CVE-2026-40827

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the RemoveRequest function due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can resu...

CVE-2026-40827 Authenticated SQLi in _RemoveRequest function

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the RemoveRequest function due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can resu...

CVE-2026-40827

CVE-2026-40827 describes an unauthenticated SQL Injection in the _RemoveRequest function. The vulnerability allows reading the entire database and deleting entries in a non-critical table due to improper neutralization of special elements in a SQL DELETE command. Reported impacts include total co...

CVE-2026-40827

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the RemoveRequest function due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can resu...

Siemens SIMATIC S7-1500 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') (CVE-2025-39697)

In the Linux kernel, the following vulnerability has been resolved: NFS: Fix a race when updating an existing write After nfslockandjoinrequests tests for whether the request is still attached to the mapping, nothing prevents a call to nfsinoderemoverequest from succeeding until we actually lock...

CVE-2025-40259

CVE-2025-40259 : In the Linux kernel, the sg (SCSI generic) driver could sleep in atomic context via sg_finish_rem_req() -> blk_rq_unmap_user(). The fix calls sg_finish_rem_req() with interrupts enabled to prevent sleeping in atomic context. Multiple advisories (Debian DLA-4436-1; Amazon Linux...

SUSE CVE-2025-39697

In the Linux kernel, the following vulnerability has been resolved: NFS: Fix a race when updating an existing write After nfslockandjoinrequests tests for whether the request is still attached to the mapping, nothing prevents a call to nfsinoderemoverequest from succeeding until we actually lock...

CVE-2025-39697

CVE-2025-39697 affects the Linux kernel’s NFS write path. The vulnerability arises from a race where, after nfs_lock_and_join_requests() tests if a request remains attached to the mapping, a call to nfs_inode_remove_request() can still succeed before the page group is locked. The root cause is th...

PT-2025-36291

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the handling of NFS write requests within the Linux kernel. Specifically, the issue occurs when updating an existing write request after nfs lock and join...

An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case aka CID-83c6f2390040.

...

[20200703] - Core - CSRF in com_privacy remove-request feature

A missing token check in the remove request section of comprivacy causes a CSRF vulnerability...

Cross site request forgery (csrf)

X-Cart before 5.1.11 allows remote authenticated users to read or delete address data of arbitrary accounts via a modified 1 update or 2 remove request...

CVE-2015-0951

X-Cart before 5.1.11 allows remote authenticated users to read or delete address data of arbitrary accounts via a modified 1 update or 2 remove request...

Localize: Apache Documentation

Might want to remove this. : http://localize.io/manual...