210 matches found
Kolibri has Unauthenticated Server-Side Request Forgery (SSRF) in RemoteFacilityUserViewset
Summary Several Kolibri API endpoints accept an unvalidated baseurl parameter and fetch attacker-controlled URLs from the Kolibri server, reflecting the response body back to the caller. The original report identified two endpoints on the RemoteFacilityUser viewsets; remediation review found two...
PT-2026-48808
Name of the Vulnerable Software and Affected Versions Kolibri versions prior to 0.19.4 Description Several API endpoints accept an unvalidated baseurl parameter, allowing the server to fetch attacker-controlled URLs and reflect the response body back to the caller. This occurs because the baseurl...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Fix: Use strings when defining tracepoints for DA monitors. Using DA monitor tracepoints with KASAN enabled triggers the following warning: Bug: KASAN: Global-out-of-bounds access in doTraceEventRawEventEventDaMonitor+0xd6/0x1a0...
EUVD-2023-60559
Joomla Solidres 2.13.3 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating multiple GET parameters including show, reviews, typeid, distance, facilities, categories, prices, location, and Itemid. Attackers can...
CVE-2026-26723
Cross Site Scripting vulnerability in Key Systems Inc Global Facilities Management Software v. 20230721a allows a remote attacker to execute arbitrary code via the function parameter...
CVE-2026-26724
Cross Site Scripting vulnerability in Key Systems Inc Global Facilities Management Software v. 20230721a allows a remote attacker to execute arbitrary code via the selectgroup and gn parameters on the /?Function=Groups endpoint...
CVE-2026-26721
An issue in Key Systems Inc Global Facilities Management Software v.20230721a allows a remote attacker to obtain sensitive information via the sid query parameter...
CVE-2026-26722
An issue in Key Systems Inc Global Facilities Management Software v.20230721a allows a remote attacker to escalate privileges via PIN component of the login functionality...
CVE-2026-26721
An issue in Key Systems Inc Global Facilities Management Software v.20230721a allows a remote attacker to obtain sensitive information via the sid query parameter...
CVE-2026-26723
Cross Site Scripting vulnerability in Key Systems Inc Global Facilities Management Software v. 20230721a allows a remote attacker to execute arbitrary code via the function parameter...
CVE-2026-26721
An issue in Key Systems Inc Global Facilities Management Software v.20230721a allows a remote attacker to obtain sensitive information via the sid query parameter...
CVE-2026-26722
An issue in Key Systems Inc Global Facilities Management Software v.20230721a allows a remote attacker to escalate privileges via PIN component of the login functionality...
CVE-2026-26723
Cross Site Scripting vulnerability in Key Systems Inc Global Facilities Management Software v. 20230721a allows a remote attacker to execute arbitrary code via the function parameter...
CVE-2026-26724
Cross Site Scripting vulnerability in Key Systems Inc Global Facilities Management Software v. 20230721a allows a remote attacker to execute arbitrary code via the selectgroup and gn parameters on the /?Function=Groups endpoint...
CVE-2026-26722
An issue in Key Systems Inc Global Facilities Management Software v.20230721a allows a remote attacker to escalate privileges via PIN component of the login functionality...
CVE-2026-26724
Cross Site Scripting vulnerability in Key Systems Inc Global Facilities Management Software v. 20230721a allows a remote attacker to execute arbitrary code via the selectgroup and gn parameters on the /?Function=Groups endpoint...
CVE-2026-26721
An issue in Key Systems Inc Global Facilities Management Software v.20230721a allows a remote attacker to obtain sensitive information via the sid query parameter...
CVE-2026-26724
Cross Site Scripting vulnerability in Key Systems Inc Global Facilities Management Software v. 20230721a allows a remote attacker to execute arbitrary code via the selectgroup and gn parameters on the /?Function=Groups endpoint...
CVE-2026-26723
Cross Site Scripting vulnerability in Key Systems Inc Global Facilities Management Software v. 20230721a allows a remote attacker to execute arbitrary code via the function parameter...
PT-2026-21252
Name of the Vulnerable Software and Affected Versions Key Systems Inc Global Facilities Management Software version 20230721a Description A Cross Site Scripting issue exists in Key Systems Inc Global Facilities Management Software version 20230721a. This allows a remote attacker to execute...