CVE-2026-3057

CVE-2026-3057 affects the a54552239 pearProjectApi, specifically the Backend Interface component. The vulnerability resides in the function dateTotalForProject in application/common/Model/Task.php, where manipulating the projectCode argument leads to a SQL injection. The issue can be exploited re...

CVE-2026-3057 a54552239 pearProjectApi Backend Task.php dateTotalForProject sql injection

A security flaw has been discovered in a54552239 pearProjectApi up to 2.8.10. Affected is the function dateTotalForProject of the file application/common/Model/Task.php of the component Backend Interface. The manipulation of the argument projectCode results in sql injection. The attack can be...

PearProject SQL注入漏洞

PearProject is a project management system backend interface developed by Vilson as an individual project. Versions of PearProject 2.8.10 and earlier had a SQL injection vulnerability. This vulnerability stemmed from the improper handling of the projectCode parameter in the dateTotalForProject...

PT-2026-21655

A security vulnerability has been detected in HummerRisk up to 1.5.0. Affected by this issue is some unknown functionality of the file ResourceCreateService.java of the component Cloud Task Scheduler. Such manipulation of the argument regionId leads to command injection. The attack may be launche...

HummerCloud HummerRisk 命令注入漏洞

HummerCloud HummerRisk is an open-source cloud-native security platform developed by HummerCloud Corporation. It addresses security and governance issues in cloud-native environments in a non-invasive manner. Its core capabilities include security governance for hybrid clouds and cloud-native...

PT-2026-21656

A vulnerability was detected in HummerRisk up to 1.5.0. This affects the function CommandUtils.commonExecCmdWithResult of the file CloudTaskService.java of the component Cloud Task Dry-run. Performing a manipulation of the argument fileName results in command injection. Remote exploitation of the...

Veeam ONE Upgrade Fails with "Win32 exception occurred while executing SQL script."

Challenge When upgrading Veeam ONE from version 12.3 to version 13, the following error occurs: Win32 exception occurred while executing SQL script. Error code: 0x80004004. Error details: The SELECT permission was denied on the object 'sysjobs', database 'msdb', schema 'dbo'. Cause This error...

HummerCloud HummerRisk 命令注入漏洞

HummerCloud HummerRisk is an open-source cloud-native security platform developed by HummerCloud Corporation. It addresses security and governance issues in cloud-native environments in a non-invasive manner. Its core capabilities include security governance for hybrid clouds and cloud-native...

kernel: scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue When the task management thread processes reply queues while the reset thread resets them, the task management thread accesses an invalid queue ID 0xFFFF, s...

CVE-2026-2981

A vulnerability was found in UTT HiPER 810G up to 1.7.7-1711. The affected element is the function strcpy of the file /goform/formTaskEditap. The manipulation of the argument txtMin2 results in buffer overflow. The attack may be launched remotely. The exploit has been made public and could be use...

CVE-2026-2979

A flaw has been found in FastApiAdmin up to 2.2.0. This issue affects the function useravataruploadcontroller of the file /backend/app/api/v1/modulesystem/user/controller.py of the component Scheduled Task API. Executing a manipulation can lead to unrestricted upload. The attack can be launched...

CVE-2026-2979

A flaw has been found in FastApiAdmin up to 2.2.0. This issue affects the function useravataruploadcontroller of the file /backend/app/api/v1/modulesystem/user/controller.py of the component Scheduled Task API. Executing a manipulation can lead to unrestricted upload. The attack can be launched...

CVE-2026-2981

A vulnerability was found in UTT HiPER 810G up to 1.7.7-1711. The affected element is the function strcpy of the file /goform/formTaskEditap. The manipulation of the argument txtMin2 results in buffer overflow. The attack may be launched remotely. The exploit has been made public and could be use...

CVE-2026-2981

CVE-2026-2981 affects UTT HiPER 810G versions up to 1.7.7-1711. The vulnerability is a buffer overflow in strcpy in /goform/formTaskEdit_ap caused by manipulating the txtMin2 argument, enabling remote exploitation. The exploit is public. Remediation: update to a fixed version (versions beyond 1.7...

CVE-2026-2977

A security vulnerability has been detected in FastApiAdmin up to 2.2.0. This affects the function uploadcontroller of the file /backend/app/api/v1/modulecommon/file/controller.py of the component Scheduled Task API. Such manipulation leads to unrestricted upload. It is possible to launch the atta...

CVE-2026-2978

A vulnerability was detected in FastApiAdmin up to 2.2.0. This vulnerability affects the function uploadfilecontroller of the file /backend/app/api/v1/modulesystem/params/controller.py of the component Scheduled Task API. Performing a manipulation results in unrestricted upload. The attack can be...

CVE-2026-2979 FastApiAdmin Scheduled Task API controller.py user_avatar_upload_controller unrestricted upload

A flaw has been found in FastApiAdmin up to 2.2.0. This issue affects the function useravataruploadcontroller of the file /backend/app/api/v1/modulesystem/user/controller.py of the component Scheduled Task API. Executing a manipulation can lead to unrestricted upload. The attack can be launched...

CVE-2026-2979

CVE-2026-2979 affects FastApiAdmin up to 2.2.0. The vulnerability is in the function user_avatar_upload_controller of /backend/app/api/v1/module_system/user/controller.py (Scheduled Task API). A manipulation can cause unrestricted file upload, enabling a remote attacker to upload arbitrary files....

CVE-2026-2979

A flaw has been found in FastApiAdmin up to 2.2.0. This issue affects the function useravataruploadcontroller of the file /backend/app/api/v1/modulesystem/user/controller.py of the component Scheduled Task API. Executing a manipulation can lead to unrestricted upload. The attack can be launched...

CVE-2026-2978 FastApiAdmin Scheduled Task API controller.py upload_file_controller unrestricted upload

A vulnerability was detected in FastApiAdmin up to 2.2.0. This vulnerability affects the function uploadfilecontroller of the file /backend/app/api/v1/modulesystem/params/controller.py of the component Scheduled Task API. Performing a manipulation results in unrestricted upload. The attack can be...