GHSA-9MV3-2CWR-P262 Microsoft Security Advisory CVE-2026-40372 – ASP.NET Core Elevation of Privilege

Executive Summary: A bug in Microsoft.AspNetCore.DataProtection 10.0.0-10.0.6 NuGet packages can give an attacker the opportunity to execute an Elevation of Privilege attack by forging authentication cookies, and also allows some protected payloads to be decrypted. If an attacker used forged...

2026-04 .NET 10.0.7 Security Update for x64 Server (KB5091596)

2026-04 .NET 10.0.7 Security Update for x64 Server KB5091596...

CVE-2026-27728

OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.7, an OS command injection vulnerability in NetworkPathMonitor.performTraceroute allows any authenticated project user to execute arbitrary operating system commands on the Probe server by injecting shell...

PT-2026-21959

Name of the Vulnerable Software and Affected Versions OneUptime versions prior to 10.0.7 Description OneUptime, a service monitoring solution, contains an OS command injection flaw in the NetworkPathMonitor.performTraceroute function. Any authenticated project user can execute arbitrary operating...

OPENSUSE-SU-2025:20171-1 Security update for qemu

This update for qemu fixes the following issues: Update to version 10.0.7. Security issues fixed: - CVE-2025-12464: stack-based buffer overflow in the e1000 network device operations can be exploited by a malicious guest user to crash the QEMU process on the host bsc1253002. - CVE-2025-11234:...

EUVD-2023-32476

Malicious code in bioql PyPI...

CVE-2024-45671 IBM Security Verify Information Queue information disclosure

IBM Security Verify Information Queue 10.0.5, 10.0.6, 10.0.7, and 10.0.8 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

IBM Security Verify Information Queue 加密问题漏洞

IBM Security Verify Information Queue is an integration product from International Business Machines IBM, Inc. utilizes Kafka technology and a publish/subscribe model to integrate data between IBM Security products. A cryptographic issue vulnerability exists in IBM Security Verify Information Que...

IBM Security Verify Access 信任管理问题漏洞

IBM Security Verify Access ISAM is a service from International Business Machines IBM that improves user access security. The service enables secure and simple access to platforms such as web, mobile, IoT and cloud technologies through the use of risk-based access, single sign-on, integrated acce...

CVE-2023-28639

GLPI is a free asset and IT management software package. Starting in version 0.85 and prior to versions 9.5.13 and 10.0.7, a malicious link can be crafted by an unauthenticated user. It will be able to exploit a reflected XSS in case any authenticated user opens the crafted link. This issue is...

UBUNTU-CVE-2023-28852

GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to versions 9.5.13 and 10.0.7, a user with dashboard administration rights may hack the dashboard form to store malicious code that will be executed when other users will use the related dashboard. Versio...

CVE-2023-28849

GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.7, GLPI inventory endpoint can be used to drive a SQL injection attack. It can also be used to store malicious code that could be used to perform XSS attack. By default, GLPI inventory...

UBUNTU-CVE-2023-28636

GLPI is a free asset and IT management software package. Starting in version 0.60 and prior to versions 9.5.13 and 10.0.7, a vulnerability allows an administrator to create a malicious external link. This issue is fixed in versions 9.5.13 and 10.0.7...

Sql injection

GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.7, GLPI inventory endpoint can be used to drive a SQL injection attack. It can also be used to store malicious code that could be used to perform XSS attack. By default, GLPI inventory...

Design/Logic Flaw

GLPI is a free asset and IT management software package. Starting in version 0.60 and prior to versions 9.5.13 and 10.0.7, a vulnerability allows an administrator to create a malicious external link. This issue is fixed in versions 9.5.13 and 10.0.7...

CVE-2023-28849 GLPI vulnerable to SQL injection and Stored XSS via inventory agent request

GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.7, GLPI inventory endpoint can be used to drive a SQL injection attack. It can also be used to store malicious code that could be used to perform XSS attack. By default, GLPI inventory...

CVE-2023-28849 GLPI vulnerable to SQL injection and Stored XSS via inventory agent request

GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.7, GLPI inventory endpoint can be used to drive a SQL injection attack. It can also be used to store malicious code that could be used to perform XSS attack. By default, GLPI inventory...

CVE-2023-28838 GLPI vulnerable to SQL injection through dynamic reports

GLPI is a free asset and IT management software package. Starting in version 0.50 and prior to versions 9.5.13 and 10.0.7, a SQL Injection vulnerability allow users with access rights to statistics or reports to extract all data from database and, in some cases, write a webshell on the server...

Server side request forgery (ssrf)

GLPI is a free asset and IT management software package. Starting in version 0.84 and prior to versions 9.5.13 and 10.0.7, usage of RSS feeds is subject to server-side request forgery SSRF. In case the remote address is not a valid RSS feed, an RSS autodiscovery feature is triggered. This feature...

PT-2023-3264 · Glpi +2 · Glpi +2

Name of the Vulnerable Software and Affected Versions: GLPI versions 0.85 through 9.5.12 GLPI versions 10.0.0 through 10.0.6 Description: The issue is related to insufficient user data sanitization on search pages, allowing an attacker to craft a malicious link that can exploit a reflected XSS wh...