π¨ CVE-2025-67805
A non-default configuration in Sage DPW 2025_06_004 allows unauthenticated access to diagnostic endpoints within the Database Monitor feature, exposing sensitive information such as hashes and table names. This feature is disabled by default in all installations and never available in Sage DPW Cloud. It was forcibly disabled again in version 2025_06_003.
π@cveNotify
A non-default configuration in Sage DPW 2025_06_004 allows unauthenticated access to diagnostic endpoints within the Database Monitor feature, exposing sensitive information such as hashes and table names. This feature is disabled by default in all installations and never available in Sage DPW Cloud. It was forcibly disabled again in version 2025_06_003.
π@cveNotify
Pastebin
# CVE Submission β Sage DPW## Vendor**Sage**## Product**Sage DPW** - Pastebin.com
Pastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.
π¨ CVE-2025-67806
The login mechanism of Sage DPW 2021_06_004 displays distinct responses for valid and invalid usernames, allowing enumeration of existing accounts in versions before 2021_06_000. On-premise administrators can toggle this behavior in newer versions.
π@cveNotify
The login mechanism of Sage DPW 2021_06_004 displays distinct responses for valid and invalid usernames, allowing enumeration of existing accounts in versions before 2021_06_000. On-premise administrators can toggle this behavior in newer versions.
π@cveNotify
Pastebin
# CVE Submission β Sage DPW## Vendor**Sage**## Product**Sage DPW** - Pastebin.com
Pastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.
π¨ CVE-2019-25688
Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the menu_lev1 parameter. Attackers can send crafted requests with malicious SQL payloads in the menu_lev1 parameter to extract sensitive database information or modify database contents.
π@cveNotify
Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the menu_lev1 parameter. Attackers can send crafted requests with malicious SQL payloads in the menu_lev1 parameter to extract sensitive database information or modify database contents.
π@cveNotify
SourceForge
KADOS
Download KADOS for free. KADOS is a full post-it web-based tool for SCRUM or Agile projects. KADOS (KAnban Dashboard for Online Scrum) is a web-based tool for managing Scrum projects. Its particularity is to provide maximum screens where the user can moveβ¦
π¨ CVE-2019-25696
Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the language_tag parameter. Attackers can submit malicious SQL statements in the language_tag parameter to extract sensitive database information or modify data.
π@cveNotify
Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the language_tag parameter. Attackers can submit malicious SQL statements in the language_tag parameter to extract sensitive database information or modify data.
π@cveNotify
SourceForge
KADOS
Download KADOS for free. KADOS is a full post-it web-based tool for SCRUM or Agile projects. KADOS (KAnban Dashboard for Online Scrum) is a web-based tool for managing Scrum projects. Its particularity is to provide maximum screens where the user can moveβ¦
π¨ CVE-2019-25698
Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the id_to_delete parameter. Attackers can send crafted requests with malicious SQL statements in the id_to_delete field to extract or modify sensitive database information.
π@cveNotify
Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the id_to_delete parameter. Attackers can send crafted requests with malicious SQL statements in the id_to_delete field to extract or modify sensitive database information.
π@cveNotify
SourceForge
KADOS
Download KADOS for free. KADOS is a full post-it web-based tool for SCRUM or Agile projects. KADOS (KAnban Dashboard for Online Scrum) is a web-based tool for managing Scrum projects. Its particularity is to provide maximum screens where the user can moveβ¦
π¨ CVE-2019-25700
Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the sort_direction parameter. Attackers can submit malicious SQL statements in the sort_direction parameter to extract sensitive database information or modify data.
π@cveNotify
Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the sort_direction parameter. Attackers can submit malicious SQL statements in the sort_direction parameter to extract sensitive database information or modify data.
π@cveNotify
SourceForge
KADOS
Download KADOS for free. KADOS is a full post-it web-based tool for SCRUM or Agile projects. KADOS (KAnban Dashboard for Online Scrum) is a web-based tool for managing Scrum projects. Its particularity is to provide maximum screens where the user can moveβ¦
π¨ CVE-2019-25702
Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the id_project parameter. Attackers can send crafted requests with malicious SQL statements in the id_project parameter to extract sensitive database information or modify data.
π@cveNotify
Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the id_project parameter. Attackers can send crafted requests with malicious SQL statements in the id_project parameter to extract sensitive database information or modify data.
π@cveNotify
SourceForge
KADOS
Download KADOS for free. KADOS is a full post-it web-based tool for SCRUM or Agile projects. KADOS (KAnban Dashboard for Online Scrum) is a web-based tool for managing Scrum projects. Its particularity is to provide maximum screens where the user can moveβ¦
π¨ CVE-2019-25704
Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the filter_user_mail parameter. Attackers can send crafted requests with malicious SQL statements to extract sensitive database information or modify data.
