CVE-2026-44473

CVE-2026-44473 affects Ella Core (5G core for private networks). Before v1.10.0, a radio with a valid NG Setup could send a forged PDUSessionResourceSetupResponse containing another UE’s AMF-UE-NGAP-ID. Ella Core does not verify the message arrived on the SCTP association bound to that UE’s NG-co...

Dell Unisphere for PowerMax vApp 授权问题漏洞

Dell Unisphere for PowerMax vApp is a virtualization management solution developed by the American company Dell. Versions of Dell Unisphere for PowerMax vApp prior to 10.0.0.2 had an authorization-related vulnerability. This vulnerability stemmed from an attempt to bypass authorization...

Alibaba Cloud Linux 3 : 0102: openssh (ALINUX3-SA-2026:0102)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2026:0102 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-35385: In OpenSSH before 10.3, a...

EUVD-2023-46797

Alkacon OpenCms before 10.5.1 allows remote unauthenticated attackers to obtain sensitive information via a cmis-online/query XXE attack on a Chemistry servlet...

PT-2026-36126

Weaver Fanwei E-office versions prior to 10.0 20221201 contain an unauthenticated arbitrary file upload vulnerability in the OfficeServer.php endpoint that allows remote attackers to upload malicious files by sending multipart POST requests with arbitrary filenames and disguised content types...

GLPI SQL注入漏洞

GLPI is an open-source IT and asset management software developed by GLPI. This software provides a comprehensive IT resource management interface, allowing you to create databases for managing various IT assets such as computers, monitors, servers, printers, network devices, telephones, and even...

CVE-2026-35414

OpenSSH before 10.3 mishandles the authorizedkeys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters...

CVE-2026-35388

OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions...

CVE-2026-35388

OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions...

OpenSSH 安全漏洞

OpenSSH OpenBSD Secure Shell is a set of open-source tools developed by OpenBSD in Canada for secure access to remote computers. This tool is an open-source implementation of the SSH protocol, supporting encryption of all transmissions. It effectively prevents eavesdropping, connection hijacking,...

PT-2026-29835

Name of the Vulnerable Software and Affected Versions OpenSSH versions prior to 10.3 Description OpenSSH versions before 10.3 do not confirm connection multiplexing in proxy-mode multiplexing sessions. Recommendations Update to version 10.3 or later...

CVE-2026-3457

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Thales Sentinel LDK Runtime on Windows allows Stored XSS.This issue affects Sentinel LDK Runtime: before 10.22...

CVE-2026-3457 Stored XSS vulnerability in Sentinel ACC

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Thales Sentinel LDK Runtime on Windows allows Stored XSS.This issue affects Sentinel LDK Runtime: before 10.22...

CVE-2026-3457 Stored XSS vulnerability in Sentinel ACC

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Thales Sentinel LDK Runtime on Windows allows Stored XSS.This issue affects Sentinel LDK Runtime: before 10.22...

EUVD-2026-14521

MailEnable versions prior to 10.55 contain a reflected cross-site scripting vulnerability in the webmail interface that allows remote attackers to execute arbitrary JavaScript in a victim's browser by crafting a malicious URL. Attackers can inject malicious code through the StartDate parameter in...

CVE-2026-32868

CVE-2026-32868 affects OPEXUS eComplaint and eCASE prior to 10.2.0.0. The issue is improper sanitization of the first and last name fields on the My Information screen, enabling an authenticated attacker to inject an XSS payload that executes when the full name is rendered in the victim’s session...

CVE-2025-67830

Mura before 10.1.14 allows beanFeed.cfc getQuery sortby SQL injection...

PT-2026-22324

Name of the Vulnerable Software and Affected Versions Johnson Controls Frick Controls Quantum HD versions prior to 10.22 Description A flaw exists in Johnson Controls Frick Controls Quantum HD that allows for the execution of code remotely without authentication. This is due to insufficient...

Atlassian Jira Service Management Data Center and Server 10.3.x < 10.3.16 (JSDSERVER-16491)

"The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16491 advisory. - Improper Input Validation vulnerability in qs parse modules allows HTTP DoS.This issue affects qs:...

CVE-2025-66838

In Aris v10.0.23.0.3587512 and before, the file upload functionality does not enforce any rate limiting or throttling, allowing users to upload files at an unrestricted rate. An attacker can exploit this behavior to rapidly upload a large volume of files, potentially leading to resource exhaustio...