MINI-5Q5F-625V-G6M2

Bulletin has no description...

MINI-V5XR-M74F-VG4F

Bulletin has no description...

CVE-2026-41144

F´ F Prime is a framework that enables development and deployment of spaceflight and other embedded software applications. Prior to version 4.2.0, the bounds check byteOffset + dataSize fileSize uses U32 addition that wraps around on overflow. An attacker-crafted DataPacket with...

CVE-2026-39815

A improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet FortiDDoS-F 7.2.1 through 7.2.2 may allow attacker to execute unauthorized code or commands via sending crafted HTTP requests...

CVE-2026-10105

agno 2.6.5 contains a SQL injection vulnerability in the ClickHouse vector database backend that allows attackers to inject arbitrary SQL expressions by supplying malicious metadata keys and values to the deletebymetadata method. Attackers can exploit the unsafe f-string interpolation in...

CVE-2026-10105

agno 2.6.5 contains a SQL injection vulnerability in the ClickHouse vector database backend that allows attackers to inject arbitrary SQL expressions by supplying malicious metadata keys and values to the deletebymetadata method. Attackers can exploit the unsafe f-string interpolation in...

EUVD-2026-33358

agno 2.6.5 contains a SQL injection vulnerability in the ClickHouse vector database backend that allows attackers to inject arbitrary SQL expressions by supplying malicious metadata keys and values to the deletebymetadata method. Attackers can exploit the unsafe f-string interpolation in...

F-logic DataCube3 - SQL Injection

SQL injection vulnerability in f-logic datacube3 v.1.0 allows a remote attacker to obtain sensitive information via the reqid parameter. id: CVE-2024-31750 info: name: F-logic DataCube3 - SQL Injection author: DhiyaneshDK severity: high description: | SQL injection vulnerability in f-logic...

CVE-2026-46190 mtd: spi-nor: debugfs: fix out-of-bounds read in spi_nor_params_show()

In the Linux kernel, the following vulnerability has been resolved: mtd: spi-nor: debugfs: fix out-of-bounds read in spinorparamsshow Sashiko noticed an out-of-bounds read 1. In spinorparamsshow, the snorfnames array is passed to spinorprintflags using sizeofsnorfnames. Since snorfnames is an arr...

PT-2026-44313

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description An out-of-bounds read exists in the spi nor params show function within the spi-nor debugfs component. The issue occurs...

CVE-2026-44315

The CVE describes a vulnerability in free5GC NEF where the 3gpp-pfd-management API is mounted without inbound OAuth2/bearer-token authorization prior to version 4.2.2. An attacker reachable on the SBI can forge Bearer tokens to create, read, and delete PFD-management transactions, with these acti...

CVE-2026-48240 Open ISES Tickets < 3.44.2 SQL Injection via ajax/statistics.php tick_id and f_tick_id Parameters

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/statistics.php where the tickid and ftickid POST parameters are concatenated into WHERE clauses of SELECT statements in the statistics rollup queries without sanitization. Authenticated attackers can craft requests tha...

CVE-2026-48240 Open ISES Tickets < 3.44.2 SQL Injection via ajax/statistics.php tick_id and f_tick_id Parameters

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/statistics.php where the tickid and ftickid POST parameters are concatenated into WHERE clauses of SELECT statements in the statistics rollup queries without sanitization. Authenticated attackers can craft requests tha...

EUVD-2026-31322

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/statistics.php where the tickid and ftickid POST parameters are concatenated into WHERE clauses of SELECT statements in the statistics rollup queries without sanitization. Authenticated attackers can craft requests tha...

PT-2026-42518

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/statistics.php where the tick id and f tick id POST parameters are concatenated into WHERE clauses of SELECT statements in the statistics rollup queries without sanitization. Authenticated attackers can craft requests...

F5 Networks BIG-IP : BIG-IP FastL4 virtual server vulnerability (K000160862)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.1 / 17.5.1.4 / 21.0.0.1. It is, therefore, affected by a vulnerability as referenced in the K000160862 advisory. When embedded Packet Velocity Acceleration ePVA acceleration is configured, undisclosed local ethernet...

CVE-2026-40102

The CVE concerns Plane, an open-source project management tool. In versions ≤1.3.0, SavedAnalyticEndpoint accepts a user-controlled segment value and forwards it to a Django F() expression without validation, causing ORM Field Reference Injection. An authenticated workspace MEMBER can call GET /a...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fncm: Fixed atomic context locking issue The ncmsetalt function was holding a mutex to prevent race conditions with configfs. This function invokes the mightsleep function within an atomic context. The struct pointer...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: facm: Refactor the bind path to use free After a bind/unbind cycle, the acm-notifyreq remains stale. If a subsequent bind fails, the unified error handling mechanism attempts to free this stale request, resulting in ...

Astra Linux - уязвимость в zsh

In zsh before version 5.8.1, an attacker can gain code execution if they control the command output within the prompt, as demonstrated by using a %F argument. This occurs due to the recursive PROMPTSUBST expansion...