π@cveNotify
Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the filter_user_mail parameter. Attackers can send crafted requests with malicious SQL statements to extract sensitive database information or modify data.
π@cveNotify
SourceForge
KADOS
Download KADOS for free. KADOS is a full post-it web-based tool for SCRUM or Agile projects. KADOS (KAnban Dashboard for Online Scrum) is a web-based tool for managing Scrum projects. Its particularity is to provide maximum screens where the user can moveβ¦
π¨ CVE-2026-24096
Insufficient permission validation on multiple REST API Quick Setup endpoints in Checkmk 2.5.0 (beta) before version 2.5.0b2 and 2.4.0 before version 2.4.0p25 allows low-privileged users to perform unauthorized actions or obtain sensitive information
π@cveNotify
Insufficient permission validation on multiple REST API Quick Setup endpoints in Checkmk 2.5.0 (beta) before version 2.5.0b2 and 2.4.0 before version 2.4.0p25 allows low-privileged users to perform unauthorized actions or obtain sensitive information
π@cveNotify
Checkmk
Werk #18989: Enforce permission checks on Quick Setup endpoints
Before this fix any authenticated users could interact with the Quick Setup endpoints allowing them to edit the setups, fetch background job status and run quick setup ac
π¨ CVE-2026-25601
A vulnerability was identified in MEPIS RM, an industrial
software product developed by Metronik. The application contained a hardcoded
cryptographic key within the Mx.Web.ComponentModel.dll component. When the
option to store domain passwords was enabled, this key was used to encrypt user
passwords before storing them in the applicationβs database. An attacker with
sufficient privileges to access the database could extract the encrypted
passwords, decrypt them using the embedded key, and gain unauthorized access to
the associated ICS/OT environment.
π@cveNotify
A vulnerability was identified in MEPIS RM, an industrial
software product developed by Metronik. The application contained a hardcoded
cryptographic key within the Mx.Web.ComponentModel.dll component. When the
option to store domain passwords was enabled, this key was used to encrypt user
passwords before storing them in the applicationβs database. An attacker with
sufficient privileges to access the database could extract the encrypted
passwords, decrypt them using the embedded key, and gain unauthorized access to
the associated ICS/OT environment.
π@cveNotify
SI CERT
CVE-2026-25601 β Credential Exposure vulnerability in MEPIS RM - SI CERT
Summary A vulnerability was identified in MEPIS RM, an industrial software product developed by Metronik. The application contained a hardcoded cryptographic key within the Mx.Web.ComponentModel.dll component. When the option to β¦
π¨ CVE-2026-29014
MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability that allows remote attackers to execute arbitrary code by sending crafted requests with malicious PHP code. Attackers can exploit insufficient input neutralization in the execution path to achieve remote code execution and gain full control over the affected server.
π@cveNotify
MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability that allows remote attackers to execute arbitrary code by sending crafted requests with malicious PHP code. Attackers can exploit insufficient input neutralization in the execution path to achieve remote code execution and gain full control over the affected server.
π@cveNotify
Karmainsecurity
MetInfo CMS <= 8.1 (weixinreply.class.php) PHP Code Injection Vulnerability | Karma(In)Security
This is the personal website of Egidio Romano, a very curious guy from Sicily, Italy. He's a computer security enthusiast, particularly addicted to webapp security.
π¨ CVE-2026-0522
A local file inclusion vulnerability in the upload/download flow of the VertiGIS FM application allows authenticated attackers to read arbitrary files from the server by manipulating a file's path during its upload. When the file is subsequently downloaded, the file in the attacker controlled path is returned. Due to the application's ASP.NET architecture, this could potentially lead to remote code execution when the "web.config" file is obtained. Furthermore, the application resolves UNC paths which may enable NTLM-relaying attacks.
This issue affects VertiGIS FM: 10.5.00119 (0d29d428).
π@cveNotify
A local file inclusion vulnerability in the upload/download flow of the VertiGIS FM application allows authenticated attackers to read arbitrary files from the server by manipulating a file's path during its upload. When the file is subsequently downloaded, the file in the attacker controlled path is returned. Due to the application's ASP.NET architecture, this could potentially lead to remote code execution when the "web.config" file is obtained. Furthermore, the application resolves UNC paths which may enable NTLM-relaying attacks.
This issue affects VertiGIS FM: 10.5.00119 (0d29d428).
π@cveNotify
VertiGIS Support
Security Vulnerability VertiGIS FM
Important Security Improvement: Update to Release Sprint 150 RequiredDear Customers,As part of our continuous security reviews, a potential vulnerability was identified in the upload process that, ...
