Security Vulnerabilities
OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Error-Based SQL Injection vulnerability in the Prima Nota (Journal Entry) module's add.php file. The application fails to validate that comma-separated values from the id_documenti GET parameter are integers before using them in SQL IN() clauses, allowing attackers to inject arbitrary SQL commands and extract sensitive data through XPATH error messages.
CVSS Score
6.5
EPSS Score
0.0
Published
2026-02-06
Permission control vulnerability in the AMS module.
Impact: Successful exploitation of this vulnerability may affect availability.
CVSS Score
6.2
EPSS Score
0.0
Published
2026-02-06
Vulnerability of improper permission control in the print module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVSS Score
6.1
EPSS Score
0.0
Published
2026-02-06
Out-of-bounds access vulnerability in the frequency modulation module.
Impact: Successful exploitation of this vulnerability may affect availability.
CVSS Score
5.5
EPSS Score
0.0
Published
2026-02-06
Out-of-bounds write vulnerability in the file system module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVSS Score
5.8
EPSS Score
0.0
Published
2026-02-06
Out-of-bounds read vulnerability in the graphics module.
Impact: Successful exploitation of this vulnerability may affect availability.
CVSS Score
5.9
EPSS Score
0.0
Published
2026-02-06
UAF concurrency vulnerability in the graphics module.
Impact: Successful exploitation of this vulnerability may affect availability.
CVSS Score
8.4
EPSS Score
0.0
Published
2026-02-06
Vulnerability of improper criterion security check in the card module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVSS Score
5.9
EPSS Score
0.0
Published
2026-02-06
A security flaw has been discovered in Free5GC up to 4.1.0. This impacts the function identityTriggerType of the file pfcp_reports.go. The manipulation results in null pointer dereference. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. Applying a patch is advised to resolve this issue.
CVSS Score
5.3
EPSS Score
0.0
Published
2026-02-06
A weakness has been identified in Free5GC up to 4.1.0. Affected is the function SessionDeletionResponse of the component SMF. This manipulation causes null pointer dereference. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks. It is suggested to install a patch to address this issue.
CVSS Score
5.3
EPSS Score
0.0
Published
2026-02-06