GHSA-W995-FF8H-RPPG OpenSTAManager has a SQL Injection in ajax_complete.php (get_sedi endpoint)

Summary A SQL Injection vulnerability exists in the ajaxcomplete.php endpoint when handling the getsedi operation. An authenticated attacker can inject malicious SQL code through the idanagrafica parameter, leading to unauthorized database access. Proof of Concept Vulnerable Code File:...

OpenSTAManager has a SQL Injection in ajax_complete.php (get_sedi endpoint)

Summary A SQL Injection vulnerability exists in the ajaxcomplete.php endpoint when handling the getsedi operation. An authenticated attacker can inject malicious SQL code through the idanagrafica parameter, leading to unauthorized database access. Proof of Concept Vulnerable Code File:...

PT-2026-6494

Summary A SQL Injection vulnerability exists in the ajax complete.php endpoint when handling the get sedi operation. An authenticated attacker can inject malicious SQL code through the idanagrafica parameter, leading to unauthorized database access. Proof of Concept Vulnerable Code File:...

PT-2026-5968

Name of the Vulnerable Software and Affected Versions OpenSTAManager versions prior to 2.9.8 Description OpenSTAManager is a management software for technical assistance and invoicing. A SQL Injection issue exists in version 2.9.8 and earlier when handling the get sedi operation through the /ajax...

kernel: Linux kernel: Information disclosure and denial of service in Bluetooth HCI event handling

A flaw was found in the Linux kernel's Bluetooth component. A local attacker with low privileges could exploit a vulnerability in the Host Controller Interface HCI event processing. This issue arises from improper handling of command complete events with unknown opcodes, which can lead to the...

CVE-2026-23031

In the Linux kernel, the following vulnerability has been resolved: can: gsusb: gsusbreceivebulkcallback: fix URB memory leak In gscanopen, the URBs for USB-in transfers are allocated, added to the parent-rxsubmitted anchor and submitted. In the complete callback gsusbreceivebulkcallback, the URB...

CVE-2026-23031

CVE-2026-23031 affects the Linux kernel's gs_usb path. The issue is a memory leak where USB Request Blocks (URBs) completed by gs_usb_receive_bulk_callback() were not reliably released because the USB framework unanchors the URB before completion, bypassing gs_can_close()’s cleanup. The fix ancho...

CVE-2026-24477

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. If AnythingLLM prior to version 1.10.0 is configured to use Qdrant as the vector database with an API key, this QdrantApiKey could be exposed in plain text to unauthenticate...

AnythingLLM security vulnerabilities

AnythingLLM is an integrated AI application developed by Mintplex. Versions of AnythingLLM prior to 1.10.0 contained a security vulnerability. This vulnerability stemmed from the /api/setup-complete endpoint exposing the QdrantApiKey in plain text, which could allow attackers to gain read/write...

CVE-2026-24477

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. If AnythingLLM prior to version 1.10.0 is configured to use Qdrant as the vector database with an API key, this QdrantApiKey could be exposed in plain text to unauthenticate...

CVE-2026-24477 AnythingLLM has key leak in `systemSettings.js`

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. If AnythingLLM prior to version 1.10.0 is configured to use Qdrant as the vector database with an API key, this QdrantApiKey could be exposed in plain text to unauthenticate...

CVE-2026-24477 AnythingLLM has key leak in `systemSettings.js`

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. If AnythingLLM prior to version 1.10.0 is configured to use Qdrant as the vector database with an API key, this QdrantApiKey could be exposed in plain text to unauthenticate...

CVE-2026-24477 AnythingLLM has key leak in `systemSettings.js`

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. If AnythingLLM prior to version 1.10.0 is configured to use Qdrant as the vector database with an API key, this QdrantApiKey could be exposed in plain text to unauthenticate...

CVE-2020-36957

PDF Complete 3.5.310.2002 contains an unquoted service path vulnerability in its pdfsvc.exe service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with elevated LocalSystem privileges...

CVE-2020-36957 PDF Complete 3.5.310.2002 - 'pdfsvc.exe' Unquoted Service Path

PDF Complete 3.5.310.2002 contains an unquoted service path vulnerability in its pdfsvc.exe service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with elevated LocalSystem privileges...

CVE-2020-36957 PDF Complete 3.5.310.2002 - 'pdfsvc.exe' Unquoted Service Path

PDF Complete 3.5.310.2002 contains an unquoted service path vulnerability in its pdfsvc.exe service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with elevated LocalSystem privileges...

CVE-2020-36957

PDF Complete 3.5.310.2002 contains an unquoted service path vulnerability in its pdfsvc.exe service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with elevated LocalSystem privileges...

CVE-2020-36957

CVE-2020-36957 corresponds to the unquoted service path vulnerability in PDF Complete 3.5.310.2002, specifically in the pdfsvc.exe service configuration. The root cause is an unquoted image path, allowing an attacker to inject and execute malicious code with elevated LocalSystem privileges. Conne...

EUVD-2020-30851

PDF Complete 3.5.310.2002 contains an unquoted service path vulnerability in its pdfsvc.exe service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with elevated LocalSystem privileges...

PDF Complete code issue vulnerabilities

PDF Complete is a PDF editor developed by PDF Complete Inc. Version 3.5.310.2002 of PDF Complete has a code vulnerability that stems from the lack of quotation marks around the pdfsvc.exe service path, which may lead to privilege escalation...