Logo
Retour à la veille

CVE-2026-8406

Publié : 11 juin 2026
Modifié : 11 juin 2026
Lien officiel NVD

Description détaillée

openSIS Classic 9.3 contains an insecure direct object reference vulnerability in the messaging module. Any authenticated user with access to the messaging module can request sent-message details from modules/messaging/SentMail.php by supplying an arbitrary mail_id value.

Références et Patchs

https://fluidattacks.com/es/advisories/melaniehttps://github.com/OS4ED/openSIS-Classichttps://github.com/OS4ED/openSIS-Classic/commit/c45d43146167324bae06bdf09de3e4bd2e5e478fhttps://fluidattacks.com/es/advisories/melanie

Dernières Vulnérabilités

CVE-2026-9648

The crypton-x509-validation Haskell library fails to enforce X.509 NameConstraints, allowing TLS clients to accept certificates whose Subject Alternative Names fall outside the issuing CA’s permitted subtrees. This oversight enables an attacker who compromises a name-constrained sub-CA to impersonate domains beyond its intended scope.

VOIR DÉTAILS

CVE-2026-7870

IBM i 7.6, 7.5, 7.4, and 7.3 could allow a user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege.

VOIR DÉTAILS

CVE-2026-7787

IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references.

VOIR DÉTAILS