274262 matches found
📄 OpenSTAManager 2.9.8 SQL Injection
OpenSTAManager versions 2.9.8 and below suffer from a remote SQL injection vulnerability in the Stampe module. CVE-2025-69215: OpenSTAManager has an SQL Injection in the Stampe Module Overview | Field | Details | |---|---| | CVE ID | CVE-2025-69215 | | Severity | HIGH | | Advisory | View Advisory...
📄 OpenSTAManager 2.9.8 SQL Injection
OpenSTAManager versions 2.9.8 and below suffer from a remote SQL injection vulnerability in the Prima Nota module. CVE-2026-24419: OpenSTAManager has a SQL Injection in the Prima Nota module Overview | Field | Details | |---|---| | CVE ID | CVE-2026-24419 | | Severity | HIGH | | Advisory | View...
📄 Pachno 1.0.6 Cross Site Scripting
Pachno version 1.0.6 suffers from persistent cross site scripting vulnerabilities. Pachno 1.0.6 Stored Cross-Site Scripting Vendor: Daniel André Eikeland Product web page: https://github.com/pachno/pachno Affected version: 1.0.6 Summary: Pachno is an open-source collaboration platform formerly...
📄 OpenSTAManager 2.9.8 SQL Injection / Denial of Service
OpenSTAManager versions 2.9.8 and below suffer from a remote time-based SQL injection vulnerability in the search functionality that can lead to a denial of service condition. CVE-2026-24417: OpenSTAManager has a Time-Based Blind SQL Injection with Amplified Denial of Service Overview | Field |...
📄 Pachno 1.0.6 Privilege Escalation
The authorization check in the runSwitchUser action in Pachno version 1.0.6 evaluates the expression !canSaveConfiguration && !hasCookie'originalusername' and only forbids the request when both subexpressions are true. The presence of the originalusername cookie is sufficient to satisfy the secon...
📄 WBCE CMS Privilege Escalation / Insecure Direct Object Reference
WBCE CMS versions prior to 1.6.4 suffers from insecure direct object reference and privilege escalation vulnerabilities. CVE-2025-65094: WBCE CMS is Vulnerable to Privilege Escalation via Group ID Manipulation IDOR Overview | Field | Details | |---|---| | CVE ID | CVE-2025-65094 | | Severity | HI...
📄 WBCE CMS 1.6.4 SQL Injection
WBCE CMS versions 1.6.4 and below suffer from a remote time-bsed SQL injection vulnerability via the groups parameter. CVE-2025-65950: WBCE CMS is Vulnerable to Time-Based Blind SQL Injection through groups Parameter Overview | Field | Details | |---|---| | CVE ID | CVE-2025-65950 | | Severity |...
📄 OpenSTAManager 2.9.8 SQL Injection
OpenSTAManager versions 2.9.8 and below suffer from a remote SQL injection vulnerability in ajaxselect.php. CVE-2025-69214: OpenSTAManager has a SQL Injection in ajaxselect.php componenti endpoint Overview | Field | Details | |---|---| | CVE ID | CVE-2025-69214 | | Severity | HIGH | | Advisory |...
📄 Cockpit CMS 2.13.5 NoSQL Injection
Cockpit CMS version 2.13.5 is vulnerable to NoSQL operator injection on multiple API endpoints. User-supplied filter objects are forwarded to the Mongolite query engine without stripping MongoDB operators. Authenticated users can bypass intended query filters and perform boolean-based blind queri...
📄 OpenSTAManager 2.9.8 SQL Injection
OpenSTAManager versions 2.9.8 and below suffer from a remote SQL injection vulnerability in ajaxcomplete.php. CVE-2025-69213: OpenSTAManager has a SQL Injection in ajaxcomplete.php getsedi endpoint Overview | Field | Details | |---|---| | CVE ID | CVE-2025-69213 | | Severity | HIGH | | Advisory |...
📄 OpenSTAManager 2.9.8 SQL Injection
OpenSTAManager versions 2.9.8 and below suffer from a remote time-based SQL injection vulnerability in the Article Pricing module. CVE-2026-24416: OpenSTAManager has a Time-Based Blind SQL Injection in Article Pricing Module Overview | Field | Details | |---|---| | CVE ID | CVE-2026-24416 | |...
📄 FacturaScripts SQL Injection
FacturaScripts versions prior to 2025.81 suffer from a remote SQL injection vulnerability in the Autocomplete Actions functionality. CVE-2026-25514: FacturaScripts has SQL Injection in Autocomplete Actions Overview | Field | Details | |---|---| | CVE ID | CVE-2026-25514 | | Severity | HIGH | |...
📄 OpenSTAManager 2.9.8 Command Injection
OpenSTAManager versions 2.9.8 and below suffer from a command injection vulnerability via the P7M file processing functionality. CVE-2025-69212: OpenSTAManager has an OS Command Injection in P7M File Processing Overview | Field | Details | |---|---| | CVE ID | CVE-2025-69212 | | Severity | CRITIC...
📄 Pachno 1.0.6 Open Redirection
Pachno version 1.0.6 suffers from an open redirection vulnerability. Input passed via the returnto GET/POST parameter to the login endpoint is not properly verified before being used to redirect users. The getLoginForwardUrl helper applies htmlentities to the value which is intended for HTML outp...
📄 InvoicePlane 1.6.3 Path Traversal
InvoicePlane versions 1.6.3 and below suffer from a path traversal vulnerability in the getfile method of the Guest module. CVE-2026-23491: InvoicePlane has Unauthenticated Path Traversal in Guest Controller Overview | Field | Details | |---|---| | CVE ID | CVE-2026-23491 | | Severity | CRITICAL ...
📄 Pachno 1.0.6 Wiki TextParser XML Injection
Pachno version 1.0.6 suffers from an XML eXternal Entity XXE vulnerability in the wiki textparser. Pachno 1.0.6 Wiki TextParser XXE Vulnerability Vendor: Daniel André Eikeland Product web page: https://github.com/pachno/pachno Affected version: 1.0.6 Summary: Pachno is an open-source collaboratio...
📄 OpenSTAManager 2.9.8 Cross Site Scripting
OpenSTAManager versions 2.9.8 and below suffer from a cross site scripting vulnerability in modificaiva.php via the righe parameter. CVE-2026-24415: OpenSTAManager Affected by XSS in modificaiva.php via righe parameter Overview | Field | Details | |---|---| | CVE ID | CVE-2026-24415 | | Severity ...
📄 FacturaScripts SQL Injection
FacturaScripts versions prior to 2025.81 suffer from a remote SQL injection vulnerability in the API ORDER BY clause. CVE-2026-25513: FacturaScripts has SQL Injection in API ORDER BY Clause Overview | Field | Details | |---|---| | CVE ID | CVE-2026-25513 | | Severity | HIGH | | Advisory | View...
📄 WBCE CMS 1.6.4 Brute Force
WBCE CMS versions 1.6.4 suffers from a brute force protection bypass vulnerability. CVE-2025-66204: WBCE CMS allows brute-force protection bypass using X-Forwarded-For header Overview | Field | Details | |---|---| | CVE ID | CVE-2025-66204 | | Severity | MEDIUM | | Advisory | View Advisory | |...
📄 XWiki Blog Cross Site Scripting
XWiki Blog versions prior to 9.15.7 suffer from a persistent cross site scripting vulnerability via the blog post title. CVE-2025-66024: XWiki Blog Application home page vulnerable to Stored XSS via Post Title Overview | Field | Details | |---|---| | CVE ID | CVE-2025-66024 | | Severity | HIGH | ...