89311 matches found
SQL-Injection-Detection-System
SQL Injection Detection System A comprehensive full-stack web...
CVE-2026-36789
Shenzhen Tenda Technology Co., Ltd Tenda AC1206 v15.03.06.23 was discovered to contain multiple stack overflows in the fromGstDhcpSetSer function via the username and password parameters. These vulnerabilities allow attackers to cause a Denial of Service DoS via a crafted HTTP request...
SUSE CVE-2026-46284
In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix early boot crash on parameters without '=' separator If hugepages, hugepagesz, or defaulthugepagesz are specified on the kernel command line without the '=' separator, early parameter parsing passes NULL to...
CVE-2026-44755
SAP Business Objects Business Intelligence Platform does not sufficiently validate email sending parameters supplied by authenticated users, resulting in an email spoofing vulnerability.This vulnerability has a low impact on integrity and does not affect the confidentiality and availability of th...
CVE-2026-40128
SAP NetWeaver Application Server Java Web Container allows an unauthenticated attacker to craft a malicious HTTP logon request that manipulates file inclusion parameters, enabling path traversal and processing of the included file. Processing the included file could allow the attacker to view or...
EUVD-2026-35287
SAP Business Objects Business Intelligence Platform does not sufficiently validate email sending parameters supplied by authenticated users, resulting in an email spoofing vulnerability.This vulnerability has a low impact on integrity and does not affect the confidentiality and availability of th...
CVE-2026-44755 Email Spoofing vulnerability in SAP Business Objects Business Intelligence Platform
SAP Business Objects Business Intelligence Platform does not sufficiently validate email sending parameters supplied by authenticated users, resulting in an email spoofing vulnerability.This vulnerability has a low impact on integrity and does not affect the confidentiality and availability of th...
CVE-2026-44755
SAP Business Objects Business Intelligence Platform does not sufficiently validate email sending parameters supplied by authenticated users, resulting in an email spoofing vulnerability.This vulnerability has a low impact on integrity and does not affect the confidentiality and availability of th...
CVE-2026-44755
CVE-2026-44755 affects SAP Business Objects Business Intelligence Platform. The issue arises from insufficient validation of email sending parameters by authenticated users, enabling email spoofing. Impact is described as low for integrity and no impact on confidentiality or availability (CVSS v3...
CVE-2026-40128 Directory Traversal vulnerability in SAP NetWeaver Application Server Java (Web Container)
SAP NetWeaver Application Server Java Web Container allows an unauthenticated attacker to craft a malicious HTTP logon request that manipulates file inclusion parameters, enabling path traversal and processing of the included file. Processing the included file could allow the attacker to view or...
CVE-2026-40128
SAP NetWeaver Application Server Java Web Container allows an unauthenticated attacker to craft a malicious HTTP logon request that manipulates file inclusion parameters, enabling path traversal and processing of the included file. Processing the included file could allow the attacker to view or...
CVE-2026-40128
CVE-2026-40128 concerns SAP NetWeaver Application Server Java (Web Container). An unauthenticated attacker can craft a malicious HTTP logon request that manipulates file inclusion parameters, enabling path traversal and processing of the included file. This could allow viewing or modifying sensit...
EUVD-2026-35279
SAP NetWeaver Application Server Java Web Container allows an unauthenticated attacker to craft a malicious HTTP logon request that manipulates file inclusion parameters, enabling path traversal and processing of the included file. Processing the included file could allow the attacker to view or...
PT-2026-47530
SAP NetWeaver Application Server Java Web Container allows an unauthenticated attacker to craft a malicious HTTP logon request that manipulates file inclusion parameters, enabling path traversal and processing of the included file. Processing the included file could allow the attacker to view or...
PT-2026-47538
SAP Business Objects Business Intelligence Platform does not sufficiently validate email sending parameters supplied by authenticated users, resulting in an email spoofing vulnerability.This vulnerability has a low impact on integrity and does not affect the confidentiality and availability of th...
Security Bulletin: IBM i is Affected By NULL Pointer Dereference, Use Afer Free, and Out-of-Bounds Write Vulnerabilities in OpenSSL [CVE-2026-28388, CVE-2026-28389, CVE-2026-28390, CVE-2026-28387, CVE-2026-31789]
Summary OpenSSL for IBM i is vulnerable to NULL pointer derefences when processing either a delta CRL indicator extension CVE-2026-28388 or CMS EnvelopedData message with KeyAgreeRecipientInfo CVE-2026-28389, CVE-2026-28390, and use after free when using DANE TLSA-based server authentication...
CVE-2026-46284
A flaw was found in the Linux kernel's hugetlb memory management. A local user could exploit this by providing malformed kernel command-line parameters, such as hugepages or hugepagesz, without an '=' separator. This improper handling of input during early parameter parsing can lead to a system...
Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to a denial of service CVE-2025-13466
Summary body-parser is used by the IBM Datapower Operations Dashboard as part of their network implementation Vulnerability Details CVEID:CVE-2025-13466 DESCRIPTION: body-parser 2.2.0 is vulnerable to denial of service due to inefficient handling of URL-encoded bodies with very large numbers of...
CVE-2026-46284
In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix early boot crash on parameters without '=' separator If hugepages, hugepagesz, or defaulthugepagesz are specified on the kernel command line without the '=' separator, early parameter parsing passes NULL to...
CVE-2026-22164
Software installed and run as a non-privileged user may conduct improper GPU system calls to corrupt kernel heap memory. By creating resources of certain types and presenting a set of parameters to the affected interface the exploit can be used to corrupt kernel memory...