π¨ CVE-2026-35093
A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or user configuration directories can bypass security restrictions. This allows the attacker to run unauthorized code with the same permissions as the program using libinput, such as a graphical compositor. This could lead to the attacker monitoring keyboard input and sending that information to an external location.
π@cveNotify
A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or user configuration directories can bypass security restrictions. This allows the attacker to run unauthorized code with the same permissions as the program using libinput, such as a graphical compositor. This could lead to the attacker monitoring keyboard input and sending that information to an external location.
π@cveNotify
π¨ CVE-2026-35538
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsanitized IMAP SEARCH command arguments could lead to IMAP injection or CSRF bypass during mail search.
π@cveNotify
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsanitized IMAP SEARCH command arguments could lead to IMAP injection or CSRF bypass during mail search.
π@cveNotify
GitHub
Fix IMAP Injection + CSRF bypass in mail search Β· roundcube/roundcubemail@5fe8a69
Reported by Martila Security Research Team
π¨ CVE-2026-35539
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. XSS exists because of insufficient HTML attachment sanitization in preview mode. A victim must preview a text/html attachment.
π@cveNotify
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. XSS exists because of insufficient HTML attachment sanitization in preview mode. A victim must preview a text/html attachment.
π@cveNotify
GitHub
Fix XSS issue in a HTML attachment preview Β· roundcube/roundcubemail@10a6d1f
Reported by aikido_security
π¨ CVE-2026-35540
An issue was discovered in Roundcube Webmail 1.6.0 before 1.6.14. Insufficient Cascading Style Sheets (CSS) sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if stylesheet links point to local network hosts.
π@cveNotify
An issue was discovered in Roundcube Webmail 1.6.0 before 1.6.14. Insufficient Cascading Style Sheets (CSS) sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if stylesheet links point to local network hosts.
π@cveNotify
GitHub
Fix SSRF + Information Disclosure via stylesheet links to a local net⦠· roundcube/roundcubemail@27ec6cc
β¦work hosts
Reported by Georgios Tsimpidas (aka Frey), Security Researcher at https://i0.rs/
Reported by Georgios Tsimpidas (aka Frey), Security Researcher at https://i0.rs/
π¨ CVE-2026-35541
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Incorrect password comparison in the password plugin could lead to type confusion that allows a password change without knowing the old password.
π@cveNotify
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Incorrect password comparison in the password plugin could lead to type confusion that allows a password change without knowing the old password.
π@cveNotify
GitHub
Fix bug where a password could get changed without providing the old β¦ Β· roundcube/roundcubemail@2e6a99b
β¦password
The password plugin uses loose comparison, leading to a type juggling vulnerability that
allows password changes without knowing the old password in specific cases.
Reported by flydrago...
The password plugin uses loose comparison, leading to a type juggling vulnerability that
allows password changes without knowing the old password in specific cases.
Reported by flydrago...
π¨ CVE-2026-35542
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed via a crafted background attribute of a BODY element in an e-mail message. This may lead to information disclosure or access-control bypass.
π@cveNotify
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed via a crafted background attribute of a BODY element in an e-mail message. This may lead to information disclosure or access-control bypass.
π@cveNotify
GitHub
Fix remote image blocking bypass via a crafted body background attribute Β· roundcube/roundcubemail@e052328
Reported by nullcathedral
π¨ CVE-2026-35543
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed via SVG content (with animate attributes) in an e-mail message. This may lead to information disclosure or access-control bypass.
π@cveNotify
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed via SVG content (with animate attributes) in an e-mail message. This may lead to information disclosure or access-control bypass.
π@cveNotify
GitHub
Fix remote image blocking bypass via various SVG animate attributes Β· roundcube/roundcubemail@1a63e01
Reported by nullcathedral
π¨ CVE-2026-35545
An issue was discovered in Roundcube Webmail before 1.5.15 and 1.6.15. The remote image blocking feature can be bypassed via SVG content in an e-mail message. This may lead to information disclosure or access-control bypass. This involves the animate element with attributeName=fill/filter/stroke.
π@cveNotify
An issue was discovered in Roundcube Webmail before 1.5.15 and 1.6.15. The remote image blocking feature can be bypassed via SVG content in an e-mail message. This may lead to information disclosure or access-control bypass. This involves the animate element with attributeName=fill/filter/stroke.
π@cveNotify
GitHub
Fix SVG Animate FUNCIRI Attribute Bypass β Remote Image Loading via fβ¦ Β· roundcube/roundcubemail@7ad62de
β¦ill/filter/stroke