UBUNTU-CVE-2019-25710

Dolibarr ERP-CRM 8.0.4 contains an SQL injection vulnerability in the rowid parameter of the admin dict.php endpoint that allows attackers to execute arbitrary SQL queries. Attackers can inject malicious SQL code through the rowid POST parameter to extract sensitive database information using...

CVE-2019-25713 MyT-PM 1.5.1 SQL Injection via Charge[group_total] Parameter

MyT-PM 1.5.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the Chargegrouptotal parameter. Attackers can submit crafted POST requests to the /charge/admin endpoint with error-based, time-based blind...

CVE-2019-25710 Dolibarr ERP-CRM 8.0.4 SQL Injection via rowid Parameter

Dolibarr ERP-CRM 8.0.4 contains an SQL injection vulnerability in the rowid parameter of the admin dict.php endpoint that allows attackers to execute arbitrary SQL queries. Attackers can inject malicious SQL code through the rowid POST parameter to extract sensitive database information using...

Security update for the Linux Kernel (Live Patch 7 for SUSE Linux Enterprise 15 SP7)

This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.25 fixes various security issues The following security issues were fixed: CVE-2025-71120: SUNRPC: svcauthgss: avoid NULL deref on zero length gsstoken in gssreadproxyverf bsc1256780. CVE-2026-22999: net/sched: schqfq: do not free...

RLSA-2026:6632 Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Linux kernel net/mlx5: Use-after-free in ECVF vports unload leads to denial of service CVE-2025-38109 kernel: Linux kernel: Local denial of service and memory leak in DAMON sysfs via setu...

SUSE-SU-2026:1279-1 Security update for the Linux Kernel (Live Patch 8 for SUSE Linux Enterprise 15 SP7)

This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.28 fixes various security issues The following security issues were fixed: - CVE-2025-71120: SUNRPC: svcauthgss: avoid NULL deref on zero length gsstoken in gssreadproxyverf bsc1256780. - CVE-2026-22999: net/sched: schqfq: do not fr...

PT-2026-32175

MyT-PM 1.5.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the Chargegroup total parameter. Attackers can submit crafted POST requests to the /charge/admin endpoint with error-based, time-based blin...

Linux Distros Unpatched Vulnerability : CVE-2026-34479

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Log4j1XmlLayout from the Apache Log4j 1-to-Log4j 2 bridge fails to escape characters forbidden by the XML 1.0 standard, producing malformed XML output...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a scalar fork logic error in the BPFOR instruction within the maybeforkscalars function. This error may...

Libexif 输入验证错误漏洞

Libexif is a function library written in C language by the Libexif organization. This product is primarily used for reading and writing EXIF metadata from graphic files. Versions of Libexif prior to 0.6.25 contained a vulnerability related to input validation errors. This vulnerability stemmed fr...

Mesa 缓冲区错误漏洞

Mesa is an open-source proxy modeling framework developed by Mesa projects. Versions of Mesa prior to 25.3.6 and 26.0.1 contain a buffer error vulnerability. This vulnerability stems from the fact that the amount of data to be allocated in WebGPU depends on an untrusted party, which is then used...

SUSE-SU-2026:1274-1 Security update for the Linux Kernel (Live Patch 19 for SUSE Linux Enterprise 15 SP6)

This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.84 fixes various security issues The following security issues were fixed: - CVE-2025-71120: SUNRPC: svcauthgss: avoid NULL deref on zero length gsstoken in gssreadproxyverf bsc1256780. - CVE-2026-22999: net/sched: schqfq: do not fr...

Exploit for SQL Injection in Devcode Openstamanager

CVE-2026-24418: OpenSTAManager has a SQL Injection vulnerabili...

OESA-2026-1839 python-ecdsa security update

This is an easy-to-use implementation of ECDSA cryptography Elliptic Curve Digital Signature Algorithm, implemented purely in Python, released under the MIT license. With this library, you can quickly create keypairs signing key and verifying key, sign messages, and verify the signatures. The key...

SUSE CVE-2026-2229

ImpactThe undici WebSocket client is vulnerable to a denial-of-service attack due to improper validation of the servermaxwindowbits parameter in the permessage-deflate extension. When a WebSocket client connects to a server, it automatically advertises support for permessage-deflate compression. ...

EUVD-2026-21609

Net::CIDR::Lite versions before 0.23 for Perl does not validate IPv6 group count, which may allow IP ACL bypass. packipv6 does not check that uncompressed IPv6 addresses without :: have exactly 8 hex groups. Inputs like "abcd", "1:2:3", or "1:2:3:4:5:6:7" are accepted and produce packed values of...

Labcenter Electronics Proteus 缓冲区错误漏洞

Labcenter Electronics Proteus is an electronic engineering software developed by the British company Labcenter, used for circuit design and embedded system simulation. Labcenter Electronics Proteus has a buffer error vulnerability, which stems from insufficient validation of the data provided to...

Sonos Era 300 缓冲区错误漏洞

The Sonos Era 300 is a spatial audio speaker from the American company Sonos, equipped with Dolby Atmos technology. The Sonos Era 300 has a buffer error vulnerability, which stems from insufficient validation of the DataOffset field in SMB responses, potentially allowing remote code execution...

Python -- use-after-free vulnerability in decompressors under memory pressure

Seth Larson reports: There is a CRITICAL severity vulnerability affecting CPython. Use-after-free UAF was possible in the lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile when a memory allocation fails with a MemoryError and the decompression instance is re-used. This scenario can be...

Labcenter Electronics Proteus 缓冲区错误漏洞

Labcenter Electronics Proteus is an electronic engineering software developed by the British company Labcenter, used for circuit design and embedded system simulation. Labcenter Electronics Proteus has a buffer error vulnerability, which stems from insufficient validation of the data provided by...