autocomplete feature in versions prior to Zsh 5.4.2-test-1. A local attacker can exploit this vulnerability by creating specially crafted directory paths ...

php: command line arguments injection when run in CGI mode (VU#520827)

sapi/cgi/cgimain.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script aka php-cgi, does not properly handle query strings that lack an = equals sign character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string,...