CVE-2026-45778

Open XDMoD

CVE-2026-45777

OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Starting in version 9.5.0 and prior to version 11.0.3, an attacker can remotely execute arbitrary system commands on the web server hosting Open XDMoD with the privileges of the web server process. This could allow an attack...

CVE-2026-45777

Open XDMoD (OpenXDMoD): A remote command-injection vulnerability allows an attacker to execute arbitrary system commands on the web server process, affecting versions 9.5.0–11.0.2. Root cause: OS command injection that can compromise confidentiality, integrity, and availability. Impact includes r...

EUVD-2026-34904

OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Starting in version 9.5.0 and prior to version 11.0.3, an attacker can remotely execute arbitrary system commands on the web server hosting Open XDMoD with the privileges of the web server process. This could allow an attack...

EUVD-2025-206293

GLPI is a free asset and IT management software package. From 11.0.0, 11.0.3, an unauthenticated user can perform a SQL injection through the inventory endpoint. This vulnerability is fixed in 11.0.3...

GLPI SQL injection vulnerability

GLPI is an open-source IT and asset management software developed by GLPI. This software provides a comprehensive IT resource management interface, allowing you to create databases for managing various IT assets such as computers, monitors, servers, printers, network devices, telephones, and even...

PT-2026-3063

Name of the Vulnerable Software and Affected Versions GLPI versions 11.0.0 through 11.0.2 Description An unauthenticated user can execute SQL injection attacks through the inventory endpoint. The issue affects GLPI versions 11.0.0 through 11.0.2. The vulnerable endpoint is /inventory. The attack...

Johnson Controls Metasys ADS/ADX/OAS 安全漏洞

Johnson Controls Metasys ADS/ADX/OAS Servers is an application and data server from Johnson Controls, Inc. A security vulnerability exists in Johnson Controls Metasys ADS/ADX/OAS version 10 up to and including 10.1.6, and version 11 up to and including 11.0.3, which stems from insufficient...

Archer Platform 安全漏洞

Archer Platform is a modern integrated risk management solution from Archer, Inc. A security vulnerability exists in Archer Platform versions 6.8 through prior to 6.11 P3 6.11.0.3 that stems from the inclusion of incorrect API access controls in a multi-instance system, which can compromise...

Dolibarr ERP/CRM Cross-Site Scripting Vulnerability (CNVD-2020-52837)

Dolibarr ERP/CRM is a Web-based enterprise resource planning ERP and customer relationship management CRM system from the Dolibarr Foundation in France. The system can be used to manage products, inventory, invoices, orders, and more. A cross-site scripting vulnerability exists in Dolibarr ERP/CR...

CVE-2020-6175

Citrix SD-WAN 10.2.x before 10.2.6 and 11.0.x before 11.0.3 has Missing SSL Certificate Validation...

OpenJDK: Insufficient restriction of privileges in AccessController (Security, 8216381)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multip...

DEBIAN-CVE-2019-2818

Vulnerability in the Java SE component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 11.0.3 and 12.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful...

UBUNTU-CVE-2019-2821

Vulnerability in the Java SE component of Oracle Java SE subcomponent: JSSE. Supported versions that are affected are Java SE: 11.0.3 and 12.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE. Successful attacks require human...

acroread: multiple code execution flaws (APSB13-15)

Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service memory corruption via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721,...