16 matches found
CVE-2026-37713
An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows a remote attacker to execute arbitrary code via the htdocs/core/class/commonobject.class.php...
CVE-2026-37711
An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows a remote attacker to execute arbitrary code via the htdocs/core/actionsaddupdatedelete.inc.php...
UBUNTU-CVE-2026-37713
An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows a remote attacker to execute arbitrary code via the htdocs/core/class/commonobject.class.php...
CVE-2026-37711
An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows a remote attacker to execute arbitrary code via the htdocs/core/actionsaddupdatedelete.inc.php...
Dolibarr ERP/CRM 安全漏洞
Dolibarr ERP/CRM is a web-based enterprise resource planning ERP and customer relationship management CRM system developed by the Dolibarr Foundation in France. This system can be used to manage products, inventory, invoices, orders, etc. Versions of Dolibarr ERP/CRM from 22.0.0 to 22.0.4, as wel...
CVE-2026-37713
An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows a remote attacker to execute arbitrary code via the htdocs/core/class/commonobject.class.php...
CVE-2026-37711
An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows a remote attacker to execute arbitrary code via the htdocs/core/actionsaddupdatedelete.inc.php...
CVE-2026-37713
CVE-2026-37713 affects Dolibarr ERP/CRM v.22.0.0–22.0.4 and v.24.0.0-alpha. A flaw in htdocs/core/class/commonobject.class.php allows a remote attacker to execute arbitrary code. The provided documents do not specify the root cause details, impacted modules beyond the commonobject class, or any a...
CVE-2026-37711
Dolibarr ERP/CRM is affected in versions 22.0.0 to 22.0.4 and 24.0.0-alpha. The issue enables a remote attacker to execute arbitrary code via the file htdocs/core/actions_addupdatedelete.inc.php. This summary is based on the connected sources; no exploit details or remediation steps are provided ...
CVE-2026-44437
The Angular SSR is a server-rise rendering tool for Angular applications. From 19.0.0-next.0 to before 19.2.25, 20.3.25, 21.2.9, and 22.0.0-next.7, a vulnerability exists in the X-Forwarded-Prefix header processing logic within Angular SSR. The internal validation mechanism fails to properly...
ai.h2o:h2o-orc-parser (>=3.10.0.5 <=3.10.3.6), ai.hypergraph:kaliningraph-jvm (=0.2.1) +4768 more potentially affected by CVE-2025-30691 via org.graalvm.sdk:graal-sdk (>=22.0.0 <=24.0.0)
org.graalvm.sdk:graal-sdk MAVEN version =22.0.0, =3.10.0.5, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =1.1.0 and more Source cves: CVE-2025-30691 Source advisory: SNYK:JAVA-ORGGRAALVMSDK-9728205htt...
org.keycloak:keycloak-guides (>=22.0.0 <=22.0.5), org.keycloak:keycloak-guides-maven-plugin (>=22.0.0 <=22.0.5) +3 more potentially affected by CVE-2024-9666 via org.keycloak:keycloak-quarkus-server (>=22.0.0 <=22.0.5)
org.keycloak:keycloak-quarkus-server MAVEN version =22.0.0, =22.0.0, =22.0.0, =22.0.0, =22.0.0, =22.0.0, =22.0.5 Source cves: CVE-2024-9666 Source advisory: OSV:GHSA-JGWC-JH89-RPGQ...
CVE-2022-29845
In Progress Ipswitch WhatsUp Gold 21.1.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read the contents of a local file...
CVE-2022-29848
In Progress Ipswitch WhatsUp Gold 17.0.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read sensitive operating-system attributes from a host that is accessible by the WhatsUp Gold system...
CVE-2022-29845
In Progress Ipswitch WhatsUp Gold 21.1.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read the contents of a local file...
PT-2022-19874 · Ipswitch · Ipswitch Whatsup Gold
Name of the Vulnerable Software and Affected Versions: Ipswitch WhatsUp Gold versions 17.0.0 through 21.1.1 Ipswitch WhatsUp Gold version 22.0.0 Description: The issue allows an authenticated user to invoke an API transaction to read sensitive operating-system attributes from a host accessible by...