CVE-2026-25541 affecting package rust-afterburn for versions less than 5.8.2-2

CVE-2026-25541 affecting package rust-afterburn for versions less than 5.8.2-2. A patched version of the package is available...

CVE-2026-21037

Improper input validation in Samsung Members prior to version 5.8.01.5 allows local attackers to access arbitrary URL and launch arbitrary activity with Samsung Members privilege...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the Resize-VHD PowerShell command construction process. An attacker can execute arbitrary PowerShell commands with the privileges of the affected process by supplying a crafted VM image path containing malicious...

EUVD-2026-22237

A vulnerability has been identified in RUGGEDCOM CROSSBOW Secure Access Manager Primary SAM-P All versions V5.8. User Administrators are allowed to administer groups they belong to. This could allow an authenticated User Administrator to escalate their own privileges and grant themselves access t...

PT-2026-32609

Name of the Vulnerable Software and Affected Versions RUGGEDCOM CROSSBOW Secure Access Manager Primary SAM-P versions prior to 5.8 Description User Administrators are permitted to administer groups to which they belong. This flaw allows an authenticated User Administrator to escalate their...

CVE-2026-39864 Kamailio Auth: Processing Vulnerability For Additional Authenticated User Identity Checks

Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.0.5 and 5.8.7, an out-of-bounds read in the auth module of Kamailio formerly OpenSER and SER allows remote attackers to cause a denial of service process crash via a specially crafted SIP packet if a successful user...

CVE-2026-39349

OrangeHRM is a comprehensive human resource management HRM system. From 5.0 to 5.8, OrangeHRM Open Source encrypts certain sensitive fields with AES in ECB mode, which preserves block-aligned plaintext patterns in ciphertext and enables pattern disclosure against stored data. This vulnerability i...

OrangeHRM 授权问题漏洞

OrangeHRM is a human resources management system developed by the American company OrangeHRM. This system supports functions such as personnel information management, leave management, attendance management, and recruitment management. Versions of OrangeHRM prior to 5.8 contained an authorization...

CVE-2026-5529 Dromara lamp-cloud DefUserController pageUser improper authorization

A vulnerability was detected in Dromara lamp-cloud up to 5.8.1. This vulnerability affects the function pageUser of the file /defUser/pageUser of the component DefUserController. Performing a manipulation results in improper authorization. The attack can be initiated remotely. The exploit is now...

CVE-2024-14024

An improper certificate validation vulnerability has been reported to affect Video Station. If an attacker gains local network access who have also gained an administrator account, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the...

EUVD-2025-208519

A Stored Cross-Site Scripting XSS vulnerability exists in the PluXml article comments feature for PluXml versions 5.8.22 and earlier. The application fails to properly sanitize or validate user-supplied input in the "link" field of a comment. An attacker can inject arbitrary JavaScript code using...

CVE-2025-70128

A Stored Cross-Site Scripting XSS vulnerability exists in the PluXml article comments feature for PluXml versions 5.8.22 and earlier. The application fails to properly sanitize or validate user-supplied input in the "link" field of a comment. An attacker can inject arbitrary JavaScript code using...

CVE-2018-25166

Meneame English Pligg 5.8 contains an SQL injection via the search parameter that allows unauthenticated attackers to execute arbitrary SQL through index.php, enabling retrieval of sensitive data such as usernames, database names and version details. The vulnerability is triggered by crafted SQL ...

WordPress Ebook Store plugin <= 5.8001 - Reflected Cross-Site Scripting via 'step' vulnerability

Reflected Cross-Site Scripting via 'step' vulnerability discovered by nvthien in WordPress Plugin Ebook Store versions = 5.8001...

Craft CMS SQL注入漏洞

Craft CMS is an open-source content management system developed by Craft CMS. Versions 4.0.0-RC1 to 4.16.17, and 5.0.0-RC1 to 5.8.21 of Craft CMS have SQL injection vulnerabilities. These vulnerabilities stem from improper cleaning of the criteriaorderBy parameter input, which may lead to SQL...

MiracleLinux 8 : ctags-5.8-23.el8 (AXSA:2023-5722:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-5722:01 advisory. ctags: arbitrary command execution via a tag file with a crafted filename CVE-2022-4515 Tenable has extracted the preceding description block directly from t...

Unity Linux 20.1060a Security Update: kernel (UTSA-2026-003745)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003745 advisory. The Siemens R3964 line discipline driver in drivers/tty/nr3964.c in the Linux kernel before 5.0.8 has multiple race conditions. Tenable has extracted the preceding...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003908)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003908 advisory. A logic bug flaw was found in Linux kernel before 5.8-rc1 in the implementation of SSBD. A bug in the logic handling allows an attacker with a local account to disab...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004066)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004066 advisory. An issue was discovered in the Linux kernel before 5.8. lib/nlattr.c allows attackers to cause a denial of service unbounded recursion via a nested Netlink policy wi...

CVE-2026-21411

Authentication bypass issue exists in OpenBlocks series versions prior to FW5.0.8, which may allow an attacker to bypass administrator authentication and change the password...