Lucene search
K

251 matches found

Vulnrichment
Vulnrichment
added 2026/03/19 11:4 p.m.1 views

CVE-2026-29107 SuiteCRM vulnerable to authenticated SSRF via PDF export

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, it is possible to create PDF templates with tags. When a PDF is exported using this template, the content for example, is rendered server side, and thus a...

5CVSS5.8AI score0.00169EPSS
Exploits0References2
CVE
CVE
added 2026/03/19 11:4 p.m.9 views

CVE-2026-29107

SuiteCRM prior to versions 7.15.1 and 8.9.3 is vulnerable to authenticated SSRF via PDF export. Attack vector is PDF templates containing tags; exporting a PDF renders the image tag server-side, causing the server to issue a request to an attacker-controlled URL (e.g., http://{burp_collaborator_...

5.3CVSS5.8AI score0.00169EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/03/19 11:4 p.m.4 views

CVE-2026-29107 SuiteCRM vulnerable to authenticated SSRF via PDF export

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, it is possible to create PDF templates with tags. When a PDF is exported using this template, the content for example, is rendered server side, and thus a...

5CVSS5.9AI score0.00169EPSS
Exploits0References4
NVD
NVD
added 2026/03/18 12:16 a.m.6 views

CVE-2026-27894

LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. Prior to version 9.5, a local file inclusion was detected in the PDF export that allows users to include local PHP files and this way execute code. In combination with...

8.8CVSS0.00371EPSS
Exploits0References3
NVD
NVD
added 2026/03/18 12:16 a.m.6 views

CVE-2026-27895

LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. Prior to version 9.5, the PDF export component does not correctly validate uploaded file extensions. This way any file type including .php files can be uploaded. With...

8.8CVSS0.00419EPSS
Exploits0References3
OSV
OSV
added 2026/03/18 12:16 a.m.3 views

DEBIAN-CVE-2026-27894

LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. Prior to version 9.5, a local file inclusion was detected in the PDF export that allows users to include local PHP files and this way execute code. In combination with...

8.8CVSS5.9AI score0.00371EPSS
Exploits0References1
OSV
OSV
added 2026/03/18 12:16 a.m.6 views

UBUNTU-CVE-2026-27895

LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. Prior to version 9.5, the PDF export component does not correctly validate uploaded file extensions. This way any file type including .php files can be uploaded. With...

8.8CVSS6.4AI score0.00419EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/03/18 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-27894

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. Prior to version 9.5, a local file...

8.8CVSS6.1AI score0.00371EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/17 11:51 p.m.27 views

CVE-2026-27895 LAM has incorrect regular expression in PDF export component that allows user to upload files of any type

LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. Prior to version 9.5, the PDF export component does not correctly validate uploaded file extensions. This way any file type including .php files can be uploaded. With...

4.3CVSS0.00419EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/17 11:51 p.m.4 views

CVE-2026-27895 LAM has incorrect regular expression in PDF export component that allows user to upload files of any type

LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. Prior to version 9.5, the PDF export component does not correctly validate uploaded file extensions. This way any file type including .php files can be uploaded. With...

4.3CVSS6.4AI score0.00419EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/17 11:51 p.m.6 views

EUVD-2026-12682

LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. Prior to version 9.5, the PDF export component does not correctly validate uploaded file extensions. This way any file type including .php files can be uploaded. With...

4.3CVSS6.4AI score0.00419EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/17 11:51 p.m.3 views

CVE-2026-27895

LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. Prior to version 9.5, the PDF export component does not correctly validate uploaded file extensions. This way any file type including .php files can be uploaded. With...

4.3CVSS6.4AI score0.00419EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/03/17 11:51 p.m.5 views

CVE-2026-27895 LAM has incorrect regular expression in PDF export component that allows user to upload files of any type

LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. Prior to version 9.5, the PDF export component does not correctly validate uploaded file extensions. This way any file type including .php files can be uploaded. With...

4.3CVSS6.4AI score0.00419EPSS
Exploits0References5
CVE
CVE
added 2026/03/17 11:51 p.m.14 views

CVE-2026-27895

CVE-2026-27895 affects LDAP Account Manager (LAM). Before version 9.5, the PDF export component fails to validate uploaded file extensions, allowing upload of any file type (e.g., .php) and enabling remote code execution as the web server user. Versions prior to 9.5 are vulnerable; version 9.5 fi...

8.8CVSS6.4AI score0.00419EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/03/17 11:48 p.m.9 views

EUVD-2026-12681

LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. Prior to version 9.5, a local file inclusion was detected in the PDF export that allows users to include local PHP files and this way execute code. In combination with...

8.8CVSS6AI score0.00371EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/17 11:48 p.m.30 views

CVE-2026-27894 LAM has Authenticated Local File Inclusion (LFI) in PDF export

LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. Prior to version 9.5, a local file inclusion was detected in the PDF export that allows users to include local PHP files and this way execute code. In combination with...

8.8CVSS0.00371EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/17 11:48 p.m.5 views

CVE-2026-27894

LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. Prior to version 9.5, a local file inclusion was detected in the PDF export that allows users to include local PHP files and this way execute code. In combination with...

8.8CVSS6AI score0.00371EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/03/17 11:48 p.m.27 views

CVE-2026-27894

CVE-2026-27894 affects LDAP Account Manager (LAM) prior to version 9.5, where a local file inclusion (LFI) vuln in the PDF export allows an authenticated user to include local PHP files and potentially execute code. The underlying issue is a local file inclusion in the PDF export path, and the vu...

8.8CVSS6AI score0.00371EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/17 12:0 a.m.11 views

PT-2026-25963

LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. Prior to version 9.5, a local file inclusion was detected in the PDF export that allows users to include local PHP files and this way execute code. In combination with...

8.8CVSS6AI score0.00371EPSS
Exploits0References10
Veracode
Veracode
added 2026/03/09 7:33 a.m.7 views

Stored Cross-Site Scripting (XSS)

Open WebUI is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of Markdown content in the Notes PDF export functionality, allowing attackers to embed malicious SVG tags that execute arbitrary JavaScript when the note is downloaded as a PDF,...

8.7CVSS6AI score0.002EPSS
Exploits1References2Affected Software2
Rows per page
Query Builder