38424 matches found
openSUSE Security Advisory (SUSE-SU-2026:0977-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Code-Projects Online Food Ordering System SQL注入漏洞
The Code-Projects Online Food Ordering System is an open-source online meal ordering system developed by Code-Projects. Version 1.0 of the Code-Projects Online Food Ordering System contains a SQL injection vulnerability. This vulnerability stems from incorrect handling of the 'del' parameter in t...
Timo 安全漏洞
Timo is a backend management system developed by auntvt. Version Timo 2.0.3 has a security vulnerability, which stems from a cross-site scripting vulnerability in the title field. Attackers can execute attacks through specially crafted links...
PT-2026-28392
Name of the Vulnerable Software and Affected Versions staffwiki version 7.0.1.19219 Description A cross-site scripting XSS issue exists in staffwiki. This allows attackers to execute arbitrary Javascript in the context of a user's browser through a crafted HTTP request. The vulnerable API endpoin...
PT-2026-28600
Name of the Vulnerable Software and Affected Versions Stirling-PDF versions prior to 2.8.0 Description Stirling-PDF is a locally hosted web application designed for PDF file operations. The /api/v1/convert/eml/pdf API endpoint, when used with the downloadHtml=true parameter, returns unsanitized...
PT-2026-28527
Name of the Vulnerable Software and Affected Versions brace-expansion versions prior to 5.0.5 brace-expansion versions prior to 3.0.2 brace-expansion versions prior to 2.0.3 brace-expansion versions prior to 1.1.13 Description The brace-expansion library is susceptible to a denial-of-service...
Tandoor Recipes 注入漏洞
Tandoor Recipes is an open-source application designed for managing recipes, planning meals, creating shopping lists, and more. Versions of Tandoor Recipes prior to 2.6.0 had a injection vulnerability. This vulnerability stemmed from the FDC search endpoint, which directly inserted user-provided...
Wecodex Shipping System CMS SQL注入漏洞
Wecodex Shipping System CMS is a logistics content management system developed by Wecodex Corporation. Version 1.0 of the Wecodex Shipping System CMS has a SQL injection vulnerability. This vulnerability stems from insufficient validation of the username parameter input, which may lead to SQL...
PT-2026-28649
Name of the Vulnerable Software and Affected Versions plank/laravel-mediable versions through 6.4.0 Description The software is susceptible to arbitrary file upload when it accepts or prefers a client-supplied MIME type during file upload handling. An attacker can submit a file containing...
Laravel-Mediable 安全漏洞
Laravel-Mediable is a Laravel media file management package developed by Plank. Versions of Laravel-Mediable 6.4.0 and earlier contain security vulnerabilities. These vulnerabilities stem from the application accepting or favoring the MIME types provided by the client when processing file uploads...
Linux Distros Unpatched Vulnerability : CVE-2026-23397
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nfnetlinkosf: validate individual option lengths in fingerprints nfnlosfaddcallback validates optnum bounds and string NUL-termination but does not check...
PT-2026-28556
Name of the Vulnerable Software and Affected Versions node-forge versions prior to 1.4.0 Description A Denial of Service DoS issue exists in the node-forge library due to an infinite loop within the BigInteger.modInverse function, inherited from the bundled jsbn library. When modInverse is called...
SourceCodester Sales and Inventory System SQL注入漏洞
The SourceCodester Sales and Inventory System is an open-source sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Sales and Inventory System contains a SQL injection vulnerability. This vulnerability arises from incorrect handling of the sid...
March 26, 2026—KB5079489 (OS Build 28000.1764) Preview
March 26, 2026—KB5079489 OS Build 28000.1764 Preview This non-security update for Windows 11, version 26H1 KB5079489, incudes production-quality improvements. To learn more about differences between security updates, optional non-security preview updates, Out-of-band OOB updates, and...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: glibc (UTSA-2026-006299)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006299 advisory. Calling getnetbyaddr or getnetbyaddrr with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in...
PT-2026-28563
Name of the Vulnerable Software and Affected Versions Ella Core versions prior to 1.7.0 Description A deadlock in the AMF's SCTP notification handler can cause the entire AMF control plane to hang until the process is restarted. An attacker with access to the N2 interface can cause Ella Core to...
CVE-2026-30892 Crun incorrectly parses `crun exec` option `-u`, leading to privilege escalation
crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the crun exec option -u --user is incorrectly parsed. The value 1 is interpreted as UID 0 and GID 0 when it should have been UID 1 and GID 0. The process thus runs with higher privileges than expected...
CVE-2026-34053
OpenEMR prior to version 8.0.0.3 has a missing authorization issue in the AJAX deletion endpoint at interface/forms/procedure_order/handle_deletions.php. This allows any authenticated user, regardless of role, to irreversibly delete procedure orders, answers, and specimens for any patient. Versio...
CVE-2026-33934
OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 have a missing authorization check in portal/sign/lib/show-signature.php that allows any authenticated patient portal user to retrieve the drawn signature image of an...
CVE-2026-33917
OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 contais a SQL injection vulnerability in the ajaxsave CAMOS form that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input...