CVE-2019-16967

An issue was discovered in Manager 13.x before 13.0.2.6 and 15.x before 15.0.6 before FreePBX 14.0.10.3. In the Manager module form html\admin\modules\manager\views\form.php, an unsanitized managerdisplay variable coming from the URL is reflected in HTML, leading to XSS. It can be requested via G...

CVE-2019-16106

The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated attacker to change the password of any user via the recruitmentonline/personalData/actacounttab.cfm txtNewUserName and hdNP fields...

CVE-2019-12840

In Webmin through 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi...

CVE-2019-12163

GAT-Ship Web Module through 1.30 allows remote attackers to obtain potentially sensitive information via in a ws/gatshipWs.asmx/SqlVersion request...

CVE-2019-12047

Gridea v0.8.0 has an XSS vulnerability through which the Nodejs module can be called to achieve arbitrary code execution, as demonstrated by childprocess.exec and the "...

CVE-2006-3263

SQL injection vulnerability in the Weblinks module weblinks.php in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter...

CVE-2025-1071

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS allows Stored XSS via the spamBlocker module. This vulnerability requires an authenticated administrator session to a locally managed Firebox.This issue affects Firewa...

CVE-2025-1981

Improper neutralization of input provided by a low-privileged user into a file search functionality in Ready's Invoices module allows for SQL Injection attacks...

CVE-2022-27641

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.12010.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetUSB module. The issue results from the lack of...

Security Bulletin: Kafka client library upgraded to kafka-clients-3.9.1

Summary Kafka client library upgraded to kafka-clients-3.9.1. Vulnerability Details CVEID:CVE-2025-27818 DESCRIPTION: A possible security vulnerability has been identified in Apache Kafka. This requires access to a alterConfig to the cluster resource, or Kafka Connect worker, and the ability to...

PT-2026-1681

Name of the Vulnerable Software and Affected Versions SmartLiving SmartLAN versions 6.x and earlier Description SmartLiving SmartLAN contains a remote command injection issue in the web.cgi binary. The issue is due to an unsanitized par POST parameter within the 'testemail' module. An attacker ca...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000311)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000311 advisory. An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the ipmisi module is removed,...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000331)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000331 advisory. An infinite loop issue was found in the vhostnet kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handlerx. It could...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000348)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000348 advisory. A flaw was found in the HDLCPPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation i...

PT-2026-1551

Name of the Vulnerable Software and Affected Versions TP-Link Archer BE400 version 1.1.0 Build 20250710 rel.14914 Description A flaw exists in the 802.11 modules of the TP-Link Archer BE400 that can lead to a denial-of-service DoS condition. An attacker in close proximity can trigger a device...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000504)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000504 advisory. A flaw was found in the Linux Kernel before 5.8-rc6 in the ZRAM kernel module, where a user with a local account and the ability to read the...

Atlassian Confluence < 8.5.31 / 8.6.x < 9.2.13 / 9.3.x < 10.2.2 (CONFSERVER-101788)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-101788 advisory. - Critical XXE in Apache Tika tika-core 1.13-3.2.1, tika-pdf-module 2.0.0-3.2.1 and tika-parsers 1.13-1.28.5 modules on all platforms allows an...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000485)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000485 advisory. A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000310)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000310 advisory. A buffer over-read flaw was found in RH kernel versions before 5.0 in cryptoauthencextractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module,...

Unity Linux 20.1060e / 20.1070e Security Update: httpd (UTSA-2026-000182)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000182 advisory. The aprwrite function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using...