CVE-2025-66417

GLPI is a free asset and IT management software package. From 11.0.0, 11.0.3, an unauthenticated user can perform a SQL injection through the inventory endpoint. This vulnerability is fixed in 11.0.3...

CVE-2025-66417

GLPI is a free asset and IT management software package. From 11.0.0, 11.0.3, an unauthenticated user can perform a SQL injection through the inventory endpoint. This vulnerability is fixed in 11.0.3...

CVE-2025-66417

GLPI (from version 11.0.0 up to, but not including, 11.0.3) is affected by an unauthenticated SQL injection via the inventory endpoint. The root cause is improper handling of input in the inventory API, enabling arbitrary SQL execution. The issue is fixed in version 11.0.3. The vulnerability is d...

UBUNTU-CVE-2025-64516

GLPI is a free asset and IT management software package. Prior to 10.0.21 and 11.0.3, an unauthorized user can access GLPI documents attached to any item ticket, asset, .... If the public FAQ is enabled, this unauthorized access can be performed by an anonymous user. This vulnerability is fixed i...

EUVD-2025-206294

GLPI is a free asset and IT management software package. Prior to 10.0.21 and 11.0.3, an unauthorized user can access GLPI documents attached to any item ticket, asset, .... If the public FAQ is enabled, this unauthorized access can be performed by an anonymous user. This vulnerability is fixed i...

CVE-2025-64516 GLPI incorrectly authorizes access to documents

GLPI is a free asset and IT management software package. Prior to 10.0.21 and 11.0.3, an unauthorized user can access GLPI documents attached to any item ticket, asset, .... If the public FAQ is enabled, this unauthorized access can be performed by an anonymous user. This vulnerability is fixed i...

PT-2026-3058

Name of the Vulnerable Software and Affected Versions GLPI versions prior to 10.0.21 GLPI versions prior to 11.0.3 Description An unauthorized user can access GLPI documents attached to any item, such as tickets or assets. If the public FAQ is enabled, this unauthorized access can be performed by...

[R1] Nessus Agent Versions 11.0.3 and 10.9.3 Fix One Vulnerability

R1 Nessus Agent Versions 11.0.3 and 10.9.3 Fix One Vulnerability Arnie Cabral Wed, 01/07/2026 - 08:47 A vulnerability has been identified in the installation/uninstallation of the Nessus Agent Tray App on Windows Hosts which could lead to escalation of privileges...

EUVD-2025-17578

Malicious code in bioql PyPI...

EUVD-2025-12327

Malicious code in bioql PyPI...

CVE-2025-49141

HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.3, the gitImportSite functionality obtains a URL string from a POST request and insufficiently validates user input. The setremote function later passes this input into procopen, yielding OS...

CVE-2025-49141 HaxCMS-PHP Command Injection Vulnerability

HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.3, the gitImportSite functionality obtains a URL string from a POST request and insufficiently validates user input. The setremote function later passes this input into procopen, yielding OS...

CVE-2025-49141 HaxCMS-PHP Command Injection Vulnerability

HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.3, the gitImportSite functionality obtains a URL string from a POST request and insufficiently validates user input. The setremote function later passes this input into procopen, yielding OS...

CVE-2020-14443

A SQL injection vulnerability in accountancy/customer/card.php in Dolibarr 11.0.3 allows remote authenticated users to execute arbitrary SQL commands via the id parameter...

CVE-2025-2300

Hitachi Ops Center Common Services within Hitachi Ops Center OVA contains an information exposure vulnerability. This issue affects Hitachi Ops Center Common Services: from 11.0.3-00 before 11.0.4-00...

Hitachi Ops Center Common Services 安全漏洞

Hitachi Ops Center Common Services is a component of Hitachi, Ltd. of Japan Hitachi that provides single sign-on functionality and a web portal for Ops Center products. A security vulnerability exists in Hitachi Ops Center Common Services version 11.0.3-00 through versions prior to 11.0.4-00 that...

Apache Tomcat 11.0.0-M1 < 11.0.3 Remote Code Execution

The version of Apache Tomcat installed on the remote host is 9.0.0-M1 to 9.0.98, 10.1.0-M1 to 10.1.34 or 11.0.0-M1 to 11.0.2. It is, therefore, affected by a remote code execution and/or an information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet...

SUSE CVE-2018-4089

An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. tvOS before 11.2.5 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial o...

CVE-2021-36204

Under some circumstances an Insufficiently Protected Credentials vulnerability in Johnson Controls Metasys ADS/ADX/OAS 10 versions prior to 10.1.6 and 11 versions prior to 11.0.3 allows API calls to expose credentials in plain text...

Design/Logic Flaw

A flaw was found in keycloak affecting versions 11.0.3 and 12.0.0. An expired certificate would be accepted by the direct-grant authenticator because of missing time stamp validations. The highest threat from this vulnerability is to data confidentiality and integrity...