🚨 CVE-2023-31819
An issue found in KEISEI STORE Co, Ltd. LIVRE KEISEI v.13.6.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp function.
🎖@cveNotify
An issue found in KEISEI STORE Co, Ltd. LIVRE KEISEI v.13.6.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp function.
🎖@cveNotify
🚨 CVE-2026-27743
The SPIP referer_spam plugin versions prior to 1.3.0 contain an unauthenticated SQL injection vulnerability in the referer_spam_ajouter and referer_spam_supprimer action handlers. The handlers read the url parameter from a GET request and interpolate it directly into SQL LIKE clauses without input validation or parameterization. The endpoints do not enforce authorization checks and do not use SPIP action protections such as securiser_action(), allowing remote attackers to execute arbitrary SQL queries.
🎖@cveNotify
The SPIP referer_spam plugin versions prior to 1.3.0 contain an unauthenticated SQL injection vulnerability in the referer_spam_ajouter and referer_spam_supprimer action handlers. The handlers read the url parameter from a GET request and interpolate it directly into SQL LIKE clauses without input validation or parameterization. The endpoints do not enforce authorization checks and do not use SPIP action protections such as securiser_action(), allowing remote attackers to execute arbitrary SQL queries.
🎖@cveNotify
SPIP Blog
Mise à jour de sécurité : sortie de SPIP 4.4.10 – SPIP Blog
La version 4.4.10 apporte des corrections de bugs et corrige trois failles de sécurité. Un grand merci à Arthur Deloffre (Vozec), Louka Jacques-Chevallier (Laluka) et Oreo pour les signalements. Par…
🚨 CVE-2026-25147
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, in `portal/portal_payment.php`, the patient id used for the page is taken from the request (`$pid = $_REQUEST['pid'] ?? $pid` and `$pid = ($_REQUEST['hidden_patient_code'] ?? null) > 0 ? $_REQUEST['hidden_patient_code'] : $pid`) instead of being fixed to the authenticated portal user. The portal session already has a valid `$pid` for the logged-in patient. Overwriting it with user-supplied values and using it without authorization allows a portal user to view and interact with another patient's demographics, invoices, and payment history—horizontal privilege escalation and IDOR. Version 8.0.0 contains a fix for the issue.
🎖@cveNotify
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, in `portal/portal_payment.php`, the patient id used for the page is taken from the request (`$pid = $_REQUEST['pid'] ?? $pid` and `$pid = ($_REQUEST['hidden_patient_code'] ?? null) > 0 ? $_REQUEST['hidden_patient_code'] : $pid`) instead of being fixed to the authenticated portal user. The portal session already has a valid `$pid` for the logged-in patient. Overwriting it with user-supplied values and using it without authorization allows a portal user to view and interact with another patient's demographics, invoices, and payment history—horizontal privilege escalation and IDOR. Version 8.0.0 contains a fix for the issue.
🎖@cveNotify
GitHub
Merge commit from fork · openemr/openemr@d6ab3cd
* fix(security): prevent portal patient pid override in payment endpoint
In portal context, ignore user-supplied pid from request parameters
and form inputs. The session-derived pid is authoritati...
In portal context, ignore user-supplied pid from request parameters
and form inputs. The session-derived pid is authoritati...
🚨 CVE-2026-27752
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 transmit authentication credentials over unencrypted HTTP, allowing attackers to capture credentials. An attacker positioned to observe network traffic between a user and the device can intercept credentials and reuse them to gain administrative access to the gateway.
🎖@cveNotify
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 transmit authentication credentials over unencrypted HTTP, allowing attackers to capture credentials. An attacker positioned to observe network traffic between a user and the device can intercept credentials and reuse them to gain administrative access to the gateway.
🎖@cveNotify
Sodola Networks
SODOLA 6 Port 2.5G Easy Web Managed Switch, 4 x 2.5G Base-T Ports, 2 x 10G SFP, ,Static Aggregation/QoS/VLAN/IGMP, 2.5Gb Network…
Speed Unleashed:6-Port 2.5GbE Switch features with 4X100/1000/2500M RJ45 ports + 2X10G SFP+ ports for lightning-fast 2.5Gb network connectivity. Static Aggregation:Static aggregation boosts throughput and redundancy, ensuring seamless device connections.(Tip:…
🚨 CVE-2026-27753
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain an authentication bypass vulnerability that allows remote attackers to perform unlimited login attempts against the management interface. Attackers can conduct online password guessing attacks without account lockout or rate limiting restrictions to gain unauthorized access to the device management interface.
