Open-School 3.0/Community Edition 2.3 - Cross-Site Scripting

Open-School 3.0, and Community Edition 2.3, allows cross-site scripting via the osv/index.php?r=students/guardians/create id parameter. id: CVE-2019-14696 info: name: Open-School 3.0/Community Edition 2.3 - Cross-Site Scripting author: pikpikcu severity: medium description: Open-School 3.0, and...

CVE-2026-20230

A vulnerability in Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an unauthenticated, remote attacker to conduct server-side request forgery SSRF attacks through an affected device. This vulnerability ...

EUVD-2026-34137

A vulnerability in Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an unauthenticated, remote attacker to conduct server-side request forgery SSRF attacks through an affected device. This vulnerability ...

CVE-2026-48682

A flaw was found in FastNetMon Community Edition. This vulnerability, located in the IPv4 packet parser, allows a remote attacker to send specially crafted network packets. This can lead to an out-of-bounds read, potentially disclosing sensitive information or causing the system to crash, resulti...

CVE-2026-45289

CloudburstMC Protocol (Minecraft Bedrock Edition) has a vulnerability in the EncryptionUtils validation for FULL type auth tokens prior to version 3.0.0.Beta12-20260420.182526-15. Exploitation affects software depending on this protocol library by potentially weakening authentication payload vali...

Teclib GLPI <= 9.3.3 - Unauthenticated SQL Injection

Teclib GLPI = 9.3.3 exposes a script /scripts/unlocktasks.php that incorrectly sanitizes user controlled data before using it in SQL queries. Thus, an attacker could abuse the affected feature to alter the semantic original SQL query and retrieve database records. id: CVE-2019-10232 info: name:...

CVE-2026-44848

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, The Docker plugin management endpoints /plugins/ were not registered...

Important: Red Hat Security Advisory: java-21-ibm-semeru-certified-jdk security update

An update for java-21-ibm-semeru-certified-jdk is now available for Red Hat Enterprise Linux 10.0 Extended Update Support, Red Hat Enterprise Linux 10, and Red Hat Enterprise Linux 10.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Importan...

CVE-2026-48209

An improper neutralization of user-controllable input in OTRS or OTRS Community Edition ticket handling allows authenticated attackers to perform reflected cross-site scripting XSS attacks via crafted request parameters associated with ticket actions. By injecting malicious JavaScript into...

CVE-2026-48188

An improper Input Validation vulnerability in OTRS or OTRS Community Edition database layer module allows an unauthenticated SQL injection which can lead to an authentication bypass. This issue only affects the system if the MySQL/MariaDB server is configured with the NOBACKSLASHESCAPES SQL mode...

CVE-2026-48187

An uncontrolled allocation of resources without limits or throttling in the e-mail handling in OTRS allows excessive allocation which may lead to the abortion of the webserver.This issue affects OTRS: 8.0.X 2023.X 2024.X 2025.X 2026.X before 2026.4.X Please note that OTRS Community Edition 6.x,...

CVE-2026-48187

CVE-2026-48187 describes an uncontrolled allocation of resources in OTRS email handling that can exhaust memory/CPU and cause the web server to abort. Affected versions include OTRS 8.0.x, 2023.x, 2024.x, 2025.x, and 2026.x before 2026.4.x; OTRS Community Edition 6.x and OTRS 7.x (and products ba...

CVE-2026-48187

An uncontrolled allocation of resources without limits or throttling in the e-mail handling in OTRS allows excessive allocation which may lead to the abortion of the webserver.This issue affects OTRS: 8.0.X 2023.X 2024.X 2025.X 2026.X before 2026.4.X Please note that OTRS Community Edition 6.x,...

CVE-2026-48187 Email with special content can lead to DoS

An uncontrolled allocation of resources without limits or throttling in the e-mail handling in OTRS allows excessive allocation which may lead to the abortion of the webserver.This issue affects OTRS: 8.0.X 2023.X 2024.X 2025.X 2026.X before 2026.4.X Please note that OTRS Community Edition 6.x,...

EUVD-2026-33553

An uncontrolled allocation of resources without limits or throttling in the e-mail handling in OTRS allows excessive allocation which may lead to the abortion of the webserver.This issue affects OTRS: 8.0.X 2023.X 2024.X 2025.X 2026.X before 2026.4.X Please note that OTRS Community Edition 6.x,...

CVE-2026-48188

An improper Input Validation vulnerability in OTRS or OTRS Community Edition database layer module allows an unauthenticated SQL injection which can lead to an authentication bypass. This issue only affects the system if the MySQL/MariaDB server is configured with the NOBACKSLASHESCAPES SQL mode...

CVE-2026-48188

OTRS (including the ((OTRS)) Community Edition) has a SQL injection in the database layer module that allows unauthenticated access to bypass authentication, triggered when MySQL/MariaDB is configured with NO_BACKSLASH_ESCAPES. Affected versions include 7.0.X, 8.0.X, 2023.X, 2024.X, 2025.X, and 2...

CVE-2026-48188 SQL Injection via MySQL Quote Method

An improper Input Validation vulnerability in OTRS or OTRS Community Edition database layer module allows an unauthenticated SQL injection which can lead to an authentication bypass. This issue only affects the system if the MySQL/MariaDB server is configured with the NOBACKSLASHESCAPES SQL mode...

CVE-2026-48208 Denial-of-Service via SVG Rendering in Ticket

An improper neutralization of active SVG content in OTRS or OTRS Community Edition ticket article rendering allows attackers to inject specially crafted SVG payloads via email content, leading to browser-side resource exhaustion and denial of service when affected tickets are opened by an agent o...

CVE-2026-48208

The CVE concerns an improper neutralization of active SVG content in OTRS/OTRS Community Edition ticket article rendering, allowing an attacker to inject crafted SVGs via email content that triggers browser-side resource exhaustion and DoS when tickets are opened. It is exploitable without JavaSc...