1091 matches found
PT-2026-35266
P10 Central Management Software 1.4.13 contains a buffer overflow vulnerability in the login password field that allows local attackers to crash the application by submitting an oversized input string. Attackers can paste a 2000-byte payload into the password field and click login to trigger an...
Silex SD-330AC和Silex AMC Manager 安全漏洞
Silex SD-330AC and Silex AMC Manager are both products of the Japanese company Silex. Silex SD-330AC is a device server that provides wireless network connectivity and the ability to share with USB devices. Silex AMC Manager is a management software used for centralized management of device serve...
Silex SD-330AC和Silex AMC Manager 安全漏洞
Silex SD-330AC and Silex AMC Manager are both products of the Japanese company Silex. Silex SD-330AC is a device server that provides wireless network connectivity and the ability to share with USB devices. Silex AMC Manager is a management software used for centralized management of device serve...
Silex SD-330AC和Silex AMC Manager 安全漏洞
Silex SD-330AC and Silex AMC Manager are both products of the Japanese company Silex. Silex SD-330AC is a device server that provides wireless network connectivity and the ability to share with USB devices. Silex AMC Manager is a management software used for centralized management of device serve...
Cross‑tenant helpdesk impersonation to data exfiltration: A human-operated intrusion playbook
In this article 1. Risk to enterprise environments 2. Attack chain overview 1. Stage 1: Initial contact via Teams T1566.003 Spearphishing via Service 2. Stage 2: Remote assistance foothold 3. Stage 3: Interactive reconnaissance and access validation 4. Stage 4: Payload placement and trusted...
CVE-2025-65132
The CVE-2025-65132 entry corresponds to a reflected Cross-Site Scripting (XSS) vulnerability in alandsilva26/hotel-management-php 1.0. The affected component is the admin-facing edit_room.php, where an attacker can inject and execute arbitrary JavaScript through the room_id GET parameter. This is...
EUVD-2026-19808
ChurchCRM is an open-source church management system. Prior to 7.1.0, the GroupPropsFormRowOps.php file contains a SQL injection vulnerability. User input in the Field parameter is directly inserted into SQL queries without proper sanitization. The mysqlirealescapestring function does not escape...
CVE-2026-26027
GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, an unauthenticated user can store an XSS payload through the inventory endpoint. This vulnerability is fixed in 11.0.6...
CVE-2026-29047
GLPI is a free asset and IT management software package. From 10.0.0 to before 10.0.24 and 11.0.6, an authenticated user can perform a SQL injection via the logs export feature. This vulnerability is fixed in 10.0.24 and 11.0.6...
CVE-2026-25932
GLPI is a Free Asset and IT Management Software package. From 0.60 to before 10.0.24, an authenticated technician user can store an XSS payload in a supplier fields. This vulnerability is fixed in 10.0.24...
EUVD-2026-19247
GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, an unauthenticated user can store an XSS payload through the inventory endpoint. This vulnerability is fixed in 11.0.6...
EUVD-2026-19245
GLPI is a Free Asset and IT Management Software package. From 0.60 to before 10.0.24, an authenticated technician user can store an XSS payload in a supplier fields. This vulnerability is fixed in 10.0.24...
CVE-2026-25932 GLPI has Stored XSS in Supplier 'Website' field
GLPI is a Free Asset and IT Management Software package. From 0.60 to before 10.0.24, an authenticated technician user can store an XSS payload in a supplier fields. This vulnerability is fixed in 10.0.24...
QNAP Systems QuNetSwitch 操作系统命令注入漏洞
QNAP Systems QuNetSwitch is a network management software developed by QNAP Systems, a company based in Taiwan, China. It provides centralized switch management and network configuration monitoring capabilities. Previous versions of QNAP Systems QuNetSwitch, including 2.0.4.0415, had a...
CVE-2026-25937 GLPI has a MFA bypass
GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, a malicious actor with knowledge of a user's credentials can bypass MFA and steal their account. Version 11.0.6 fixes the issue...
UBUNTU-CVE-2026-25936
GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, an authenticated user can perfom a SQL injection. Version 11.0.6 fixes the issue...
Trane多款产品 加密问题漏洞
Trane Tracer SC, among others, are products of the American company Trane. Trane Tracer SC is a building controller for monitoring and automation management. Trane Tracer SC+ is also a building controller for monitoring and automation management. Trane Tracer Concierge is a building management...
SourceCodester Pet Grooming Management Software 授权问题漏洞
SourceCodester Pet Grooming Management Software is an open-source pet grooming management system developed by SourceCodester. Version 1.0 of SourceCodester Pet Grooming Management Software has a vulnerability related to authorization issues. This vulnerability stems from the operation of the user...
Sz-Admin 代码问题漏洞
Sz-Admin is a mid-backend management software developed by INS6+ individual developers. Versions of Sz-Admin such as 1.3.2-beta and earlier contained code vulnerabilities. These vulnerabilities stemmed from incorrect handling of parameters in the files/download file and API, particularly the url...
Sz-Admin 代码问题漏洞
Sz-Admin is a mid-backend management software developed by INS6+ individuals. Versions of Sz-Admin such as 1.3.2-beta and earlier contained code-related vulnerabilities. These vulnerabilities stemmed from incorrect operations with files/api/admin/sys-file/upload, which could lead to unlimited...