18 matches found
CVE-2026-26379
Koha versions up to 25.11 contain a Server-Side Request Forgery SSRF vulnerability via the Z39.50/SRU server configuration. This allows authenticated attackers to perform internal network scanning and identify running services by analyzing server response times...
CVE-2026-26379
Koha versions up to 25.11 contain a Server-Side Request Forgery SSRF vulnerability via the Z39.50/SRU server configuration. This allows authenticated attackers to perform internal network scanning and identify running services by analyzing server response times...
CVE-2026-26379
CVE-2026-26379 affects Koha v0: Koha v.25.11 and earlier, where the Z39.50 configuration module is the entry point. The issue enables a remote attacker to execute arbitrary code. The available sources do not specify the underlying root cause details or exact vulnerable file/function, nor do they ...
CVE-2026-26379
Koha versions up to 25.11 contain a Server-Side Request Forgery SSRF vulnerability via the Z39.50/SRU server configuration. This allows authenticated attackers to perform internal network scanning and identify running services by analyzing server response times...
CVE-2026-26379
Koha versions up to 25.11 contain a Server-Side Request Forgery SSRF vulnerability via the Z39.50/SRU server configuration. This allows authenticated attackers to perform internal network scanning and identify running services by analyzing server response times...
CVE-2026-26378
Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via file upload function in Invoice features...
CVE-2026-26379
Koha versions up to 25.11 contain a Server-Side Request Forgery SSRF vulnerability via the Z39.50/SRU server configuration. This allows authenticated attackers to perform internal network scanning and identify running services by analyzing server response times...
EUVD-2014-1983
Malware in sbrugna...
EUVD-2015-4658
Malware in sbrugna...
EUVD-2025-6654
Malicious code in bioql PyPI...
CVE-2023-5025
A vulnerability was found in KOHA up to 23.05.03. It has been declared as problematic. This vulnerability affects unknown code of the file /cgi-bin/koha/catalogue/search.pl of the component MARC. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has...
CVE-2025-30076
Koha before 24.11.02 allows admins to execute arbitrary commands via shell metacharacters in the tools/scheduler.pl report parameter...
CVE-2025-30076
Koha before 24.11.02 allows admins to execute arbitrary commands via shell metacharacters in the tools/scheduler.pl report parameter...
CVE-2025-22954
GetLateOrMissingIssues in C4/Serials.pm in Koha before 24.11.02 allows SQL Injection in /serials/lateissues-export.pl via the supplierid or serialid parameter...
The vulnerability of the members/moremember.pl and admin/aqbudgets.pl components of the Koha library process automation software allows a hacker to execute arbitrary commands.
The vulnerability of the members/moremember.pl and admin/aqbudgets.pl components of the Koha library process automation software is related to the absence of a mechanism to neutralize these elements in the CSV file. Exploiting this vulnerability allows a remote attacker to execute arbitrary DDE...
The vulnerability of the upload-cover-image.pl component in the Koha library process automation software allows a hacker to read arbitrary files.
The vulnerability of the upload-cover-image.pl component in Koha library automation software is related to the lack of filtering for the path passed by the client. Exploiting this vulnerability allows a malicious actor to read arbitrary files remotely...
KOHA SQL注入漏洞
KOHA is a library automation system product by Parantez Teknoloji Individual Developer A security vulnerability exists in Parantez Teknoloji KOHA versions prior to 19.05.03, which stems from the presence of unverified SQL injection...
PT-2018-4384
Name of the Vulnerable Software and Affected Versions Koha versions 3.14.x through 3.14.15 Koha versions 3.16.x through 3.16.11 Koha versions 3.18.x through 3.18.07 Koha versions 3.20.x through 3.20.0 Description The issue allows remote attackers to execute arbitrary SQL commands via the number...