CVE-2026-7886

Concrete CMS versions 9.5.0 and below are vulnerable to an IDOR in AddMessage/UpdateMessage via the attachments[] parameter. The AddMessage and UpdateMessage controllers load files by ID with $em->find(File::class, $attachmentID) without per-file permission checks (canViewFile()), enabling a u...

OpenSIPS 输入验证错误漏洞

OpenSIPS is a GPL-licensed SIP server implementation from the individual developers of OpenSIPS. An input validation error vulnerability exists in OpenSIPS version 3.2 and earlier, which stems from a system crash when an incorrectly formatted SDP body is received and processed by the...