CVE-2026-23054

In the Linux kernel, the following vulnerability has been resolved: net: hvnetvsc: reject RSS hash key programming without RX indirection table RSS configuration requires a valid RX indirection table. When the device reports a single receive queue, rndisfilterdeviceadd does not allocate an...

Cross-Site Scripting (XSS)

dotnetnuke.core is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input validation in module friendly names, which allows an attacker to inject and execute malicious scripts during certain module operations in the Persona Bar...

Cross-site Scripting (XSS)

dotnetnuke.core is vulnerable to cross-site scripting XSS. The vulnerability is due to module titles supporting rich text input without proper script sanitization, which allows an attacker to inject and execute malicious scripts in certain scenarios...

CVE-2025-67186

TOTOLINK A950RG V4.1.2cu.5204B20210112 contains a buffer overflow vulnerability in the setUrlFilterRules interface of /lib/cstemodules/firewall.so. The vulnerability occurs because the url parameter is not properly validated for length, allowing remote attackers to trigger a buffer overflow,...

AutoGPT 日志信息泄露漏洞

AutoGPT is an open-source tool developed by AutoGPT. It aims to make AI accessible and usable for everyone. Previous versions of AutoGPT, including autogpt-platform-beta-v0.6.46, had a vulnerability related to log information leakage. This vulnerability stemmed from the Stagehand integration...

Login Disable - Less critical - Access bypass - SA-CONTRIB-2026-008

The Login Disable module prevents users from logging in to your Drupal site unless they know the access key to add to the end of the login form page. default: http://example.com/user/login?admin If they provide the access key and have a specific role they can log in. The module does not check for...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the HWMON module not properly cleaning up resources when devices are reloaded, potentially leadin...

PT-2026-6344

The Login Disable module prevents users from logging in to your Drupal site unless they know the access key to add to the end of the login form page. default: If they provide the access key and have a specific role they can log in. The module does not check for the access key when using the HTTP...

Nature Easy Soft Network Technology ZenTao 代码问题漏洞

Nature Easy Soft Network Technology ZenTao is an open-source project management software developed by Nature Easy Soft Network Technology. This software includes functions such as product management, project management, quality management, and document management. The version 21.7.6-85642 and...

OpenSTAManager SQL注入漏洞

OpenSTAManager is an open-source management software developed by Devcode, designed for technical assistance and billing purposes. Versions of OpenSTAManager 2.9.8 and earlier contained a SQL injection vulnerability. This vulnerability originated from the Stampe module, which had SQL injection...

Dotnetnuke < 9.13.10 / 10.0.x < 10.02.00 Stored XSS via Module Title (CVE-2026-24838)

According to its self-reported version, the instance of Dotnetnuke running on the remote web server is prior to 9.13.10 or 10.0.x prior to 10.02.00. It is, therefore, affected by a vulnerability. - DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft...

SUSE SLES16 Security Update : gpg2 (SUSE-SU-2026:20195-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:20195-1 advisory. - CVE-2026-24882: stack-based buffer overflow in TPM2 PKDECRYPT for TPM-backed RSA and ECC keys bsc1257396. - CVE-2026-24883: deni...

CVE-2020-37078

i-doit Open Source CMDB 1.14.1 contains a file deletion vulnerability in the import module that allows authenticated attackers to delete arbitrary files by manipulating the deleteimport parameter. Attackers can send a POST request to the import module with a crafted filename to remove files from...

EUVD-2020-30996

i-doit Open Source CMDB 1.14.1 contains a file deletion vulnerability in the import module that allows authenticated attackers to delete arbitrary files by manipulating the deleteimport parameter. Attackers can send a POST request to the import module with a crafted filename to remove files from...

CVE-2020-37078 i-doit Open Source CMDB 1.14.1 - Arbitrary File Deletion

i-doit Open Source CMDB 1.14.1 contains a file deletion vulnerability in the import module that allows authenticated attackers to delete arbitrary files by manipulating the deleteimport parameter. Attackers can send a POST request to the import module with a crafted filename to remove files from...

CVE-2020-37078

i-doit Open Source CMDB 1.14.1 contains a file deletion vulnerability in the import module that allows authenticated attackers to delete arbitrary files by manipulating the deleteimport parameter. Attackers can send a POST request to the import module with a crafted filename to remove files from...

CVE-2020-37078

CVE-2020-37078 involves i-doit Open Source CMDB 1.14.1. The vulnerability is a file deletion flaw in the import module that allows authenticated attackers to delete arbitrary files by manipulating the delete_import parameter. An attacker can issue a crafted POST request to the import module (with...

CVE-2020-37078 i-doit Open Source CMDB 1.14.1 - Arbitrary File Deletion

i-doit Open Source CMDB 1.14.1 contains a file deletion vulnerability in the import module that allows authenticated attackers to delete arbitrary files by manipulating the deleteimport parameter. Attackers can send a POST request to the import module with a crafted filename to remove files from...

GHSA-QX9P-W3VJ-Q24Q OpenSTAManager has an SQL Injection in the Stampe Module

Vulnerability Details Location - File: modules/stampe/actions.php - Line: 26 - Vulnerable Code: php case 'update': if !emptyintvalpost'predefined' && !emptypost'module' $dbo-query'UPDATE zzprints SET predefined = 0 WHERE idmodule = '.post'module'; // ↑ Direct concatenation without prepare...

OpenSTAManager has an SQL Injection in the Stampe Module

Vulnerability Details Location - File: modules/stampe/actions.php - Line: 26 - Vulnerable Code: php case 'update': if !emptyintvalpost'predefined' && !emptypost'module' $dbo-query'UPDATE zzprints SET predefined = 0 WHERE idmodule = '.post'module'; // ↑ Direct concatenation without prepare...