7.5
CVE-2026-22259 - Suricata dnp3: unbounded transaction growth
Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, specially crafted traffic can cause Suricata to consume large amounts of memory while parsing DNP3 traffic. This can lead to the process slowing down and running out of memory, potentially leading to it getting kille…
6.7
CVE-2026-0705 -
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cloud Manager (Windows) before build 6.4.25342.354.
9.3
CVE-2026-1483 - Out-of-band SQL injection in Quatuor Performance Evaluation
An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Id_usuario' in '/evaluacion_objetivos_ver_auto.aspx', could allow an attacker to ext…
9.3
CVE-2026-1482 - Out-of-band SQL injection in Quatuor Performance Evaluation
An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Id_evaluacion' in '/evaluacion_objetivos_evalua_definido.aspx', could allow an attac…
9.3
CVE-2026-1481 - Out-of-band SQL injection in Quatuor Performance Evaluation
An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Id_usuario' in '/evaluacion_objetivos_anyo_sig_ver_auto.aspx', could allow an attack…
9.3
CVE-2026-1480 - Out-of-band SQL injection in Quatuor Performance Evaluation
An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Id_usuario' in '/evaluacion_objetivos_anyo_sig_evalua.aspx', could allow an attacker…
9.3
CVE-2026-1479 - Out-of-band SQL injection in Quatuor Performance Evaluation
An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameters 'Id_usuario' and 'Id_evaluacion’ in ‘/evaluacion_hca_ver_auto.asp', could allow an a…
9.3
CVE-2026-1478 - Out-of-band SQL injection in Quatuor Performance Evaluation
An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Id_usuario' and 'Id_evaluacion’ in ‘/evaluacion_hca_evalua.aspx’, could allow an att…
9.3
CVE-2026-1477 - Out-of-band SQL injection in Quatuor Performance Evaluation
An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Id_usuario' and 'Id_evaluacion’ in ‘/evaluacion_competencias_evalua_old.aspx’, could…
9.3
CVE-2026-1476 - Out-of-band SQL injection in Quatuor Performance Evaluation
An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Id_usuario' in ‘/evaluacion_acciones_ver_auto.aspx’, could allow an attacker to extr…