13 matches found
CVE-2026-50292
A flaw was found in libinput. A local attacker with access to /dev/uinput can inject arbitrary udev properties through the libinput-device-group helper. This injection can lead to root code execution, for example, by exploiting REMOVECMD properties that are executed when a device is removed. This...
CVE-2026-26186
Fleet is open source device management software. A SQL injection vulnerability in versions prior to 4.80.1 allowed authenticated users to inject arbitrary SQL expressions via the orderkey query parameter. Due to unsafe use of goqu.I when constructing the ORDER BY clause, specially crafted input...
CVE-2025-35050 Newforma Info Exchange (NIX) .NET unauthenticated deserialization
Newforma Info Exchange NIX accepts serialized .NET data via the '/remoteweb/remote.rem' endpoint, allowing a remote, unauthenticated attacker to execute arbitrary code with 'NT AUTHORITY\NetworkService' privileges. The vulnerable endpoint is used by Newforma Project Center Server NPCS, so a...
PT-2025-5797 · Ibm · Ibm Security Verify Directory
Name of the Vulnerable Software and Affected Versions: IBM Security Verify Directory versions 10.0.0 through 10.0.3 Description: The issue allows a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. Recommendations: For IBM Security...
PT-2024-22376 · Unknown · Sourcecodester School Task Manager
Name of the Vulnerable Software and Affected Versions: Sourcecodester School Task Manager version 1.0 Description: A vulnerability was identified within the subject name= parameter, enabling Stored Cross-Site Scripting XSS attacks. This issue allows attackers to manipulate the subject's name,...
PT-2024-14345 · Tenda · Tenda Ax1803
Name of the Vulnerable Software and Affected Versions: Tenda AX1803 version 1.0.0.1 Description: The issue is related to a stack overflow that can occur via the iptv.city.vlan parameter in the formGetIptv function. Recommendations: For Tenda AX1803 version 1.0.0.1, as a temporary workaround,...
PT-2023-26406 · Nxfilter · Nxfilter
Name of the Vulnerable Software and Affected Versions: NxFilter version 4.3.2.5 Description: A problematic issue was found in NxFilter, affecting an unknown part of the file "/report,daily.jsp". The manipulation of the user argument leads to cross-site scripting. It is possible to initiate the...
PT-2023-26342 · Unknown · Bug Finder Listplace Directory Listing Platform
Name of the Vulnerable Software and Affected Versions: Bug Finder Listplace Directory Listing Platform version 3.0 Description: A vulnerability was found in the Bug Finder Listplace Directory Listing Platform, affecting an unknown part of the file /listplace/user/coverPhotoUpdate of the component...
PT-2023-22534 · Unknown · Sourcecodester Online Pizza Ordering System
Name of the Vulnerable Software and Affected Versions: SourceCodester Online Pizza Ordering System version 1.0 Description: The issue concerns SQL Injection via the QTY parameter. This allows for potential manipulation of database queries, which could lead to unauthorized access or data...
PT-2022-27570 · Aerocms · Aerocms
Name of the Vulnerable Software and Affected Versions: AeroCMS version 0.0.1 Description: The issue allows attackers to access database information through a SQL Injection vulnerability. This vulnerability is exploited via the id parameter at the "admin/post comments.php" endpoint. Recommendation...
PT-2022-7986 · Trueconf · Trueconf Server
Name of the Vulnerable Software and Affected Versions: TrueConf Server version 4.3.7 Description: A vulnerability was found in an unknown functionality of the file /admin/group, leading to basic cross site scripting DOM. The attack can be launched remotely. The exploit has been disclosed to the...
PT-2021-4939 · Advantech +1 · Advantech R-Seenet +1
Name of the Vulnerable Software and Affected Versions: Advantech R-SeeNet version 2.4.15 Description: A privilege escalation issue exists in the Windows version of Advantech R-SeeNet, related to insufficient access control to the directory C:R-SeeNet. This can allow an attacker to elevate their...
PT-2014-2216 · Iproute2 · Iproute2
Name of the Vulnerable Software and Affected Versions: iproute2 versions prior to 3.3.0 Description: The issue allows local users to overwrite arbitrary files via a symlink attack on a temporary file used by certain scripts. This can be exploited through the configure script or the...