CVE-2026-48190

An incorrect handling of permissions in OTRS External Interface and the ConfigItem List module allows an authenticated customer to query the system for CI information. Please note that CMDB has to be anabled and CustomerGroupSupport has to be used to be affected. This issue affects OTRS: 7.0.X...

CVE-2026-48190

An incorrect handling of permissions in OTRS External Interface and the ConfigItem List module allows an authenticated customer to query the system for CI information. Please note that CMDB has to be anabled and CustomerGroupSupport has to be used to be affected. This issue affects OTRS: 7.0.X...

CVE-2026-48190

CVE-2026-48190 describes an incorrect permissions handling in OTRS External Interface and the ConfigItem List module that allows an authenticated customer to query CI information. Affected products/versions include OTRS 7.0.x, 8.0.x, 2023.x–2026.x prior to 2026.4.x, with CMDB enabled and Customer...

CVE-2026-48190 Incorrect handling of permissions in External Interface Config Item List module

An incorrect handling of permissions in OTRS External Interface and the ConfigItem List module allows an authenticated customer to query the system for CI information. Please note that CMDB has to be anabled and CustomerGroupSupport has to be used to be affected. This issue affects OTRS: 7.0.X...

PT-2026-45262

An incorrect handling of permissions in OTRS External Interface and the ConfigItem List module allows an authenticated customer to query the system for CI information. Please note that CMDB has to be anabled and CustomerGroupSupport has to be used to be affected. This issue affects OTRS: 7.0.X...

PT-2026-34360

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the XFS file system where the unmount sequence in the xfs unmount flush inodes function pushes the Active Item List AIL while background reclaim and inode garbage...

CVE-2026-4197 D-Link DNS-1550-04 download_mgr.cgi RSS_Item_List command injection

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected is the function...

CVE-2024-24447

A buffer overflow in the ngapamfhandlepdusessionresourcesetupresponse function of oai-cn5g-amf up to v2.0.0 allows attackers to cause a Denial of Service DoS via a PDU Session Resource Setup Response with an empty Response Item list...

CVE-2024-24447

A buffer overflow in the ngapamfhandlepdusessionresourcesetupresponse function of oai-cn5g-amf up to v2.0.0 allows attackers to cause a Denial of Service DoS via a PDU Session Resource Setup Response with an empty Response Item list...

CVE-2024-23856

A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/itemlist.php, in the description parameter. Exploitation of this vulnerability cou...

Kashipara Billing Software SQL Injection Vulnerability

Kashipara Billing Software is an application from Kashipara India. Kashipara Billing Software version 1.0 suffers from a SQL injection vulnerability that stems from a SQL injection vulnerability in the id of the itemlistedit.php file...

CVE-2024-0279

A vulnerability, which was classified as critical, was found in Kashipara Food Management System up to 1.0. Affected is an unknown function of the file itemlistedit.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

PT-2024-15439 · Unknown · Kashipara Food Management System

Name of the Vulnerable Software and Affected Versions: Kashipara Food Management System versions up to 1.0 Description: A critical issue was found in the Kashipara Food Management System. The manipulation of the id argument in an unknown function of the file item list edit.php leads to SQL...

Kashipara Food Management System SQL注入漏洞

Kashipara Food Management System is a food management system from Kashipara. A SQL injection vulnerability exists in Kashipara Food Management System version 1.0, which is caused by a lack of validation of the itemname parameter of the itemlistsubmit.php file against externally-entered SQL...

CVE-2023-43484

Cross-site scripting vulnerability in Item List page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script...

CVE-2023-43484

Cross-site scripting vulnerability in Item List page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script...

CVE-2023-41233

Cross-site scripting vulnerability in Item List page registration process of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script...

CVE-2023-41233

Cross-site scripting vulnerability in Item List page registration process of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script...

Cross site scripting

Cross-site scripting vulnerability in Item List page registration process of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script...

Cross site scripting

Cross-site scripting vulnerability in Item List page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script...