CVE Vulnerabilities - 12 March 2026

Jettweb News Site Script V1 allows attackers to access sensitive data

CVE-2019-25518

Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries...

8.8

Jettweb PHP News Site Script V1 Allows Attackers to Access Database

CVE-2019-25517

Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries...

8.8

Jettweb News Site Script V1: Unprotected Database Access

CVE-2019-25516

Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries...

8.8

Jettweb PHP News Site Script V3: Data Exposure Through Malicious Input

CVE-2019-25514

Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the k...

8.8

Jettweb PHP Site Software: Unauthenticated Data Exposure

CVE-2019-25513

Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries...

8.8

Jettweb PHP News Site Script V3 Allows Malicious SQL Queries

CVE-2019-25512

Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the k...

8.8

Jettweb PHP Script: Unauthenticated Attackers Can Steal Database Information

CVE-2019-25511

Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries...

8.8

Jettweb PHP Script: Unauthenticated Access to Admin Panel

CVE-2019-25510

Jettweb PHP Hazir Haber Sitesi Scripti V2 contains an authentication bypass vulnerability in the administration panel that allows unauthenticated atta...

8.8

XooDigital Latest exposes sensitive data via malicious GET requests

CVE-2019-25509

XooDigital Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code t...

8.8

Jettweb Php Hazir Ilan Sitesi Scripti V2 allows attackers to steal database info

CVE-2019-25508

Jettweb Php Hazir Ilan Sitesi Scripti V2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries ...

8.8

Jettweb Hazir Rent A Car Scripti V4 - Unprotected Admin Panel Allows Data Theft

CVE-2019-25488

Jettweb Hazir Rent A Car Scripti V4 contains multiple SQL injection vulnerabilities in the admin panel that allow unauthenticated attackers to manipul...

8.8

Jettweb Rent A Car Website Script: Unauthenticated Database Access Risk

CVE-2019-25482

Jettweb PHP Hazir Rent A Car Sitesi Scripti V2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database qu...

8.8

iScripts ReserveLogic allows unauthorized database data extraction

CVE-2019-25481

iScripts ReserveLogic contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL co...

8.8

Inout RealEstate: Unauthenticated Database Access Through City Parameter

CVE-2019-25479

Inout RealEstate contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code th...

8.8

Graphiti: Untrusted Input Injects Malicious Code in Searches

GHSA-gg5m-55jj-8m5g CVE-2026-32247

### Summary Graphiti versions before `0.28.2` contained a Cypher injection vulnerability in shared search-filter construction for non-Kuzu backends. ...

8.1

Postal SMTP Server: Admin Interface Data Tampering Risk

CVE-2026-25529

Postal is an open source SMTP server. Postal versions less than 3.3.5 had a HTML injection vulnerability that allowed unescaped data to be included in...

8.1

ImageMagick: Image Processing Can Lead to Data Corruption

CVE-2026-28693 GHSA-hffp-q43q-qq76

An integer overflow in DIB coder can result in out of bounds read or write...

8.1

LLM models in C/C++ may write data outside allocated space

CVE-2026-27940

llama.cpp is an inference of several LLM models in C/C++. Prior to b8146, the gguf_init_from_file_impl() in gguf.cpp is vulnerable to an Integer overf...

7.8

SGLangs replay_request_dump.py allows attackers to execute arbitrary code

CVE-2026-3989 GHSA-hvwj-8w5g-28rg

SGLangs `replay_request_dump.py` contains an insecure pickle.load() without validation and proper deserialization. An attacker can take advantage of t...

7.8

OpenCTI Platform Allows Malicious URLs to Access Internal Systems

CVE-2026-21887

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.8.16, the OpenCTI platform’s data inge...

7.7

SSH Credentials Exposed on Linux Systems

CVE-2026-21670

A vulnerability allowing a low-privileged user to extract saved SSH credentials....

7.7

Traefik Server Can Crash from Malformed HTTP/2 Frames

GHSA-4hjq-9h5c-252j

## Summary More Details: - https://nvd.nist.gov/vuln/detail/CVE-2026-27141 - https://pkg.go.dev/golang.org/x/net/http2?tab=versions ## Patches - ht...

7.7

StudioCMS S3 Storage Manager Allows Unauthorized File Access

CVE-2026-32101 GHSA-mm78-fgq8-6pgr

## Summary The S3 storage manager's `isAuthorized()` function is declared `async` (returns `Promise<boolean>`) but is called without `await` in both ...

7.6

OpenClaw: Malicious Files Can Be Written Outside Workspace

GHSA-mgrq-9f93-wpp5

### Summary `openclaw` had a workspace boundary bypass in workspace-only path validation: when an in-workspace symlink pointed outside the workspace t...

7.6

Ella Core can be crashed by a malicious message

GHSA-m9pm-w3gv-c68f CVE-2026-32319

## Summary Ella Core panics when processing a malformed integrity protected NGAP/NAS message with a length under 7 bytes. ## Impact An attacker abl...

7.5