CVE-2026-32813 Admidio: Second-Order SQL Injection via List Configuration (lsc_special_field, lsc_sort, lsc_filter)

Admidio is an open-source user management solution. Versions 5.0.6 and below are vulnerable to arbitrary SQL Injection through the MyList configuration feature. The MyList configuration feature lets authenticated users define custom list column layouts, storing user-supplied column names, sort...

Admidio has a Second-Order SQL Injection via List Configuration (lsc_special_field, lsc_sort, lsc_filter)

Summary The MyList configuration feature in Admidio allows authenticated users to define custom list column layouts. User-supplied column names, sort directions, and filter conditions are stored in the admlistcolumns table via prepared statements safe storage, but are later read back and...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992742)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992742 advisory. In the Linux kernel, the following vulnerability has been resolved: HID: pidff: Fix null pointer dereference in pidfffindfields This function triggered a null pointe...

PT-2025-20512

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A null pointer dereference issue was found in the pidff find fields function. This function could trigger a null pointer dereference when searching for a report that isn't implemented on...

CVE-2022-26244

A stored cross-site scripting XSS vulnerability in Hospital Patient Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "special" field...

Cross site scripting

A stored cross-site scripting XSS vulnerability in Hospital Patient Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "special" field...