🎖@cveNotify
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain an authentication bypass vulnerability that allows remote attackers to perform unlimited login attempts against the management interface. Attackers can conduct online password guessing attacks without account lockout or rate limiting restrictions to gain unauthorized access to the device management interface.
🎖@cveNotify
Sodola Networks
SODOLA 6 Port 2.5G Easy Web Managed Switch, 4 x 2.5G Base-T Ports, 2 x 10G SFP, ,Static Aggregation/QoS/VLAN/IGMP, 2.5Gb Network…
Speed Unleashed:6-Port 2.5GbE Switch features with 4X100/1000/2500M RJ45 ports + 2X10G SFP+ ports for lightning-fast 2.5Gb network connectivity. Static Aggregation:Static aggregation boosts throughput and redundancy, ensuring seamless device connections.(Tip:…
🚨 CVE-2026-27754
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 use the cryptographically broken MD5 hash function for session cookie generation, weakening session security. Attackers can exploit predictable session tokens combined with MD5's collision vulnerabilities to forge valid session cookies and gain unauthorized access to the device.
🎖@cveNotify
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 use the cryptographically broken MD5 hash function for session cookie generation, weakening session security. Attackers can exploit predictable session tokens combined with MD5's collision vulnerabilities to forge valid session cookies and gain unauthorized access to the device.
🎖@cveNotify
Sodola Networks
SODOLA 6 Port 2.5G Easy Web Managed Switch, 4 x 2.5G Base-T Ports, 2 x 10G SFP, ,Static Aggregation/QoS/VLAN/IGMP, 2.5Gb Network…
Speed Unleashed:6-Port 2.5GbE Switch features with 4X100/1000/2500M RJ45 ports + 2X10G SFP+ ports for lightning-fast 2.5Gb network connectivity. Static Aggregation:Static aggregation boosts throughput and redundancy, ensuring seamless device connections.(Tip:…
🚨 CVE-2026-27755
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a weak session identifier generation vulnerability that allows attackers to forge authenticated sessions by computing predictable MD5-based cookies. Attackers who know or guess valid credentials can calculate the session identifier offline and bypass authentication without completing the login flow, gaining unauthorized access to the device.
🎖@cveNotify
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a weak session identifier generation vulnerability that allows attackers to forge authenticated sessions by computing predictable MD5-based cookies. Attackers who know or guess valid credentials can calculate the session identifier offline and bypass authentication without completing the login flow, gaining unauthorized access to the device.
🎖@cveNotify
Sodola Networks
SODOLA 6 Port 2.5G Easy Web Managed Switch, 4 x 2.5G Base-T Ports, 2 x 10G SFP, ,Static Aggregation/QoS/VLAN/IGMP, 2.5Gb Network…
Speed Unleashed:6-Port 2.5GbE Switch features with 4X100/1000/2500M RJ45 ports + 2X10G SFP+ ports for lightning-fast 2.5Gb network connectivity. Static Aggregation:Static aggregation boosts throughput and redundancy, ensuring seamless device connections.(Tip:…
🚨 CVE-2026-27756
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a reflected cross-site scripting vulnerability in the management interface where user input is not properly encoded before output. Attackers can craft malicious URLs that execute arbitrary JavaScript in the web interface when visited by authenticated users.
🎖@cveNotify
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a reflected cross-site scripting vulnerability in the management interface where user input is not properly encoded before output. Attackers can craft malicious URLs that execute arbitrary JavaScript in the web interface when visited by authenticated users.
🎖@cveNotify
Sodola Networks
SODOLA 6 Port 2.5G Easy Web Managed Switch, 4 x 2.5G Base-T Ports, 2 x 10G SFP, ,Static Aggregation/QoS/VLAN/IGMP, 2.5Gb Network…
Speed Unleashed:6-Port 2.5GbE Switch features with 4X100/1000/2500M RJ45 ports + 2X10G SFP+ ports for lightning-fast 2.5Gb network connectivity. Static Aggregation:Static aggregation boosts throughput and redundancy, ensuring seamless device connections.(Tip:…
🚨 CVE-2026-27757
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain an authentication vulnerability that allows authenticated users to change account passwords without verifying the current password. Attackers who gain access to an authenticated session can modify credentials to maintain persistent access to the management interface.
🎖@cveNotify
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain an authentication vulnerability that allows authenticated users to change account passwords without verifying the current password. Attackers who gain access to an authenticated session can modify credentials to maintain persistent access to the management interface.
