6.1
CVE-2026-25651 - client-certificate-auth has an Open Redirect via Host Header Injection in HTTP-to-HTTPS redirect
client-certificate-auth is middleware for Node.js implementing client SSL certificate authentication/authorization. Versions 0.2.1 and 0.3.0 of client-certificate-auth contain an open redirect vulnerability. The middleware unconditionally redirects HTTP requests to HTTPS using the unvalidated Host β¦
6.9
CVE-2026-2062 - Open5GS PGW S5U Address sgwc_sxa_handle_session_modification_response null pointer dereference
A vulnerability was identified in Open5GS up to 2.7.6. This affects the function sgwc_s5c_handle_modify_bearer_response/sgwc_sxa_handle_session_modification_response of the component PGW S5U Address Handler. The manipulation leads to null pointer dereference. The attack can be initiated remotely. Tβ¦
8.2
CVE-2026-23989 - REVA Public Link Exploit
REVA is an interoperability platform. Prior to 2.42.3 and 2.40.3, a bug in the GRPC authorization middleware of the "Reva" component of OpenCloud allows a malicious user to bypass the scope verification of a public link. By exploiting this via the the "archiver" service this can be leveraged to creβ¦
1.1
CVE-2026-24050 - Zulip affected by Stored XSS in user profile modal
Zulip is an open-source team collaboration tool. From 5.0 to before 11.5, some administrative actions on the user profile were susceptible to stored XSS in group names or channel names. Exploiting these vulnerabilities required the user explicitly interacting with the problematic object. This vulneβ¦
9.4
CVE-2025-69212 - OpenSTAManager has an OS Command Injection in P7M File Processing
OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, a critical OS Command Injection vulnerability exists in the P7M (signed XML) file decoding functionality. An authenticated attacker can upload a ZIP file containing a .p7m file with a β¦
8.7
CVE-2025-69214 - OpenSTAManager has a SQL Injection in ajax_select.php (componenti endpoint)
OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, an SQL Injection vulnerability exists in the ajax_select.php endpoint when handling the componenti operation. An authenticated attacker can inject malicious SQL code through the optionβ¦
8.7
CVE-2025-69216 - OpenSTAManager has an SQL Injection in Scadenzario Print Template
OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, an authenticated SQL injection vulnerability in OpenSTAManager's Scadenzario (Payment Schedule) print template allows any authenticated user to extract sensitive data from the databaseβ¦
8.7
CVE-2026-24416 - OpenSTAManager has a Time-Based Blind SQL Injection in Article Pricing Module
OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Time-Based Blind SQL Injection vulnerability in the article pricing completion handler. The application fails to properly sanitize the idarticolo parametβ¦
8.7
CVE-2026-24417 - OpenSTAManager has a Time-Based Blind SQL Injection with Amplified Denial of Service
OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Time-Based Blind SQL Injection vulnerability in the global search functionality. The application fails to properly sanitize the term parameter before usiβ¦
8.7
CVE-2026-24418 - OpenSTAManager has an SQL Injection vulnerability in the Scadenzario bulk operations module
OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Error-Based SQL Injection vulnerability in the bulk operations handler for the Scadenzario (Payment Schedule) module. The application fails to validate tβ¦