449 matches found
PT-2026-22618
Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting XSS vulnerability in the admin/user list.php endpoint. The keyword inactive parameter is not properly sanitized, allowing attackers to inject malicious JavaScript through a crafted URL. Th...
Chamilo 跨站脚本漏洞
Chamilo is an open-source learning management system developed by Chamilo. Versions of Chamilo prior to 1.11.30 had a cross-site scripting vulnerability. This vulnerability stemmed from improper cleaning of the keywordinactive parameter in the admin/userlist.php file, which could lead to...
PT-2026-7045
A security vulnerability has been detected in ZeroWdd studentmanager up to 2151560fc0a50ec00426785ec1e01a3763b380d9. This impacts the function addLeave of the file src/main/java/com/wdd/studentmanager/controller/LeaveController.java. The manipulation of the argument Reason for Leave leads to cros...
CVE-2026-2184
A vulnerability was detected in Great Developers Certificate Generation System up to 97171bb0e5e22e52eacf4e4fa81773e5f3cffb73. This vulnerability affects unknown code of the file /restructured/csv.php. The manipulation of the argument photo results in os command injection. The attack can be...
EUVD-2026-5766
A vulnerability was detected in Great Developers Certificate Generation System up to 97171bb0e5e22e52eacf4e4fa81773e5f3cffb73. This vulnerability affects unknown code of the file /restructured/csv.php. The manipulation of the argument photo results in os command injection. The attack can be...
CVE-2026-2184
A vulnerability was detected in Great Developers Certificate Generation System up to 97171bb0e5e22e52eacf4e4fa81773e5f3cffb73. This vulnerability affects unknown code of the file /restructured/csv.php. The manipulation of the argument photo results in os command injection. The attack can be...
CVE-2026-2184 Great Developers Certificate Generation System csv.php os command injection
A vulnerability was detected in Great Developers Certificate Generation System up to 97171bb0e5e22e52eacf4e4fa81773e5f3cffb73. This vulnerability affects unknown code of the file /restructured/csv.php. The manipulation of the argument photo results in os command injection. The attack can be...
CVE-2026-2183
A security vulnerability has been detected in Great Developers Certificate Generation System up to 97171bb0e5e22e52eacf4e4fa81773e5f3cffb73. This affects an unknown part of the file /restructured/csv.php. The manipulation leads to unrestricted upload. Remote exploitation of the attack is possible...
PT-2026-7015
Name of the Vulnerable Software and Affected Versions Great Developers Certificate Generation System affected versions not specified Description A security issue exists in Great Developers Certificate Generation System. The issue involves unrestricted upload due to manipulation of the file...
SUSE-SU-2026:0375-1 Security update for libvirt
This update for libvirt fixes the following issues: Security fixes: - CVE-2025-13193: Fixed umask for 'qemu-img' when creating external inactive snapshots bsc1253703 - CVE-2025-12748: Fixed check ACLs before parsing the whole domain XML bsc1253278 Other fixes: - libvirt-supportconfig: Add support...
Linux Distros Unpatched Vulnerability : CVE-2026-22976
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/sched: schqfq: Fix NULL deref when deactivating inactive aggregate in qfqreset qfqclass-leafqdisc-q.qlen 0 does not imply that the class itself is active. T...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005117)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005117 advisory. In the Linux kernel, the following vulnerability has been resolved: sched/smt: Fix unbalance schedsmtpresent dec/inc I got the following warn report while doing stre...
CVE-2026-23012
In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: remove callcontrol in inactive contexts If damoncall is executed against a DAMON context that is not running, the function returns error while keeping the damoncallcontrol object linked to the context's callcontrol...
CVE-2026-23012
In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: remove callcontrol in inactive contexts If damoncall is executed against a DAMON context that is not running, the function returns error while keeping the damoncallcontrol object linked to the context's callcontrol...
UBUNTU-CVE-2026-23012
In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: remove callcontrol in inactive contexts If damoncall is executed against a DAMON context that is not running, the function returns error while keeping the damoncallcontrol object linked to the context's callcontrol...
EUVD-2026-4617
In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: remove callcontrol in inactive contexts If damoncall is executed against a DAMON context that is not running, the function returns error while keeping the damoncallcontrol object linked to the context's callcontrol...
CVE-2026-23012
In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: remove callcontrol in inactive contexts If damoncall is executed against a DAMON context that is not running, the function returns error while keeping the damoncallcontrol object linked to the context's callcontrol...
PT-2026-4674
In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: remove call control in inactive contexts If damon call is executed against a DAMON context that is not running, the function returns error while keeping the damon call control object linked to the context's call...
SUSE-SU-2026:0279-1 Security update for libvirt
This update for libvirt fixes the following issues: - CVE-2025-13193: Fixed umask for 'qemu-img' when creating external inactive snapshots bsc1253703 - CVE-2025-12748: Fixed check ACLs before parsing the whole domain XML bsc1253278...
CVE-2025-27378
AES contains a SQL injection vulnerability due to an inactive configuration that prevents the latest SQL parsing logic from being applied. When this configuration is not enabled, crafted input may be improperly handled, allowing attackers to inject and execute arbitrary SQL queries...