High CVE-2026-50636 The RemoteControl API methods invite_participants and remind_participants pass a caller-supplied token-ID array into TokenDynamic::findUninvited(), which concatenates the values directly into a tid IN ('...') SQL clause without parameterization or input validation. A remote,...

#Sicherheitslücke

Original-Artikel öffnen Zurück zur Übersicht

ARTICLEVIEW

[High] CVE-2026-50636 – The RemoteControl API methods invite_participants and remind_participants pass a...

VERWANDTEARTIKEL

CVE-2026-50752

CVE-2026-9740 - Unbounded recursion in BSONColumn interleaved-reference causes pre-auth stack overflow

CVE-2026-9753 - Server crash via malformed binary diff passed to $_internalApplyOplogUpdate.

[Medium] CVE-2026-47905 – CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are af...

[High] CVE-2026-34713 – CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are af...

[Medium] CVE-2026-25860 – OpenClinic GA 5.351.19 contains a reflected cross-site scripting vulnerability i...