CVE-2026-22248 GLPI affected by Remote Code Execution via malicious upload

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. From 11.0.0 to before 11.0.5, an authenticated technician user can upload a malicious file and trigger its execution through an unsafe PHP...

CVE-2025-0976

Information Exposure Vulnerability in Hitachi Ops Center API Configuration Manager, Hitachi Configuration Manager.This issue affects Hitachi Ops Center API Configuration Manager: from 10.0.0-00 before 11.0.4-00; Hitachi Configuration Manager: from 8.6.1-00 before 11.0.5-00...

[R1] Nessus Agent Versions 11.0.4 and 11.1.2 Fix One Vulnerability

R1 Nessus Agent Versions 11.0.4 and 11.1.2 Fix One Vulnerability Arnie Cabral Thu, 02/12/2026 - 10:40 A vulnerability has been identified where weak file permissions in the Nessus Agent directory on Windows hosts could allow unauthorized access, potentially permitting Denial of Service DoS attack...

CVE-2026-23624 GLPI is vulnerable to session stealing on externally authenticated user change

GLPI is a free asset and IT management software package. In versions starting from 0.71 to before 10.0.23 and before 11.0.5, when remote authentication is used, based on SSO variables, a user can steal a GLPI session previously opened by another user on the same machine. This issue has been patch...

CVE-2026-23624 GLPI is vulnerable to session stealing on externally authenticated user change

GLPI is a free asset and IT management software package. In versions starting from 0.71 to before 10.0.23 and before 11.0.5, when remote authentication is used, based on SSO variables, a user can steal a GLPI session previously opened by another user on the same machine. This issue has been patch...

CVE-2026-23624

GLPI is a free asset and IT management software package. In versions starting from 0.71 to before 10.0.23 and before 11.0.5, when remote authentication is used, based on SSO variables, a user can steal a GLPI session previously opened by another user on the same machine. This issue has been patch...

CVE-2026-22247

GLPI is a free asset and IT management software package. From version 11.0.0 to before 11.0.5, a GLPI administrator can perform SSRF request through the Webhook feature. This issue has been patched in version 11.0.5...

EUVD-2020-0421

Malware in sbrugna...

EUVD-2025-12327

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2019-2894

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Security. Supported versions that are affected are Java SE: 7u231, 8u221,...

CVE-2025-54129 HAXiam allows for User Enumeration

HAXiam is a packaging wrapper for HAXcms which allows anyone to spawn their own microsite management platform. In versions 11.0.4 and below, the application returns a 200 response when requesting the data of a valid user and a 404 response when requesting the data of an invalid user. This can be...

CVE-2025-54129 HAXiam allows for User Enumeration

HAXiam is a packaging wrapper for HAXcms which allows anyone to spawn their own microsite management platform. In versions 11.0.4 and below, the application returns a 200 response when requesting the data of a valid user and a 404 response when requesting the data of an invalid user. This can be...

HAXiam 安全漏洞

HAXiam is a HAX The Web open source This is a wrapper for the HAXcms software. A security vulnerability exists in HAXiam version 11.0.4 and earlier, which stems from an improper response to a user data request and could lead to a user enumeration attack...

CVE-2020-13239

The DMS/ECM module in Dolibarr 11.0.4 renders user-uploaded .html files in the browser when the attachment parameter is removed from the direct download link. This causes XSS...

Security Bulletin: Rational Performance Tester contains vulnerabilities which could affect Eclipse Jetty

Summary Due to the use of Eclipse Jetty, Rational Performance Tester contains vulnerabilities around request processing that could lead to a potential denial of service attack. Vulnerability Details CVEID:CVE-2024-9823 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by a...

MariaDB DoS Vulnerability (CVE-2023-22084) - Windows

MariaDB is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mariadb:mariadb"; if...

CVE-2021-4231

A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to...

Dolibarr ERP/CRM DMS/ECM Module Cross-Site Scripting Vulnerability (CNVD-2020-41507)

Dolibarr ERP/CRM is a Web-based Enterprise Resource Planning ERP and Customer Relationship Management CRM system from the Dolibarr Foundation in France. The system can be used to manage products, inventory, invoices, orders, etc. DMS/ECM is one of the document management systems and enterprise...

Dolibarr ERP/CRM DMS/ECM Module Cross-Site Scripting Vulnerability

Dolibarr ERP/CRM is a Web-based Enterprise Resource Planning ERP and Customer Relationship Management CRM system from the Dolibarr Foundation in France. The system can be used to manage products, inventory, invoices, orders, etc. DMS/ECM is one of the document management systems and enterprise...

CVE-2020-13094

Dolibarr before 11.0.4 allows XSS...