CVE-2026-40887

Vendure Core SQL Injection (CVE-2026-40887) affects @vendure/core via Shop API in ProductService.findOneBySlug where languageCode is interpolated into a raw SQL CASE expression without parameterization. Unauthenticated attackers can supply languageCode from the HTTP query string to inject arbitra...

Linux Distros Unpatched Vulnerability : CVE-2020-1778

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When OTRS uses multiple backends for user authentication with LDAP, agents are able to login even if the account is set to invalid. This issue affects OTRS; 8.0...

Linux Distros Unpatched Vulnerability : CVE-2023-41337

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. In version 2.3.0-beta2 and prior, when h2o is configured to listen to multiple addresses or...

DEBIAN-CVE-2023-41337

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. In version 2.3.0-beta2 and prior, when h2o is configured to listen to multiple addresses or ports with each of them using different backend servers managed by multiple entities, a malicious backend entity that also has the...

SUSE CVE-2020-1778

When OTRS uses multiple backends for user authentication with LDAP, agents are able to login even if the account is set to invalid. This issue affects OTRS; 8.0.9 and prior versions...

UBUNTU-CVE-2020-1778

When OTRS uses multiple backends for user authentication with LDAP, agents are able to login even if the account is set to invalid. This issue affects OTRS; 8.0.9 and prior versions...