CVE-2026-44425 ShellHub: Crash-DoS via field injection in filter and sort-by parameters

ShellHub is a centralized SSH gateway. Prior to 0.24.2, the device list endpoint accepts user-controlled identifiers in the the name field of each filter property in the base64-encoded filter query parameter and the sortby query parameter, which are then passed directly as BSON/SQL keys in the...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure in the Engine::error function. An attacker can obtain sensitive information, such as absolute filesystem paths, secrets embedded in exception messages, and internal module structure, by triggering an uncaught...

EUVD-2026-25580

@astrojs/node allows Astro to deploy your SSR site to Node targets. Prior to 10.0.5, requesting a static js/css resources from astro path with an incorrect/malformed if-match header returns a 500 error with a one year cache lifetime instead of 412 in some cases. This has the effect that all...

EUVD-2026-19674

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, the POST /api/food/id/shopping/ endpoint reads amount and unit directly from request.data and passes them without validation to ShoppingListEntry.objects.create. Invalid amount...

CVE-2026-33065 free5GC UDM incorrectly returns 500 for empty supi path parameter in DELETE sdm-subscriptions request

Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. In versions prior to 1.4.2, the UDM incorrectly converts a downstream 400 Bad Request from UDR into a 500 Internal Server Error when handling DELETE requests with an empty supi path parameter. This leak...

CVE-2026-25577

Emmett is a framework designed to simplify your development process. Prior to 1.3.11, the cookies property in mmettcore.http.wrappers.Request does not handle CookieError exceptions when parsing malformed Cookie headers. This allows unauthenticated attackers to trigger HTTP 500 errors and cause...

CVE-2026-25892

Adminer is open-source database management software. Adminer v5.4.1 and earlier has a version check mechanism where adminer.org sends signed version info via JavaScript postMessage, which the browser then POSTs to ?script=version. This endpoint lacks origin validation and accepts POST data from a...

CVE-2026-25892

Adminer is open-source database management software. Adminer v5.4.1 and earlier has a version check mechanism where adminer.org sends signed version info via JavaScript postMessage, which the browser then POSTs to ?script=version. This endpoint lacks origin validation and accepts POST data from a...

Information Exposure

Overview limesurvey/limesurvey is a FOSS online survey tool on the web. Affected versions of this package are vulnerable to Information Exposure via the handling of malformed session cookies. An attacker can obtain sensitive internal backend information, such as framework details, database engine...

PT-2025-47571

Name of the Vulnerable Software and Affected Versions LimeSurvey version 6.13.0 Description A flaw exists that allows an external user to trigger a 500 error within the survey system by submitting a crafted session cookie. This results in the disclosure of internal backend details, including the...

CVE-2025-12515 Systemic Internal Server Errors - HTTP 500 Response

Systemic Internal Server Errors - HTTP 500 ResponseThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

PT-2025-44415

Name of the Vulnerable Software and Affected Versions BLU-IC2 versions through 1.19.5 BLU-IC4 versions through 1.19.5 Description The software experiences systemic internal server errors, resulting in HTTP 500 responses. Recommendations Update BLU-IC2 to a version later than 1.19.5. Update BLU-IC...

EUVD-2025-24650

Malicious code in bioql PyPI...

CVE-2025-0588

In affected versions of Octopus Server it was possible for a user with sufficient access to set custom headers in all server responses. By submitting a specifically crafted referrer header the user could ensure that all subsequent server responses would return 500 errors rendering the site mostly...

Security update for tomcat

This update for tomcat fixes the following issues: Update to Tomcat 9.0.97 Fixed CVEs: CVE-2024-52316: If the Jakarta Authentication fails with an exception, set a 500 status bsc1233434 Catalina Add: Add support for the new Servlet API method HttpServletResponse.sendEarlyHints. markt Add: 55470:...

Ticketly 1.0 - 'name' SQL Injection

Exploit Title: Ticketly 1.0 – 'name' SQL Injection Exploit Author: Javier Olmedo Website: https://hackpuntes.com Date: 2018-11-19 Google Dork: N/A Vendor: Abisoft https://abisoftgt.net Software Link: https://abisoftgt.net/software/6/sistema-de-tickets-y-soporte-con-php-y-mysql Affected Version: 1...

Sentrifugo HRMS 3.2 - 'deptid' SQL Injection

Exploit Title: Sentrifugo HRMS 3.2 - 'deptid' SQL Injection Exploit Author: Javier Olmedo Website: https://hackpuntes.com Date: 2018-08-26 Google Dork: N/A Vendor: http://www.sapplica.com Software Link: http://www.sentrifugo.com/download Affected Version: 3.2 and possibly before Patched Version:...

Sentrifugo HRMS 3.2 - deptid SQL Injection

Sentrifugo HRMS 3.2 - deptid SQL Injection Exploit Title: Sentrifugo HRMS 3.2 - 'deptid' SQL Injection Exploit Author: Javier Olmedo Website: https://hackpuntes.com Date: 2018-08-26 Google Dork: N/A Vendor: http://www.sapplica.com Software Link: http://www.sentrifugo.com/download Affected Version...

Security Bulletin: Vulnerability in Rational Directory Server help files system with potential for debug info in error message (CVE-2013-0599)

Summary A parameter path to the Rational Directory Server help documentation causes an error message response from the server with HTTP ERROR 500 debug information displayed in the browser. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts li...

ImgSvr <= 0.6.5 (long http post) Denial of Service Exploit

Exploit for unknown platform in category dos / poc ========================================================== ImgSvr = 0.6.5 long http post Denial of Service Exploit ========================================================== !/usr/bin/perl Proof of concept. Credit's:to n00b for finding this bug...