CVE-2026-5561

A vulnerability was determined in Campcodes Complete POS Management and Inventory System up to 4.0.6. This affects an unknown function of the file app/Http/Controllers/SettingsController.php of the component Environment Variable Handler. Executing a manipulation can lead to injection. It is...

CVE-2026-5561

CVE-2026-5561 affects Campcodes Complete POS Management and Inventory System up to v4.0.6. The vulnerability targets the Environment Variable Handler inside app/Http/Controllers/SettingsController.php, where an input manipulation can cause injection. The attack is remotely executable and the expl...

CVE-2026-5561 Campcodes Complete POS Management and Inventory System Environment Variable SettingsController.php injection

A vulnerability was determined in Campcodes Complete POS Management and Inventory System up to 4.0.6. This affects an unknown function of the file app/Http/Controllers/SettingsController.php of the component Environment Variable Handler. Executing a manipulation can lead to injection. It is...

CVE-2026-5561

A vulnerability was determined in Campcodes Complete POS Management and Inventory System up to 4.0.6. This affects an unknown function of the file app/Http/Controllers/SettingsController.php of the component Environment Variable Handler. Executing a manipulation can lead to injection. It is...

EUVD-2026-19023

A security vulnerability has been detected in halex CourseSEL up to 1.1.0. Affected by this vulnerability is the function checksel of the file Apps/Index/Controller/IndexController.class.php of the component HTTP GET Parameter Handler. The manipulation of the argument seid leads to sql injection...

CVE-2026-5537

A security vulnerability has been detected in halex CourseSEL up to 1.1.0. Affected by this vulnerability is the function checksel of the file Apps/Index/Controller/IndexController.class.php of the component HTTP GET Parameter Handler. The manipulation of the argument seid leads to sql injection...

CVE-2026-5529

CVE-2026-5529 affects Dromara lamp-cloud up to 5.8.1. The vulnerability is in DefUserController.pageUser; manipulation of the pageUser function leads to improper authorization. The issue is exploitable remotely and the exploit is public. Public notifications were sent to the project via an issue,...

CVE-2026-5529 Dromara lamp-cloud DefUserController pageUser improper authorization

A vulnerability was detected in Dromara lamp-cloud up to 5.8.1. This vulnerability affects the function pageUser of the file /defUser/pageUser of the component DefUserController. Performing a manipulation results in improper authorization. The attack can be initiated remotely. The exploit is now...

PT-2026-30408

A security vulnerability has been detected in halex CourseSEL up to 1.1.0. Affected by this vulnerability is the function check sel of the file Apps/Index/Controller/IndexController.class.php of the component HTTP GET Parameter Handler. The manipulation of the argument seid leads to sql injection...

Linux Distros Unpatched Vulnerability : CVE-2026-31389

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - spi: fix use-after-free on controller registration failure Make sure to deregister from driver core also in the unlikely event that per-cpu statistics allocatio...

CampCodes Complete POS Management and Inventory 安全漏洞

CampCodes Complete POS Management and Inventory is a POS management and inventory system developed by the Philippine company CampCodes. The Campcodes Complete POS Management and Inventory System versions 4.0.6 and earlier have a security vulnerability, which stems from an injection vulnerability ...

Linux Distros Unpatched Vulnerability : CVE-2026-23475

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - spi: fix statistics allocation The controller per-cpu statistics is not allocated until after the controller has been registered with driver core, which leaves ...

CVE-2025-68153

Juju is an open source application orchestration engine that enables any application operation on any infrastructure at any scale through special operators called ‘charms’. From versions 2.9 to before 2.9.56 and 3.6 to before 3.6.19, any authenticated user, machine or controller under a Juju...

EUVD-2015-9425

Hirschmann HiLCOS devices OpenBAT, WLC, BAT300, BAT54 prior to 8.80 and OpenBAT prior to 9.10 are shipped with identical default SSH and SSL keys that cannot be changed, allowing unauthenticated remote attackers to decrypt or intercept encrypted management communications. Attackers can perform...

SUSE CVE-2026-23434

In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: serialize lock/unlock against other NAND operations nandlock and nandunlock call into chip-ops.lockarea/unlockarea without holding the NAND device lock. On controllers that implement SETFEATURES via multiple low-lev...

SUSE CVE-2026-23464

In the Linux kernel, the following vulnerability has been resolved: soc: microchip: mpfs: Fix memory leak in mpfssyscontrollerprobe In mpfssyscontrollerprobe, if ofgetmtddevicebynode fails, the function returns immediately without freeing the allocated memory for syscontroller, leading to a memor...

SUSE CVE-2026-23475

In the Linux kernel, the following vulnerability has been resolved: spi: fix statistics allocation The controller per-cpu statistics is not allocated until after the controller has been registered with driver core, which leaves a window where accessing the sysfs attributes can trigger a...

SUSE CVE-2026-31389

In the Linux kernel, the following vulnerability has been resolved: spi: fix use-after-free on controller registration failure Make sure to deregister from driver core also in the unlikely event that per-cpu statistics allocation fails during controller registration to avoid use-after-free of...

CVE-2017-20233

CVE-2017-20233 affects Hirschmann HiLCOS devices OpenBAT, BAT450, WLC, and BAT867. The issue is a firewall filtering vulnerability where IPv4 multicast and broadcast traffic are not correctly filtered when management IP address filtering is disabled, allowing bypass of configured firewall rules. ...

CVE-2015-10148 Hirschmann HiLCOS Hard-coded Credentials SSH SSL Keys

Hirschmann HiLCOS devices OpenBAT, WLC, BAT300, BAT54 prior to 8.80 and OpenBAT prior to 9.10 are shipped with identical default SSH and SSL keys that cannot be changed, allowing unauthenticated remote attackers to decrypt or intercept encrypted management communications. Attackers can perform...