|
771
|
- |
|
-
|
-
|
The Crawler extension passes the X-T3Crawler-Meta response header from crawled URLs directly to PHP's unserialize(). An attacker controlling a crawled endpoint can inject arbitrary serialized PHP obj…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-8727
|
2026-05-19 23:47 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
772
|
- |
|
-
|
-
|
The AddressRepository::getSqlQuery() method constructs a database query without properly sanitizing user input, leading to SQL Injection. The method is not invoked anywhere within the extension itsel…
|
CWE-89
SQL Injection
|
CVE-2026-8827
|
2026-05-19 23:47 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
773
|
- |
|
-
|
-
|
An Uncontrolled Search Path Element vulnerability in the OpenSSL TLS backend of Qt Network (qtbase) in Qt Qt Framework (Unix) allows a local attacker to load a rogue CA certificate as a trusted syste…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2025-14575
|
2026-05-19 23:46 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
774
|
- |
|
-
|
-
|
Sparx Pro Cloud Server is vulnerable to Broken Access Control within communication with the database. Due to lack of permission checks, any low privileged user can run arbitrary SQL queries within da…
|
CWE-863
Incorrect Authorization
|
CVE-2026-42096
|
2026-05-19 23:45 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
775
|
- |
|
-
|
-
|
Sparx Pro Cloud Server requires authentication based on requested URL. An attacker can omit the "model" query parameter and send the model name only in the binary blob in POST request allowing SQL qu…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-42097
|
2026-05-19 23:45 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
776
|
- |
|
-
|
-
|
Sparx Enterprise Architect software has a security feature that limits user's actions to those specified in the role. An authenticated attacker can modify the Enterprise Architect client behavior (e…
|
CWE-603
Use of Client-Side Authentication
|
CVE-2026-42098
|
2026-05-19 23:45 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
777
|
- |
|
-
|
-
|
Improper Handling of Syntactically Invalid Structure in Sparx Pro Cloud Server allows Denial of Service (DoS) attack to be executed by sending an specially crafted SQL query. This causes the Pro Clou…
|
CWE-228
Improper Handling of Syntactically Invalid Structure
|
CVE-2026-42100
|
2026-05-19 23:45 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
778
|
- |
|
-
|
-
|
Sparx Pro Cloud Server is vulnerable to a Race Condition in the /data_api/dl_internal_artifact.php endpoint. The application downloads the properties of the object pointed by guid parameter and saves…
|
CWE-362
Race Condition
|
CVE-2026-42099
|
2026-05-19 23:45 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
779
|
3.9 |
LOW
Local
|
-
|
-
|
FacturaScripts is an open source accounting and invoicing software. Versions 2025.7 and prior contain a Reflected Cross-Site Scripting (XSS) vulnerability through the fsNick cookie parameter. The app…
|
CWE-79
Cross-site Scripting
|
CVE-2026-27964
|
2026-05-19 23:44 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
780
|
6.5 |
MEDIUM
Network
|
-
|
-
|
FacturaScripts is an open source accounting and invoicing software. In versions prior to 2026, the Library module stores and serves uploaded images byte-for-byte, without stripping EXIF/XMP/IPTC meta…
|
CWE-200
CWE-212
Information Exposure
Improper Removal of Sensitive Information Before Storage or Transfer
|
CVE-2026-27892
|
2026-05-19 23:44 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
