82391 matches found
Unspecified vulnerability in AnythingLLM (CNVD-2026-17191)
AnythingLLM is an all-in-one AI application open-sourced by Mintplex. AnythingLLM suffers from a security vulnerability that stems from two common system preferences endpoints that allow administrator role access, which can be exploited by an attacker to cause the administrator to read plaintext...
UBUNTU-CVE-2026-3856
IBM Db2 Recovery Expert for Linux, UNIX and Windows 5.5 IF 2 could all...
CPython 安全漏洞
CPython is a Python interpreter implemented in C language by the Python Foundation. CPython has security vulnerabilities, which stem from unvalidated resource parameters, potentially leading to path traversal attacks...
EUVD-2026-12671
The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Prior to 1.6.6, non sanitized user input can lend to an SQL injection from reports, with adequate rights. This vulnerability is fixed in 1.6.6...
CVE-2026-25936
GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, an authenticated user can perfom a SQL injection. Version 11.0.6 fixes the issue...
SQL Injection
devcode-it/openstamanager is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of the display parameter in API requests, which allows an attacker to execute arbitrary SQL queries and compromise the database...
AVideo affected by unauthenticated application takeover via exposed web installer on uninitialized deployments
Summary The install/checkConfiguration.php endpoint performs full application initialization — database setup, admin account creation, and configuration file write — from unauthenticated POST input. The only guard is checking whether videos/configuration.php already exists. On uninitialized...
Missing Authentication for Critical Function
Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the checkConfiguration.php process. An attacker can gain full administrative control and manipulate the application...
GHSA-2F9H-23F7-8GCX AVideo affected by unauthenticated application takeover via exposed web installer on uninitialized deployments
Summary The install/checkConfiguration.php endpoint performs full application initialization — database setup, admin account creation, and configuration file write — from unauthenticated POST input. The only guard is checking whether videos/configuration.php already exists. On uninitialized...
EUVD-2026-12627
GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, an authenticated user can perfom a SQL injection. Version 11.0.6 fixes the issue...
CVE-2026-25936 GLPI Vulnerable to Authenticated SQL Injection
GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, an authenticated user can perfom a SQL injection. Version 11.0.6 fixes the issue...
CVE-2026-25936 GLPI Vulnerable to Authenticated SQL Injection
GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, an authenticated user can perfom a SQL injection. Version 11.0.6 fixes the issue...
Security Bulletin: IBM Sterling B2B Integrator and IBM Sterling File Gateway are Vulnerable due to spoofing vulnerabilty in MSSQL JDBC driver (CVE-2025-59250)
Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed MSSQL JDBC driver vulnerability Vulnerability Details CVEID:CVE-2025-59250 DESCRIPTION: Improper input validation in JDBC Driver for SQL Server allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-25772
Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.4.0 and prior to version 4.14.3, a stack-based buffer overflow vulnerability exists in the Wazuh Database synchronization module wdbdeltaevent.c. The SQL query construction logic...
CVE-2026-25772 Wazuh Database Synchronization Vulnerable to Stack-based Buffer Overflow via snprintf Integer Underflow
Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.4.0 and prior to version 4.14.3, a stack-based buffer overflow vulnerability exists in the Wazuh Database synchronization module wdbdeltaevent.c. The SQL query construction logic...
EUVD-2026-12621
Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.4.0 and prior to version 4.14.3, a stack-based buffer overflow vulnerability exists in the Wazuh Database synchronization module wdbdeltaevent.c. The SQL query construction logic...
CVE-2026-25772
Wazuh Database synchronization module (wdb_delta_event.c) contains a stack-based buffer overflow due to an integer underflow in the query buffer size calculation. Affected range: 4.4.0 up to, and including, 4.14.2 (fixed in 4.14.3). If a payload causes the 2048-byte query buffer to overflow, the ...
CVE-2026-25772
Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.4.0 and prior to version 4.14.3, a stack-based buffer overflow vulnerability exists in the Wazuh Database synchronization module wdbdeltaevent.c. The SQL query construction logic...
CVE-2026-25772 Wazuh Database Synchronization Vulnerable to Stack-based Buffer Overflow via snprintf Integer Underflow
Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.4.0 and prior to version 4.14.3, a stack-based buffer overflow vulnerability exists in the Wazuh Database synchronization module wdbdeltaevent.c. The SQL query construction logic...
CVE-2026-25772 Wazuh Database Synchronization Vulnerable to Stack-based Buffer Overflow via snprintf Integer Underflow
Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.4.0 and prior to version 4.14.3, a stack-based buffer overflow vulnerability exists in the Wazuh Database synchronization module wdbdeltaevent.c. The SQL query construction logic...