CVE-2026-40108

GLPI is a free asset and IT management software package. In versions 11.0.0 through 11.0.6, a technician can store an XSS payload in a ITIL costs. This issue has been fixed in version 11.0.7...

CVE-2026-40108

CVE-2026-40108 - GLPI Stored XSS in ITIL costs : Affects GLPI versions 11.0.0 through 11.0.6 where a technician can store an XSS payload in ITIL costs. The issue has been fixed in version 11.0.7. CVSS 4.0 base score is 7.1 (HIGH) with user interaction required and HIGH impact on confidentiality, ...

EUVD-2026-19249

GLPI is a free asset and IT management software package. From 10.0.0 to before 10.0.24 and 11.0.6, an authenticated user can perform a SQL injection via the logs export feature. This vulnerability is fixed in 10.0.24 and 11.0.6...

CVE-2026-26026

GLPI versions 11.0.0–11.0.5 are affected by a template-injection path in the admin-created template mechanism that can lead to Remote Code Execution (RCE). The issue is fixed in 11.0.6. A related PoC exists on GitHub, but the exploit details are not provided in the document set. Mitigation: upgra...

CVE-2026-25936 GLPI Vulnerable to Authenticated SQL Injection

GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, an authenticated user can perfom a SQL injection. Version 11.0.6 fixes the issue...

EUVD-2026-9399

Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an execution with unnecessary privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges...

PT-2026-4107

Name of the Vulnerable Software and Affected Versions jegtheme JNews - Pay Writer versions through 11.0.0 Description A flaw exists in jegtheme JNews - Pay Writer that allows for PHP Local File Inclusion due to improper control of filename for include/require statements. This issue potentially...

CVE-2025-66417 GLPI has an unauthenticated SQL injection through the inventory endpoint

GLPI is a free asset and IT management software package. From 11.0.0, 11.0.3, an unauthenticated user can perform a SQL injection through the inventory endpoint. This vulnerability is fixed in 11.0.3...

CVE-2025-36326 IBM Controller information disclosure

IBM Cognos Controller 11.0.0 through 11.0.1, and IBM Controller 11.1.0 through 11.1.1 could allow an attacker to obtain sensitive information due to the use of hardcoded cryptographic keys for signing session cookies...

CVE-2025-30477

Dell PowerScale OneFS, versions prior to 9.11.0.0, contains a use of a broken or risky cryptographic algorithm vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure...

IBM Controller 安全漏洞

IBM Cognos Controller is a corporate performance management CPM software for financial consolidation, reporting and analysis. A weak password vulnerability exists in IBM Cognos Controller versions 11.0.0 through 11.1.0, which stems from the fact that the system does not require users to set stron...

IBM Cognos Controller 代码问题漏洞

IBM Cognos Controller is a suite of business intelligence and planning solutions from International Business Machines IBM. The product features process automation, financial audit control, and the creation and management of financial reports. A file upload vulnerability exists in IBM Cognos...

IBM Cognos Controller SQL注入漏洞

IBM Cognos Controller is a suite of business intelligence and planning solutions from International Business Machines IBM. The product features process automation, financial audit control, and creating and managing financial reports. An SQL injection vulnerability exists in IBM Cognos Controller...

HUAWEI EMUI/Magic UI 安全漏洞

Huawei EMUI and Huawei Magic UI are both products of Huawei, a Chinese company.Huawei EMUI is a mobile operating system based on Android.Huawei Magic UI is a smart device operating system. A security vulnerability exists in HUAWEI EMUI/Magic UI.The vulnerability stems from a lack of length...