403 matches found
CVE-2026-29099
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, the retrieve function in include/OutboundEmail/OutboundEmail.php fails to properly neutralize the user controlled $id parameter. It is assumed that the...
CVE-2026-29099 SuiteCRM has Authenticated Blind SQL Injection in OutboundEmail Legacy Functionality.
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, the retrieve function in include/OutboundEmail/OutboundEmail.php fails to properly neutralize the user controlled $id parameter. It is assumed that the...
CVE-2026-29099 SuiteCRM has Authenticated Blind SQL Injection in OutboundEmail Legacy Functionality.
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, the retrieve function in include/OutboundEmail/OutboundEmail.php fails to properly neutralize the user controlled $id parameter. It is assumed that the...
EUVD-2026-13357
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, the retrieve function in include/OutboundEmail/OutboundEmail.php fails to properly neutralize the user controlled $id parameter. It is assumed that the...
CVE-2026-29099
SuiteCRM versions 7.15 and 8.9 are affected by authenticated SQL injection in the retrieve() function of include/OutboundEmail/OutboundEmail.php, exploitable via two paths in the EmailUIAjax action. The user-controlled $id is not properly neutralized, allowing retrieval of arbitrary database info...
PT-2026-26437
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, the retrieve function in include/OutboundEmail/OutboundEmail.php fails to properly neutralize the user controlled $id parameter. It is assumed that the...
SuiteCRM SQL注入漏洞
SuiteCRM is a customer relationship management system developed by the SuiteCRM team. Versions of SuiteCRM prior to 7.15.1 and 8.9.3 had an SQL injection vulnerability. This vulnerability stemmed from the retrieve function in the include/OutboundEmail/OutboundEmail.php file, which failed to...
CVE-2019-25438
LabCollector 5.423 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through POST parameters. Attackers can submit crafted SQL payloads in the login parameter of login.php or the username parameter of...
CVE-2019-25438
LabCollector 5.423 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through POST parameters. Attackers can submit crafted SQL payloads in the login parameter of login.php or the username parameter of...
CVE-2019-25438 LabCollector 5.423 SQL Injection via login.php
LabCollector 5.423 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through POST parameters. Attackers can submit crafted SQL payloads in the login parameter of login.php or the username parameter of...
CVE-2019-25438
CVE-2019-25438 affects LabCollector 5.423. The vulnerability is multiple SQL injection flaws exploitable by unauthenticated attackers through POST parameters, specifically login.php (login) and retrieve_password.php (user_name), enabling extraction of sensitive database information. No remediatio...
PT-2026-21031
Name of the Vulnerable Software and Affected Versions Seraphinite Solutions Seraphinite Accelerator versions through 2.22.15 Description A missing authorization issue exists in Seraphinite Accelerator, potentially allowing retrieval of embedded sensitive data. The issue affects the...
PT-2026-21315
LabCollector 5.423 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through POST parameters. Attackers can submit crafted SQL payloads in the login parameter of login.php or the user name parameter o...
CVE-2026-25008
Insertion of Sensitive Information Into Sent Data vulnerability in Shahjahan Jewel Ninja Tables ninja-tables allows Retrieve Embedded Sensitive Data.This issue affects Ninja Tables: from n/a through = 5.2.5...
PT-2026-6420
Impact The deriveVaultKey function calls retrieveCloudKey which always returns "foobarfoobarfoobarfoobarfoobarfo". When merged with the randomly generated 32-byte key using mergeKeys 16 bytes from each, the last 16 bytes are always "arfoobarfoobarfo". This enables an attacker with physical access...
melange QEMU runner could write files outside workspace directory
An attacker who can influence the tar stream from a QEMU guest VM could write files outside the intended workspace directory on the host. The retrieveWorkspace function extracts tar entries without validating that paths stay within the workspace, allowing Path Traversal via ../ sequences...
CVE-2026-24117
A Server-Side Request Forgery SSRF flaw has been discovered in the Rekor transparency log tool. In versions 1.4.3 and below, attackers can trigger SSRF to arbitrary internal services because /api/v1/index/retrieve supports retrieving a public key via user-provided URL. Since the SSRF only can...
SUSE CVE-2026-24117
Rekor is a software supply chain transparency log. In versions 1.4.3 and below, attackers can trigger SSRF to arbitrary internal services because /api/v1/index/retrieve supports retrieving a public key via user-provided URL. Since the SSRF only can trigger GET requests, the request cannot mutate...
Linux Distros Unpatched Vulnerability : CVE-2026-24117
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rekor is a software supply chain transparency log. In versions 1.4.3 and below, attackers can trigger SSRF to arbitrary internal services because...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the /api/v1/index/retrieve endpoint. An attacker can scan internal network resources by sending GET requests to retrieve a public key. Since only GET requests are allowed for this endpoint, it is not...