2
CVE-2026-33550 - Insufficient OTP Renewal and Length in SOGo Leading to Potential Credential Compromise
SOGo before 5.12.5 does not renew the OTP if a user disables/enables it, and has a too short length (only 12 digits instead of the 20 recommended).
6.4
CVE-2025-71276 - Unsanitized Category Names Allow CrossβSite Scripting in SOGo
SOGo before 5.12.5 is prone to a XSS vulnerability with events, tasks, and contacts categories.
6.7
CVE-2026-33549 -
SPIP 4.4.10 through 4.4.12 before 4.4.13 allows unintended privilege assignment (of administrator privileges) during the editing of an author data structure because of STATUT mishandling.
5.3
CVE-2026-4533 - code-projects Simple Food Ordering System all-tickets.php sql injection
A vulnerability was detected in code-projects Simple Food Ordering System 1.0. Affected by this issue is some unknown functionality of the file all-tickets.php. The manipulation of the argument Status results in sql injection. It is possible to launch the attack remotely. The exploit is now public β¦
6.9
CVE-2026-4532 - code-projects Simple Food Ordering System Database Backup food.sql file access
A security vulnerability has been detected in code-projects Simple Food Ordering System up to 1.0. Affected by this vulnerability is an unknown functionality of the file /food/sql/food.sql of the component Database Backup Handler. The manipulation leads to files or directories accessible. It is posβ¦
6.9
CVE-2026-4531 - Free5GC AMF handler.go HandleRegistrationComplete denial of service
A weakness has been identified in Free5GC 4.1.0. Affected is the function HandleRegistrationComplete of the file internal/gmm/handler.go of the component AMF. Executing a manipulation can lead to denial of service. The attack may be performed from remote. This patch is called 52e9386401ce56ea773c5aβ¦
6.9
CVE-2019-25589 - ZOC Terminal 7.23.4 Buffer Overflow Denial of Service
ZOC Terminal 7.23.4 contains a buffer overflow vulnerability in the Shell field of Program Settings that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a crafted payload into the Shell configuration field and trigger a crash when accessiβ¦
6.9
CVE-2019-25588 - BulletProof FTP Server 2019.0.0.50 Denial of Service via DNS Address
BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the DNS Address field that allows local attackers to crash the application by supplying an excessively long string. Attackers can enable the DNS Address option in the Firewall settings and paste a buffer of 700 bytes tβ¦
6.9
CVE-2019-25587 - BulletProof FTP Server 2019.0.0.50 Storage-Path Denial of Service
BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the Storage-Path configuration parameter that allows local attackers to crash the application by supplying an excessively long string value. Attackers can enable the Override Storage-Path setting and paste a buffer of β¦
6.9
CVE-2019-25586 - Deluge 1.3.15 Denial of Service via URL Field
Deluge 1.3.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the URL field. Attackers can paste a buffer of 5000 characters into the 'From URL' field during torrent addition to trigger an application crash.