🎖@cveNotify
Sodola Networks
SODOLA 6 Port 2.5G Easy Web Managed Switch, 4 x 2.5G Base-T Ports, 2 x 10G SFP, ,Static Aggregation/QoS/VLAN/IGMP, 2.5Gb Network…
Speed Unleashed:6-Port 2.5GbE Switch features with 4X100/1000/2500M RJ45 ports + 2X10G SFP+ ports for lightning-fast 2.5Gb network connectivity. Static Aggregation:Static aggregation boosts throughput and redundancy, ensuring seamless device connections.(Tip:…
🚨 CVE-2026-27758
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a cross-site request forgery vulnerability in its management interface that allows attackers to induce authenticated users into submitting forged requests. Attackers can craft malicious requests that execute unauthorized configuration or administrative actions with the victim's privileges when the authenticated user visits a malicious webpage.
🎖@cveNotify
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a cross-site request forgery vulnerability in its management interface that allows attackers to induce authenticated users into submitting forged requests. Attackers can craft malicious requests that execute unauthorized configuration or administrative actions with the victim's privileges when the authenticated user visits a malicious webpage.
🎖@cveNotify
Sodola Networks
SODOLA 6 Port 2.5G Easy Web Managed Switch, 4 x 2.5G Base-T Ports, 2 x 10G SFP, ,Static Aggregation/QoS/VLAN/IGMP, 2.5Gb Network…
Speed Unleashed:6-Port 2.5GbE Switch features with 4X100/1000/2500M RJ45 ports + 2X10G SFP+ ports for lightning-fast 2.5Gb network connectivity. Static Aggregation:Static aggregation boosts throughput and redundancy, ensuring seamless device connections.(Tip:…
🚨 CVE-2023-31068
An issue was discovered in TSplus Remote Access through 16.0.2.14. There are Full Control permissions for Everyone on some directories under %PROGRAMFILES(X86)%\TSplus\UserDesktop\themes.
🎖@cveNotify
An issue was discovered in TSplus Remote Access through 16.0.2.14. There are Full Control permissions for Everyone on some directories under %PROGRAMFILES(X86)%\TSplus\UserDesktop\themes.
🎖@cveNotify
packetstorm.news
Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories, and Whitepapers
🚨 CVE-2023-31069
An issue was discovered in TSplus Remote Access through 16.0.2.14. Credentials are stored as cleartext within the HTML source code of the login page.
🎖@cveNotify
An issue was discovered in TSplus Remote Access through 16.0.2.14. Credentials are stored as cleartext within the HTML source code of the login page.
🎖@cveNotify
packetstorm.news
Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories, and Whitepapers
🚨 CVE-2026-28269
Kiteworks is a private data network (PDN). Prior to version 9.2.0, avulnerability in Kiteworks command execution functionality allows authenticated users to redirect command output to arbitrary file locations. This could be exploited to overwrite critical system files and gain elevated access. Version 9.2.0 contains a patch.
🎖@cveNotify
Kiteworks is a private data network (PDN). Prior to version 9.2.0, avulnerability in Kiteworks command execution functionality allows authenticated users to redirect command output to arbitrary file locations. This could be exploited to overwrite critical system files and gain elevated access. Version 9.2.0 contains a patch.
🎖@cveNotify
GitHub
[Core] Kiteworks Core before 9.2.0 has an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
### Description
A vulnerability in Kiteworks command execution functionality allows authenticated users to redirect command output to arbitrary file locations. This could be exploited to overwri...
A vulnerability in Kiteworks command execution functionality allows authenticated users to redirect command output to arbitrary file locations. This could be exploited to overwri...
🚨 CVE-2026-3264
A vulnerability was determined in go2ismail Free-CRM up to b83c40a90726d5e58f0cc680ffdcaa28a03fb5d1. Affected by this issue is some unknown functionality of the component Administrative Interface. Executing a manipulation can lead to execution after redirect. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
A vulnerability was determined in go2ismail Free-CRM up to b83c40a90726d5e58f0cc680ffdcaa28a03fb5d1. Affected by this issue is some unknown functionality of the component Administrative Interface. Executing a manipulation can lead to execution after redirect. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
GitHub
CVE-Free-CRM-Advisories/Free-CRM Privilege Escalation via Client-Side Redirect Authorization Bypass.md at main · Ghufran2/CVE-Free…
Contribute to Ghufran2/CVE-Free-CRM-Advisories development by creating an account on GitHub.
