54730 matches found
CVE-2026-23086
In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: cap TX credit to local buffer size The virtio transports derives its TX credit directly from peerbufalloc, which is set from the remote endpoint's SOVMSOCKETSBUFFERSIZE value. On the host side this means that the...
CVE-2026-1884
A weakness has been identified in ZenTao up to 21.7.6-85642. The impacted element is the function fetchHook of the file module/webhook/model.php of the component Webhook Module. This manipulation causes server-side request forgery. The attack may be initiated remotely. The exploit has been made...
CVE-2026-1884
A weakness has been identified in ZenTao up to 21.7.6-85642. The impacted element is the function fetchHook of the file module/webhook/model.php of the component Webhook Module. This manipulation causes server-side request forgery. The attack may be initiated remotely. The exploit has been made...
CVE-2026-1884
A weakness has been identified in ZenTao up to 21.7.6-85642. The impacted element is the function fetchHook of the file module/webhook/model.php of the component Webhook Module. This manipulation causes server-side request forgery. The attack may be initiated remotely. The exploit has been made...
CVE-2026-1884 ZenTao Webhook model.php fetchHook server-side request forgery
A weakness has been identified in ZenTao up to 21.7.6-85642. The impacted element is the function fetchHook of the file module/webhook/model.php of the component Webhook Module. This manipulation causes server-side request forgery. The attack may be initiated remotely. The exploit has been made...
CVE-2026-1884
CVE-2026-1884 affects ZenTao up to 21.7.6-85642. The vulnerable element is the function fetchHook in the file module/webhook/model.php of the Webhook Module. This manipulation enables a server-side request forgery (SSRF) that may be exploited remotely; the exploit is publicly available. Vendors w...
CVE-2026-1884 ZenTao Webhook model.php fetchHook server-side request forgery
A weakness has been identified in ZenTao up to 21.7.6-85642. The impacted element is the function fetchHook of the file module/webhook/model.php of the component Webhook Module. This manipulation causes server-side request forgery. The attack may be initiated remotely. The exploit has been made...
CVE-2026-0948
The CVE-2026-0948 vulnerability affects the Drupal Microsoft Entra ID SSO Login module for Drupal, where insufficient validation of responses from the Microsoft Entra ID service allows an authentication bypass. This can lead to complete account takeover of any user, including site administrators,...
CVE-2026-24884
The CVE-2026-24884 vulnerability affects the npm package compressing (versions ≤ 1.10.3 and 2.0.0) where TAR extraction of symbolic links is performed without validating link targets. This can allow an attacker to cause subsequent archive entries to be written to arbitrary locations on the host f...
SQL Injection
Overview devcode-it/openstamanager is a management software for technical assistance and electronic invoicing Affected versions of this package are vulnerable to SQL Injection via the stampe auth module. An attacker can execute arbitrary SQL commands by supplying crafted input to database queries...
CVE-2025-69215
OpenSTAManager is an open source management software for technical assistance and invoicing. In version 2.9.8 and prior, there is a SQL Injection vulnerability in the Stampe Module. At time of publication, no known patch exists...
CVE-2025-69215 OpenSTAManager has an SQL Injection in the Stampe Module
OpenSTAManager is an open source management software for technical assistance and invoicing. In version 2.9.8 and prior, there is a SQL Injection vulnerability in the Stampe Module. At time of publication, no known patch exists...
CVE-2025-69215 OpenSTAManager has an SQL Injection in the Stampe Module
OpenSTAManager is an open source management software for technical assistance and invoicing. In version 2.9.8 and prior, there is a SQL Injection vulnerability in the Stampe Module. At time of publication, no known patch exists...
EUVD-2025-206784
OpenSTAManager is an open source management software for technical assistance and invoicing. In version 2.9.8 and prior, there is a SQL Injection vulnerability in the Stampe Module. At time of publication, no known patch exists...
CVE-2025-69215 OpenSTAManager has an SQL Injection in the Stampe Module
OpenSTAManager is an open source management software for technical assistance and invoicing. In version 2.9.8 and prior, there is a SQL Injection vulnerability in the Stampe Module. At time of publication, no known patch exists...
CVE-2025-69215
OpenSTAManager’s Stampe Module (version 2.9.8 and earlier) contains an SQL Injection in the Stampe actions.php handler (case 'update'): the POST parameter module is concatenated into an UPDATE query without proper sanitization, enabling error-based SQL injection via endpoints like POST /modules/s...
CVE-2025-69215
OpenSTAManager is an open source management software for technical assistance and invoicing. In version 2.9.8 and prior, there is a SQL Injection vulnerability in the Stampe Module. At time of publication, no known patch exists...
DRUPAL-CONTRIB-2026-008
The Login Disable module prevents users from logging in to your Drupal site unless they know the access key to add to the end of the login form page. default: If they provide the access key and have a specific role they can log in. The module does not check for the access key when using the HTTP...
CVE-2026-23098
In the Linux kernel, the following vulnerability has been resolved: netrom: fix double-free in nrrouteframe In nrrouteframe, oldskb is immediately freed without checking if nrneigh-ax25 pointer is NULL. Therefore, if nrneigh-ax25 is NULL, the caller function will free oldskb again, causing a...
CVE-2026-23104
In the Linux kernel, the following vulnerability has been resolved: ice: fix devlink reload call trace Commit 4da71a77fc3b "ice: read internal temperature sensor" introduced internal temperature sensor reading via HWMON. icehwmoninit was added to iceinitfeature and icehwmonexit was added to...