CVE-2026-42097 Authentication Bypass in Sparx Pro Cloud Server

Sparx Pro Cloud Server requires authentication based on requested URL. An attacker can omit the "model" query parameter and send the model name only in the binary blob in POST request allowing SQL query execution without authentication. The vendor was notified early about this vulnerability, but...

CVE-2026-42097

Sparx products show multiple CVEs with concrete details across Pro Cloud Server and Enterprise Architect. CVE-2026-42097 describes an authentication bypass: a request can omit the model parameter and embed the model name in a POST blob, enabling SQL query execution without authentication. CVE-202...

georgringer/news has SQL Injection in extension "News system" (news)

The extension fails to properly sanitize user input before using it in a database query. As a result, an unauthenticated attacker can inject arbitrary SQL through a URL parameter on pages using the "Date Menu of news articles" plugin. Exploitation requires the "Date Menu of news articles" plugin ...

CVE-2026-8912

CVE-2026-8912 affects the Contest Gallery plugin for WordPress up to version 28.1.6. It is an unauthenticated SQL Injection via the form_input parameter in the post_cg_gallery_form_upload AJAX action (cb branch of users-upload-check.php), where $f_input_id is concatenated unquoted into a SQL quer...

External Control of Assumed-Immutable Web Parameter

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to External Control of Assumed-Immutable Web Parameter via the SessionCodeChecks restart flow in the login sessi...

CVE-2026-31380

CVE-2026-31380 affects Apache OFBiz prior to 24.09.06, with an issue described as an Expression Language Injection due to improper neutralization of special elements. The CVE entry notes the vulnerability can be exploited over the network without authentication and with no user interaction, resul...

CVE-2026-31380 Apache OFBiz: FreeMarker SSTI via Duplicate Parameter Sanitization Bypass

Improper Neutralization of Special Elements used in an Expression Language Statement 'Expression Language Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

CVE-2026-31380 Apache OFBiz: FreeMarker SSTI via Duplicate Parameter Sanitization Bypass

Improper Neutralization of Special Elements used in an Expression Language Statement 'Expression Language Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

CVE-2026-8726 SQL Injection in extension "News system" (news)

The extension fails to properly sanitize user input before using it in a database query. As a result, an unauthenticated attacker can inject arbitrary SQL through a URL parameter on pages using the "Date Menu of news articles" plugin. Exploitation requires the "Date Menu of news articles" plugin ...

CVE-2026-8726

CVE-2026-8726 describes an SQL injection in the Typo3 extension experience: the extension fails to properly sanitize user input before using it in a database query, enabling an unauthenticated attacker to inject arbitrary SQL via a URL parameter on pages using the “Date Menu of news articles” plu...

kernel: xfrm: Duplicate SPI Handling

In the Linux kernel, the following vulnerability has been resolved: xfrm: Duplicate SPI Handling The issue originates when Strongswan initiates an XFRMMSGALLOCSPI Netlink message, which triggers the kernel function xfrmallocspi. This function is expected to ensure uniqueness of the Security...

EUVD-2026-30835

The /api/v1/autotranslate.translateMessage endpoint in versions 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.6, 7.13.8, and 7.10.12 allows any authenticated user to retrieve the full content of any message from any room private groups, direct messages, channels by simply providing the target message ID...

PT-2026-41950

Name of the Vulnerable Software and Affected Versions Panabit PAP-XM320 versions prior to 7.8 Description A command injection issue exists in the CGI component of the software. Authenticated users can execute arbitrary shell commands with root privileges through the '/cgi-bin/tools/ajax cmd'...

PT-2026-41893

Name of the Vulnerable Software and Affected Versions Sparx Pro Cloud Server versions 6.1 build 167 and earlier Description Authentication is required based on the requested URL. An attacker can bypass this check by omitting the model query parameter and providing the model name only within the...

CVE-2026-37281

An OS command injection vulnerability in the /stream-to-vlc Express route in hitarth-gg Zenshin before 2.7.0 allows remote attackers to execute arbitrary commands via the url parameter...

CVE-2026-37281

An OS command injection vulnerability in the /stream-to-vlc Express route in hitarth-gg Zenshin before 2.7.0 allows remote attackers to execute arbitrary commands via the url parameter...

CVE-2026-36828

A command injection vulnerability exists in the /cgi-bin/tools/ajaxcmd endpoint of Panabit PAP-XM320 up to and including v7.7. The CGI component allows authenticated users to execute arbitrary shell commands with root privileges via the action=runcmd parameter...

PT-2026-41943

Name of the Vulnerable Software and Affected Versions LalanaChami Pharmacy Management System version 5c3d028 Description Unauthenticated remote attackers can escalate privileges by self-assigning an administrative role during the registration process. This occurs because the '/api/user/signup'...

CVE-2026-31070

The LalanaChami Pharmacy Management System commit 5c3d028 allows unauthenticated remote attackers to escalate privileges by self-assigning an administrative role during registration. The /api/user/signup endpoint fails to validate the role parameter in the request body...

Scalar 安全漏洞

Scalar is an interactive API documentation and testing tool developed by Scalar OpenSource. Version 0.1.13 of Scalar contains a security vulnerability. This vulnerability stems from the scalarurl query parameter on the Scalar Proxy endpoint, which involves server-side request forgeing. This could...