🚨 CVE-2026-3265
A vulnerability was identified in go2ismail Free-CRM up to b83c40a90726d5e58f0cc680ffdcaa28a03fb5d1. This affects an unknown part of the file /api/Security/ of the component Security API. The manipulation leads to improper authorization. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
A vulnerability was identified in go2ismail Free-CRM up to b83c40a90726d5e58f0cc680ffdcaa28a03fb5d1. This affects an unknown part of the file /api/Security/ of the component Security API. The manipulation leads to improper authorization. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
GitHub
CVE-Free-CRM-Advisories/Free-CRM IDOR.md at main · Ghufran2/CVE-Free-CRM-Advisories
Contribute to Ghufran2/CVE-Free-CRM-Advisories development by creating an account on GitHub.
🚨 CVE-2025-40932
Apache::SessionX versions through 2.01 for Perl create insecure session id.
Apache::SessionX generates session ids insecurely. The default session id generator in Apache::SessionX::Generate::MD5 returns a MD5 hash seeded with the built-in rand() function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage. Predicable session ids could allow an attacker to gain access to systems.
🎖@cveNotify
Apache::SessionX versions through 2.01 for Perl create insecure session id.
Apache::SessionX generates session ids insecurely. The default session id generator in Apache::SessionX::Generate::MD5 returns a MD5 hash seeded with the built-in rand() function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage. Predicable session ids could allow an attacker to gain access to systems.
🎖@cveNotify
🚨 CVE-2025-54236
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction.
🎖@cveNotify
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction.
🎖@cveNotify
Adobe
Adobe Security Bulletin
Security Updates Available for Adobe Commerce | APSB25-88
🚨 CVE-2026-3269
A flaw has been found in psi-probe PSI Probe up to 5.3.0. The impacted element is the function handleRequestInternal of the file psi-probe-core/src/main/java/psiprobe/controllers/sessions/ExpireSessionsController.java of the component Session Handler. Executing a manipulation can lead to denial of service. The attack can be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
A flaw has been found in psi-probe PSI Probe up to 5.3.0. The impacted element is the function handleRequestInternal of the file psi-probe-core/src/main/java/psiprobe/controllers/sessions/ExpireSessionsController.java of the component Session Handler. Executing a manipulation can lead to denial of service. The attack can be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
GitHub
Broken Access Control of Session Termination in Psi Probe · Issue #13 · AnalogyC0de/public_exp
Broken Access Control of Session Termination in Psi Probe 1. Product Information Vendor: Psi Probe Product: Psi Probe (Tomcat Management Application) Affected Version: <=5.3.0 Repository: https:...
🚨 CVE-2026-3270
A vulnerability has been found in psi-probe PSI Probe up to 5.3.0. This affects the function lookup of the file psi-probe-core/src/main/java/psiprobe/tools/Whois.java of the component Whois. The manipulation leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
A vulnerability has been found in psi-probe PSI Probe up to 5.3.0. This affects the function lookup of the file psi-probe-core/src/main/java/psiprobe/tools/Whois.java of the component Whois. The manipulation leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
GitHub
Server-Side Request Forgery (SSRF) in Psi Probe · Issue #12 · AnalogyC0de/public_exp
Server-Side Request Forgery (SSRF) in Psi Probe Affected Environment Project: Psi Probe Repository: https://github.com/psi-probe/psi-probe Affected Version: <= 5.3.0 Executive Summary Psi Probe ...
🚨 CVE-2026-1358
Airleader Master versions 6.381 and prior allow for file uploads without
restriction to multiple webpages running maximum privileges. This could
allow an unauthenticated user to potentially obtain remote code
execution on the server.
🎖@cveNotify
Airleader Master versions 6.381 and prior allow for file uploads without
restriction to multiple webpages running maximum privileges. This could
allow an unauthenticated user to potentially obtain remote code
execution on the server.
🎖@cveNotify
airleader
Talk to our Compressed Air Management Experts | (616) 828-0716
Get in touch with the AirLeader team for inquiries about our compressed air management systems. Contact us (616) 828-0716, product information, or to request a consultation.
🚨 CVE-2026-3255
HTTP::Session2 versions before 1.12 for Perl for Perl may generate weak session ids using the rand() function.
The HTTP::Session2 session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand() function is unsuitable for cryptographic usage.
HTTP::Session2 after version 1.02 will attempt to use the /dev/urandom device to generate a session id, but if the device is unavailable (for example, under Windows), then it will revert to the insecure method described above.
🎖@cveNotify
HTTP::Session2 versions before 1.12 for Perl for Perl may generate weak session ids using the rand() function.
The HTTP::Session2 session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand() function is unsuitable for cryptographic usage.
HTTP::Session2 after version 1.02 will attempt to use the /dev/urandom device to generate a session id, but if the device is unavailable (for example, under Windows), then it will revert to the insecure method described above.
🎖@cveNotify