EUVD-2026-19249

GLPI is a free asset and IT management software package. From 10.0.0 to before 10.0.24 and 11.0.6, an authenticated user can perform a SQL injection via the logs export feature. This vulnerability is fixed in 10.0.24 and 11.0.6...

CVE-2026-29772 Astro: Memory exhaustion DoS due to missing request body size limit in Server Islands

Astro is a web framework. Prior to version 10.0.0, Astro's Server Islands POST handler buffers and parses the full request body as JSON without enforcing a size limit. Because JSON.parse allocates a V8 heap object for every element in the input, a crafted payload of many small JSON objects achiev...

CVE-2024-47829 pnpm uses the md5 path shortening function causes packet paths to coincide, which causes indirect packet overwriting

pnpm is a package manager. Prior to version 10.0.0, the path shortening function uses the md5 function as a path shortening compression function, and if a collision occurs, it will result in the same storage path for two different libraries. Although the real names are under the package name...

CVE-2023-31004

IBM Security Access Manager Container IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1 could allow a remote attacker to gain access to the underlying system using man in the middle techniques. IBM X-Force ID: 254765...

PT-2023-9268 · Glpi +2 · Glpi +2

Name of the Vulnerable Software and Affected Versions: GLPI versions 10.0.0 through 10.0.5 Description: The issue is related to Cross-site Scripting, where an administrator can store malicious code in help links. This can be exploited by a remote attacker to save arbitrary code in the help links...

Quicklert SQL注入漏洞

Quicklert is an easy-to-use messaging, alerting, and emergency response solution from Quicklert USA, Inc. Quicklert for Digium version 10.0.0 is vulnerable to SQL injection, which originates from the login.jsp page. The vulnerability stems from the application's lack of validation of externally...