exploits

exploits CVE explai...

EUVD-2018-21869

userSpice 4.3.24 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the X-Forwarded-For HTTP header. Attackers can send crafted requests to the backup.php endpoint with XSS payloads in the X-Forwarded-For header that execute when administrators...

[SECURITY] Fedora 42 Update: dotnet9.0-9.0.117-1.fc42

.NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework...

[SECURITY] Fedora 44 Update: dotnet10.0-10.0.108-1.fc44

.NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework...

[SECURITY] Fedora 44 Update: dotnet9.0-9.0.117-1.fc44

.NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework...

OPENSUSE-SU-2026:10847-1 rqlite-10.1.0-1.1 on GA media

These are all security issues fixed in the rqlite-10.1.0-1.1 package on the GA media of openSUSE Tumbleweed...

PT-2026-43096

Name of the Vulnerable Software and Affected Versions Dolibarr ERP CRM version 7.0.3 Description Unauthenticated attackers can achieve remote code execution by injecting PHP code through the db name parameter. This is performed by sending a POST request to the 'install/step1.php' endpoint...

UBUNTU-CVE-2026-41074

RT is an open source, enterprise-grade issue and ticket tracking system. Versions 6.0.0 through 6.0.2 contain a Cross-Site Request Forgery CSRF vulnerability. An attacker who can induce a logged-in RT user to visit a malicious web page can trigger arbitrary state-changing actions in RT on that...

CVE-2026-41076

RT is an open source, enterprise-grade issue and ticket tracking system. Versions 5.0.9 and prior in addition to 6.0.0 through 6.0.2 contain an authentication bypass vulnerability in RT installations that use LDAP/AD for user authentication. Under certain LDAP server configurations, an attacker m...

CVE-2026-41075 RT: SQL injection via entry_aggregator parameter in JSON search

RT is an open source, enterprise-grade issue and ticket tracking system. Versions 5.0.0 through 5.0.9 and 6.0.0 through 6.0.2 contain an SQL injection vulnerability. An authenticated user can craft input that is incorporated into database queries without proper validation, potentially allowing th...

CVE-2026-39969

TypeBot is a chatbot builder tool. In versions 3.16.0 and prior, the WhatsApp Cloud API webhook endpoint POST /v1/workspaces/workspaceId/whatsapp/credentialsId/webhook does not verify the x-hub-signature-256 HMAC signature included by Meta in every webhook delivery. The webhook URL exposes both...

CVE-2025-45145

Directory traversal in Follett Software's Destiny Library Manager 2202rc1 and fixed in v.22.5 AU1 allows remote attackers to read arbitrary system and application files via the image parameter...

CVE-2026-44417 Apache CXF: Incomplete fix for CVE-2025-48913 (Untrusted JMS configuration can lead to RCE)

The fix for CVE-2025-48913: Apache CXF: Untrusted JMS configuration can lead to RCE was not complete, meaning that another path in the code might lead to code execution capabilities, if untrusted users are allowed to configure JMS for Apache CXF. Users are recommended to upgrade to versions 4.2.1...

CVE-2026-25607

Use of a weak password encoding algorithm in STER software allows the value of the password to be guessed after analyzing how passwords with known values are encoded. This issue was fixed in version 9.5...

CVE-2026-25608

CVE-2026-25608 (STER) : The vulnerability involves unencrypted TCP traffic used by STER to transmit data, enabling a Man-In-The-Middle attacker to obtain sensitive information such as passwords, personal data, or authentication tokens. The underlying risk is data confidentiality loss during netwo...

CVE-2026-25607 Weak password encoding in STER

Use of a weak password encoding algorithm in STER software allows the value of the password to be guessed after analyzing how passwords with known values are encoded. This issue was fixed in version 9.5...

CVE-2026-25607 Weak password encoding in STER

Use of a weak password encoding algorithm in STER software allows the value of the password to be guessed after analyzing how passwords with known values are encoded. This issue was fixed in version 9.5...

EUVD-2026-31423

Use of a weak password encoding algorithm in STER software allows the value of the password to be guessed after analyzing how passwords with known values are encoded. This issue was fixed in version 9.5...

CVE-2026-25607

CVE-2026-25607 affects STER software. It arises from use of a weak password encoding algorithm, enabling password values to be guessed after analyzing how known passwords are encoded. Impact is limited to confidentiality of credentials, with no broader impact specified beyond password disclosure....

CVE-2026-25607

Use of a weak password encoding algorithm in STER software allows the value of the password to be guessed after analyzing how passwords with known values are encoded. This issue was fixed in version 9.5...