CVE-2026-35202

Summary of vulnerability (CVE-2026-35202) : Pterodactyl Panel’s Client API suffers a race-condition in the database resource limiter. The code path in DatabaseController.php attempts to lock database allocations with lockForUpdate(), but the Laravel call is a no-op (no terminal operation is sent)...

EUVD-2026-34010

Pterodactyl is a free, open-source game server management panel. Prior to version 1.12.3, the Pterodactyl Client API has a logic flaw that lets users bypass their assigned limits for database allocations. This happens because the database locking mechanism used in the controllers is totally broke...

Improper Validation of Certificate with Host Mismatch

Overview org.apache.directory.api:api-ldap-client-api is a LDAP Client API. Affected versions of this package are vulnerable to Improper Validation of Certificate with Host Mismatch in the TLS server identity verification. An attacker can intercept and impersonate the server by presenting a...

GHSA-FGMM-W5CX-VRFW Pterodactyl has a database resource limit bypass via race condition in Client API

Summary The Pterodactyl Client API has a logic flaw that lets users bypass their assigned limits for database allocations. This happens because the database locking mechanism used in the controllers is totally broken and doesn't actually lock anything. Details Inside DatabaseController.php, the...

Pterodactyl has a database resource limit bypass via race condition in Client API

Summary The Pterodactyl Client API has a logic flaw that lets users bypass their assigned limits for database allocations. This happens because the database locking mechanism used in the controllers is totally broken and doesn't actually lock anything. Details Inside DatabaseController.php, the...

CVE-2026-31863

Anytype Heart is the middleware library for Anytype. The challenge-based authentication for the local gRPC client API can be bypassed, allowing an attacker to gain access without the 4-digit code. This vulnerability is fixed in anytype-heart 0.48.4, anytype-cli 0.1.11, and Anytype Desktop 0.54.5...

Hubitat Elevation security vulnerability

Hubitat Elevation is a localized smart home control system developed by Hubitat Inc. Versions prior to Hubitat Elevation 2.4.2.157 contained security vulnerabilities. These vulnerabilities were caused by user-controllable keys that allowed unauthorized access, potentially allowing remote...

EUVD-2009-0632

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2021-2006

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Client product of Oracle MySQL component: C API. Supported versions that are affected are 8.0.19 and prior. Difficult to exploit...

The vulnerability of the user interface of the SAP CRM WebClient UI, which allows an attacker to perform XSS attacks.

The vulnerability of the SAP CRM WebClient UI user interface lies in the lack of security measures taken to protect the web page structure. Exploiting this vulnerability allows an attacker to execute XSS attacks remotely...

PT-2024-3898 · Sap · Sap Crm Webclient Ui

Name of the Vulnerable Software and Affected Versions: SAP CRM WebClient UI versions S4FND 102 through S4FND 106 SAP CRM WebClient UI versions WEBCUIF 701 through WEBCUIF 801 Description: The SAP CRM WebClient UI does not sufficiently encode user-controlled inputs, resulting in a Cross-Site...

The vulnerability of the user interface of the SAP CRM WebClient UI, which allows an attacker to perform XSS attacks.

The vulnerability of the SAP CRM WebClient UI user interface lies in the lack of security measures taken to protect the web page structure. Exploiting this vulnerability allows an attacker to execute XSS attacks remotely...

CVE-2023-30742

SAP CRM WebClient UI - versions S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 700, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting...

SAP CRM 安全漏洞

SAP CRM is a customer relationship management system from SAP, Germany. A security vulnerability exists in SAP CRM WebClient UI that originates from a vulnerability that allows an attacker to modify the HTTP verbs used in a request via a web server, which could lead to the exposure of form fields...

PT-2023-22191 · Sap · Sap Crm

Name of the Vulnerable Software and Affected Versions: SAP CRM WebClient UI versions S4FND 102, 103, 104, 105, 106, 107, WEBCUIF, 700, 701, 731, 730, 746, 747, 748, 800, 801 Description: The issue allows an authenticated attacker to modify HTTP verbs used in requests to the web server. This...

CVE-2023-23594

An authentication bypass vulnerability in the web client interface for the CL4NX printer before firmware version 1.13.3-u724r2 provides remote unauthenticated attackers with access to execute commands intended only for valid/authenticated users, such as file uploads and configuration changes...

CVE-2023-23594

An authentication bypass vulnerability in the web client interface for the CL4NX printer before firmware version 1.13.3-u724r2 provides remote unauthenticated attackers with access to execute commands intended only for valid/authenticated users, such as file uploads and configuration changes...

CVE-2023-23594

The CVE-2023-23594 case concerns the CL4NX printer web client interface. Affected: CL4NX printer firmware prior to 1.13.3-u724_r2; vulnerability is an authentication bypass allowing remote, unauthenticated attackers to perform actions intended for authenticated users (e.g., file uploads, configur...

SUSE CVE-2020-17470

An issue was discovered in FNET through 4.6.4. The code that initializes the DNS client interface structure does not set sufficiently random transaction IDs they are always set to 1 in fnetdnspoll in fnetdns.c. This significantly simplifies DNS cache poisoning attacks...

PT-2022-23378 · Mitel · Mitel Micollab

Name of the Vulnerable Software and Affected Versions: Mitel MiCollab versions through 9.5.0.101 Description: A vulnerability in the MiCollab Client API could allow an authenticated attacker to modify their profile parameters due to improper authorization controls. This could allow the attacker t...