| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A security vulnerability has been detected in SourceCodester Simple E-learning System 1.0. This affects an unknown part of the file /includes/form_handlers/delete_post.php of the component HTTP GET Parameter Handler. The manipulation of the argument post_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. |
| HCL AION is affected by a vulnerability related to the handling of upload size limits. Improper control or validation of upload sizes may allow excessive resource consumption, which could potentially lead to service degradation or denial-of-service conditions under certain scenarios. |
| OpenProject is an open-source, web-based project management software. Prior to 17.2.0, OpenProject SMTP test endpoint (POST /admin/settings/mail_notifications) accepts arbitrary host and port values and exhibits measurable differences in response behaviour depending on whether the target IP exists and whether the port is open. An attacker with access can use these timing and error distinctions to map internal hosts and identify which services/ports are reachable. Similarly, you can create webhooks in OpenProject and point them to arbitrary IPs, resulting in the same kind of SSRF issue which allows attackers to scan the internal network. This vulnerability is fixed in 17.2.0. |
| OpenClaw versions prior to 2026.2.21 contain an authentication bypass vulnerability in the Control UI when allowInsecureAuth is explicitly enabled and the gateway is exposed over plaintext HTTP, allowing attackers to bypass device identity and pairing verification. An attacker with leaked or intercepted credentials can obtain high-privilege Control UI access by exploiting the lack of secure authentication enforcement over unencrypted HTTP connections. |
| IM-LogicDesigner module of intra-mart Accel Platform contains insecure deserialization issue. This can be exploited only when IM-LogicDesigner is deployed on the system. Arbitrary code may be executed when some crafted file is imported by a user with the administrative privilege. |
| In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 9.3.9, and Splunk Cloud Platform versions below 10.2.2510.4, 10.1.2507.15, 10.0.2503.11, and 9.3.2411.123, a low-privileged user who does not hold the "admin" or "power" Splunk roles could craft a malicious payload when creating a View (Settings - User Interface - Views) at the `/manager/launcher/data/ui/views/_new` endpoint leading to a Stored Cross-Site Scripting (XSS) through a path traversal vulnerability. This could result in execution of unauthorized JavaScript code in the browser of a user.
The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The authenticated user should not be able to exploit the vulnerability at will. |
| OpenClaw versions prior to 2026.2.12 construct transcript file paths using unsanitized sessionId parameters and sessionFile paths without enforcing directory containment. Authenticated attackers can exploit path traversal sequences like ../../etc/passwd in sessionId or sessionFile parameters to read or write arbitrary files outside the agent sessions directory. |
| An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. A cross-site request forgery (CSRF) vulnerability exists in Zimbra Webmail due to improper validation of CSRF tokens. The application accepts CSRF tokens supplied within the request body instead of requiring them through the expected request header. An attacker can exploit this issue by tricking an authenticated user into submitting a crafted request. This may allow unauthorized actions to be performed on behalf of the victim. |
| An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. An XML External Entity (XXE) vulnerability exists in the Zimbra Exchange Web Services (EWS) SOAP interface due to improper handling of XML input. An authenticated attacker can submit crafted XML data that is processed by an XML parser with external entity resolution enabled. Successful exploitation may allow disclosure of sensitive local files from the server. |
| An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. A stored cross-site scripting (XSS) vulnerability exists in the Zimbra Briefcase feature due to insufficient sanitization of specific uploaded file types. When a user opens a publicly shared Briefcase file containing malicious scripts, the embedded JavaScript executes in the context of the user's session. This allows an attacker to run arbitrary scripts, potentially leading to data exfiltration or other unauthorized actions on behalf of the victim user. |
| Zimbra Collaboration (ZCS) 10.0 and 10.1 contains an LDAP injection vulnerability in the Mailbox SOAP service within a FolderAction operation. The application fails to properly sanitize user-supplied input before incorporating it into an LDAP search filter. An authenticated attacker can exploit this issue by sending a crafted SOAP request that manipulates the LDAP query, allowing retrieval of sensitive directory attributes. |
| Zimbra Collaboration Suite (ZCS) 10.0 and 10.1 contains a reflected cross-site scripting (XSS) vulnerability in the Classic Webmail REST interface (/h/rest). The application fails to properly sanitize user-supplied input, allowing an unauthenticated attacker to inject malicious JavaScript into a crafted URL. When a victim user accesses the link, the injected script executes in the context of the Zimbra webmail application, which could allow the attacker to perform actions on behalf of the victim. |
| telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full. |
| In the Linux kernel, the following vulnerability has been resolved:
apparmor: validate DFA start states are in bounds in unpack_pdb
Start states are read from untrusted data and used as indexes into the
DFA state tables. The aa_dfa_next() function call in unpack_pdb() will
access dfa->tables[YYTD_ID_BASE][start], and if the start state exceeds
the number of states in the DFA, this results in an out-of-bound read.
==================================================================
BUG: KASAN: slab-out-of-bounds in aa_dfa_next+0x2a1/0x360
Read of size 4 at addr ffff88811956fb90 by task su/1097
...
Reject policies with out-of-bounds start states during unpacking
to prevent the issue. |
| In the Linux kernel, the following vulnerability has been resolved:
apparmor: fix unprivileged local user can do privileged policy management
An unprivileged local user can load, replace, and remove profiles by
opening the apparmorfs interfaces, via a confused deputy attack, by
passing the opened fd to a privileged process, and getting the
privileged process to write to the interface.
This does require a privileged target that can be manipulated to do
the write for the unprivileged process, but once such access is
achieved full policy management is possible and all the possible
implications that implies: removing confinement, DoS of system or
target applications by denying all execution, by-passing the
unprivileged user namespace restriction, to exploiting kernel bugs for
a local privilege escalation.
The policy management interface can not have its permissions simply
changed from 0666 to 0600 because non-root processes need to be able
to load policy to different policy namespaces.
Instead ensure the task writing the interface has privileges that
are a subset of the task that opened the interface. This is already
done via policy for confined processes, but unconfined can delegate
access to the opened fd, by-passing the usual policy check. |
| Bitcoin Core through 29.0 allows a denial of service via a crafted transaction. |
| Bitcoin Core 0.13.0 through 29.x has an integer overflow. |
| SysAK v2.0 and before is vulnerable to command execution via aaa;cat /etc/passwd. |
| A Stored cross-site scripting (XSS) vulnerability affects HCL Unica Marketing Operations v12.1.8 and lower. Stored cross-site scripting (also known as second-order or persistent XSS) arises when an application receives data from an untrusted source and includes that data within its later HTTP responses in an unsafe way. |
| XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the gal_id parameter. Attackers can send GET requests to gal.php with malicious gal_id values to extract sensitive database information or modify database contents. |
