Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013359)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013359 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: use timestamp to check for set element timeout Add a timestamp field at the...

Visitor Management System 安全漏洞

The Visitor Management System is a system for managing visitors. Version 1.0 of the Visitor Management System has security vulnerabilities. These vulnerabilities stem from the lack of validation in the upload functions of the vms/php/adminuserinsert.php and vms/php/update1.php files, which may le...

Oracle PeopleSoft Enterprise PeopleTools 安全漏洞

Oracle PeopleSoft Enterprise PeopleTools is a technology provided by Oracle Corporation in the United States, designed to keep PeopleSoft applications in sync with user needs and expectations. There were security vulnerabilities in the versions of Oracle PeopleSoft Enterprise PeopleTools 8.61 to...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011092)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011092 advisory. In the Linux kernel, the following vulnerability has been resolved: orangefs: Fix kmemleak in orangefspreparedebugfshelpstring When insert and remove the orangefs...

CVE-2026-37748

CVE-2026-37748 affects Visitor Management System 1.0 by sanjay1313. The vulnerability is an Unrestricted File Upload in vms/php/admin_user_insert.php and vms/php/update_1.php, where move_uploaded_file() runs without MIME type, extension, or content validation. This allows an authenticated admin t...

SUSE CVE-2026-28214

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the ClumpletReader::getClumpletSize function can overflow the totalLength value when parsing a Wide type clumplet, causing an infinite loop. An authenticated user with INSERT privileges...

CVE-2026-23756

GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the Troubleshooter module where the subject POST parameter is not sanitized in ControllerStep.InsertSubmit and EditSubmit before being rendered by ViewStep.RenderViewSteps. An authenticated staff member can inject...

CVE-2026-23756 GFI HelpDesk < 4.99.9 Stored XSS via Troubleshooter Step Subject

GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the Troubleshooter module where the subject POST parameter is not sanitized in ControllerStep.InsertSubmit and EditSubmit before being rendered by ViewStep.RenderViewSteps. An authenticated staff member can inject...

PT-2026-33814

GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the Troubleshooter module where the subject POST parameter is not sanitized in Controller Step.InsertSubmit and EditSubmit before being rendered by View Step.RenderViewSteps. An authenticated staff member can injec...

CVE-2026-28214

A flaw was found in Firebird, an open-source relational database management system. An authenticated user with INSERT privileges on any table can exploit this vulnerability by sending a specially crafted Batch Parameter Block. This action causes an integer overflow in the...

CVE-2026-28214

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the ClumpletReader::getClumpletSize function can overflow the totalLength value when parsing a Wide type clumplet, causing an infinite loop. An authenticated user with INSERT privileges...

CVE-2026-28214

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the ClumpletReader::getClumpletSize function can overflow the totalLength value when parsing a Wide type clumplet, causing an infinite loop. An authenticated user with INSERT privileges...

CVE-2026-28214

CVE-2026-28214 affects Firebird DBMS. The issue is in the ClumpletReader::getClumpletSize() when parsing a Wide type clumplet, which can overflow totalLength and cause an infinite loop. An authenticated user with INSERT privileges on any table can trigger a denial of service via a crafted Batch P...

PT-2026-33479

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the ClumpletReader::getClumpletSize function can overflow the totalLength value when parsing a Wide type clumplet, causing an infinite loop. An authenticated user with INSERT privileges...

EUVD-2026-21852

A vulnerability has been found in code-projects Simple ChatBox up to 1.0. Affected by this vulnerability is an unknown functionality of the file /chatbox/insert.php of the component Endpoint. Such manipulation of the argument msg leads to cross site scripting. The attack may be performed from...

EUVD-2026-21854

A vulnerability was determined in code-projects Simple ChatBox up to 1.0. This affects an unknown part of the file /chatbox/insert.php of the component Endpoint. Executing a manipulation of the argument msg can lead to sql injection. It is possible to launch the attack remotely. The exploit has...

CVE-2026-6159

A vulnerability has been found in code-projects Simple ChatBox up to 1.0. Affected by this vulnerability is an unknown functionality of the file /chatbox/insert.php of the component Endpoint. Such manipulation of the argument msg leads to cross site scripting. The attack may be performed from...

CVE-2026-6161

The CVE-2026-6161 vulnerability affects code-projects Simple ChatBox up to version 1.0, specifically the /chatbox/insert.php component. The issue arises from manipulating the msg argument, leading to a SQL injection. The attack can be launched remotely, and exploits have been publicly disclosed. ...

CVE-2026-6161

A vulnerability was determined in code-projects Simple ChatBox up to 1.0. This affects an unknown part of the file /chatbox/insert.php of the component Endpoint. Executing a manipulation of the argument msg can lead to sql injection. It is possible to launch the attack remotely. The exploit has...

CVE-2026-6161 code-projects Simple ChatBox Endpoint insert.php sql injection

A vulnerability was determined in code-projects Simple ChatBox up to 1.0. This affects an unknown part of the file /chatbox/insert.php of the component Endpoint. Executing a manipulation of the argument msg can lead to sql injection. It is possible to launch the attack remotely. The exploit has...