| CVE-2026-38751 |
high |
7.2 |
7.2 |
|
|
|
25d ago |
OpenSTAManager version 2.10 and earlier contains an arbitrary file upload vulnerability in the module update functionality (modules/aggiornamenti/upload_modules.php) |
| CVE-2026-35470 |
unknown |
— |
— |
|
|
|
2mo ago |
OpenSTAManager has a SQL Injection via righe Parameter in confronta_righe Modals |
| CVE-2026-35168 |
unknown |
— |
— |
|
|
|
2mo ago |
OpenSTAManager: SQL Injection via Aggiornamenti Module |
| CVE-2026-29782 |
unknown |
— |
— |
|
|
|
2mo ago |
OpenSTAManager Affected by Remote Code Execution via Insecure Deserialization in OAuth2 |
| CVE-2026-28805 |
unknown |
— |
— |
|
|
|
2mo ago |
OpenSTAManager has a Time-Based Blind SQL Injection via `options[stato]` Parameter |
| CVE-2026-27012 |
unknown |
— |
— |
|
|
|
3mo ago |
OpenSTAManager affected by unauthenticated privilege escalation via modules/utenti/actions.php |
| CVE-2026-24415 |
unknown |
— |
— |
|
|
|
3mo ago |
OpenSTAManager Affected by XSS in modifica_iva.php via righe parameter |
| CVE-2026-24419 |
unknown |
— |
— |
|
|
|
4mo ago |
OpenSTAManager has a SQL Injection in the Prima Nota module |
| CVE-2026-24418 |
unknown |
— |
— |
|
|
|
4mo ago |
OpenSTAManager has a SQL Injection vulnerability in the Scadenzario bulk operations module |
| CVE-2026-24417 |
unknown |
— |
— |
|
|
|
4mo ago |
OpenSTAManager has a Time-Based Blind SQL Injection with Amplified Denial of Service |
| CVE-2026-24416 |
unknown |
— |
— |
|
|
|
4mo ago |
OpenSTAManager has a Time-Based Blind SQL Injection in Article Pricing Module |
| CVE-2025-69216 |
unknown |
— |
— |
|
|
|
4mo ago |
OpenSTAManager has a SQL Injection in Scadenzario Print Template |
| CVE-2025-69214 |
unknown |
— |
— |
|
|
|
4mo ago |
OpenSTAManager has a SQL Injection in ajax_select.php (componenti endpoint) |
| CVE-2025-69212 |
unknown |
— |
— |
|
|
|
4mo ago |
OpenSTAManager has an OS Command Injection in P7M File Processing |
| CVE-2025-69215 |
unknown |
— |
— |
|
|
|
4mo ago |
OpenSTAManager has an SQL Injection in the Stampe Module |
| CVE-2025-69213 |
unknown |
— |
— |
|
|
|
4mo ago |
OpenSTAManager has a SQL Injection in ajax_complete.php (get_sedi endpoint) |
| CVE-2025-65103 |
unknown |
— |
— |
|
|
|
6mo ago |
OpenSTAManager has Authenticated SQL Injection in API via 'display' parameter |