Genesys Latitude 安全漏洞

Genesys Latitude is a debt collection and account management platform developed by Genesys Corporation. Version 25.1.0.420 of Genesys Latitude contains a security vulnerability. This vulnerability arises from the direct concatenation of user input into SQL statements without proper cleaning, whic...

CVE-2025-70420

A SQL injection vulnerability exists in Genesys Latitude v25.1.0.420 that allows an authenticated attacker to execute arbitrary SQL queries against the backend database. The vulnerability is caused by unsanitized user-supplied input being concatenated directly into SQL statements...

PT-2026-34004

October is a Content Management System CMS and web platform. Prior to 3.7.16 and 4.1.16, a reflected Cross-Site Scripting XSS vulnerability was identified in the backend DataTable widget where a query parameter was rendered without proper output escaping. This vulnerability is fixed in 3.7.16 and...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-010699)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010699 advisory. An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. There is a heap- based buffer overflow in setntacldacl, related to use of...

CVE-2025-70420

Summary: CVE-2025-70420 affects Genesys Latitude v25.1.0.420 and is caused by unsanitized user input concatenated into SQL statements, allowing an authenticated attacker to execute arbitrary SQL against the backend database. Impact/details present: authenticated remote access with low privileges ...

WordPress plugin CMS für Motorrad Werkstätten SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. The WordPre...

October 跨站脚本漏洞

October is an open-source content management system CMS and network platform developed by October. Versions prior to October 3.7.16 and 4.1.16 contained a cross-site scripting vulnerability. This vulnerability stemmed from insufficient escaping of query parameters during the rendering of the...

PT-2026-34207

Name of the Vulnerable Software and Affected Versions WWBN AVideo versions 29.0 and earlier Description A directory traversal flaw exists where a security check in 'objects/aVideoEncoderReceiveImage.json.php' only validates the URL path component for traversal sequences. However, the try get...

FreePBX api 操作系统命令注入漏洞

FreePBX API is an open-source plugin developed by FreePBX. Versions of the FreePBX API module prior to 17.0.8 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the GraphQL mutation input fields in the initiateGqlAPIProcess function being pass...

WWBN AVideo 路径遍历漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 29.0 contained a path traversal vulnerability. This vulnerability stemmed from the directory traversal fix in objects/aVideoEncoderReceiveImage.json.php, which only checked the U...

CVE-2026-35588

Glances 4.5.4 fixes a CQL injection in the Cassandra export module. Before 4.5.4, glances_cassandra/init .py interpolates keyspace, table, and replication_factor into CQL without validation, allowing a user with write access to glances.conf to redirect all monitoring data to an attacker-controlle...

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

CVE-2026-6080

The Tutor LMS plugin for WordPress is vulnerable to SQL Injection in versions up to and including 3.9.8. This is due to insufficient escaping on the 'date' parameter combined with direct interpolation into a SQL fragment before being passed to $wpdb-prepare. This makes it possible for authenticat...

CVE-2026-32135

NanoMQ (MQTT broker) is affected in versions prior to 0.24.11 by a remotely triggerable heap buffer overflow in the uri_param_parse function of the REST API due to an off-by-one error when allocating memory for query parameter keys/values. An attacker can trigger this via a crafted HTTP request, ...

CVE-2026-6060

A vulnerability in the SQL Box in the admin interface of OTRS leads to an uncontrolled resource consumption leading to a DoS against the webserver. will be killed by the systemThis issue affects OTRS: 7.0.X 8.0.X 2023.X 2024.X 2025.X 2026.X before 2026.3.X...

UBUNTU-CVE-2026-6060

A vulnerability in the SQL Box in the admin interface of OTRS leads to an uncontrolled resource consumption leading to a DoS against the webserver. will be killed by the systemThis issue affects OTRS: 7.0.X 8.0.X 2023.X 2024.X 2025.X 2026.X before 2026.3.X...

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

EUVD-2026-23920

SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 in the email parameter of the forgot password page forgot-password.php. This allows an unauthenticated attacker to manipulate backend SQL queries and retrieve sensitive user data...