JLSEC-2026-174

In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping...

CVE-2025-67982

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in thembay Urna urna allows PHP Local File Inclusion.This issue affects Urna: from n/a through = 2.5.12...

WordPress Urna theme <= 2.5.12 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Urna versions = 2.5.12...

PT-2025-49904

Name of the Vulnerable Software and Affected Versions thembay Urna versions through 2.5.12 Description An issue exists in thembay Urna that allows for PHP Local File Inclusion due to improper control of filename for include/require statements. This is a PHP Remote File Inclusion type of issue...

CVE-2025-62606

my little forum is a PHP and MySQL based internet forum that displays the messages in classical threaded view. Prior to version 2.5.12, an authenticated SQL injection vulnerability in the bookmark reordering feature allows any logged-in user to execute arbitrary SQL commands. This can lead to a...

CVE-2025-62606

CVE-2025-62606 affects My Little Forum (PHP/MySQL). Before version 2.5.12, an authenticated SQL injection vulnerability exists in the bookmark reordering feature, allowing any logged-in user to execute arbitrary SQL commands. This can lead to a full compromise of the application’s database (read,...

CVE-2025-53568

Cross-Site Request Forgery CSRF vulnerability in Tony Zeoli Radio Station radio-station allows Cross Site Request Forgery.This issue affects Radio Station: from n/a through = 2.5.12...

CVE-2018-16623

Kirby V2.5.12 is prone to a Persistent XSS attack via the Title of the "Site options" in the admin panel dashboard dropdown...

Sulu HTML Injection via Autocomplete Suggestion

Impact It is an issue when input HTML into the Tag name. The HTML is execute when the tag name is listed in the auto complete form. Only admin users are affected and only admin users can create tags. Patches Has the problem been patched? What versions should users upgrade to? The problem is patch...

CVE-2023-48967

Ssolon = 2.6.0 and =2.5.12 is vulnerable to Deserialization of Untrusted Data...

SUSE CVE-2017-7672

If an application allows enter an URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. Solution is to upgrade to Apache Struts version 2.5.12...

EulerOS Virtualization 3.0.6.6 : openldap (EulerOS-SA-2022-2523)

According to the versions of the openldap packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend...

Critical: openldap

Issue Overview: In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of...

GHSA-3GQ5-R59M-MMV2 Kirby XSS Vulnerability

Kirby v2.5.12 allows XSS by using the "site files" Add option to upload an SVG file...

Apache Struts DoS Vulnerability (S2-044) - Linux

Apache Struts is prone to a Denial of Service DoS vulnerability. This VT has been deprecated and merged into the VT SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Apache Struts Security Update (S2-053) - Active Check

Apache Struts is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2017-9787

When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack. Solution is to upgrade to Apache Struts version 2.5.12 or 2.3.33...

[waraxe-2007-SA#056] - Another Sql Injection in NukeSentinel 2.5.11

waraxe-2007-SA056 - Another Sql Injection in NukeSentinel 2.5.11 ==================================================================== Author: Janek Vind "waraxe" Date: 27. September 2007 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-56.html Target software description: Developer:...