| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-35470 | OpenSTAManager has a SQL Injection via righe Parameter in confronta_righe Modals | devcode-it | openstamanager | High | 8.8 | 2026-04-06 17:40:33 | Deep Dive |
| CVE-2026-35168 | OpenSTAManager: SQL Injection via Aggiornamenti Module | devcode-it | openstamanager | High | 8.8 | 2026-04-02 13:48:17 | Deep Dive |
| CVE-2026-28805 | OpenSTAManager: Time-Based Blind SQL Injection via `options[stato]` Parameter | devcode-it | openstamanager | High | 8.8 | 2026-04-02 13:44:07 | Deep Dive |
| CVE-2026-29782 | OpenSTAManager: Remote Code Execution via Insecure Deserialization in OAuth2 | devcode-it | openstamanager | High | 7.2 | 2026-04-02 13:42:25 | Deep Dive |
| CVE-2026-27012 | Unauthenticated privilege escalation in OpenSTAManager via modules/utenti/actions.php | devcode-it | openstamanager | Critical | 9.8 | 2026-03-03 21:53:01 | Deep Dive |
| CVE-2026-24415 | OpenSTAManager affected by reflected XSS in modifica_iva.php via righe parameter | devcode-it | openstamanager | - | - | 2026-03-03 21:51:42 | Deep Dive |
| CVE-2025-69212 | OpenSTAManager has an OS Command Injection in P7M File Processing | devcode-it | openstamanager | - | - | 2026-02-06 18:12:38 | Deep Dive |
| CVE-2025-69214 | OpenSTAManager has a SQL Injection in ajax_select.php (componenti endpoint) | devcode-it | openstamanager | - | - | 2026-02-06 18:11:34 | Deep Dive |
| CVE-2025-69216 | OpenSTAManager has an SQL Injection in Scadenzario Print Template | devcode-it | openstamanager | - | - | 2026-02-06 18:10:34 | Deep Dive |
| CVE-2026-24416 | OpenSTAManager has a Time-Based Blind SQL Injection in Article Pricing Module | devcode-it | openstamanager | - | - | 2026-02-06 18:08:45 | Deep Dive |
| CVE-2026-24417 | OpenSTAManager has a Time-Based Blind SQL Injection with Amplified Denial of Service | devcode-it | openstamanager | - | - | 2026-02-06 18:07:52 | Deep Dive |
| CVE-2026-24418 | OpenSTAManager has an SQL Injection vulnerability in the Scadenzario bulk operations module | devcode-it | openstamanager | - | - | 2026-02-06 18:06:47 | Deep Dive |
| CVE-2026-24419 | OpenSTAManager has an SQL Injection in the Prima Nota module | devcode-it | openstamanager | - | - | 2026-02-06 18:05:42 | Deep Dive |
| CVE-2025-69215 | OpenSTAManager has an SQL Injection in the Stampe Module | devcode-it | openstamanager | - | - | 2026-02-04 17:42:32 | Deep Dive |
| CVE-2025-69213 | OpenSTAManager has a SQL Injection in ajax_complete.php (get_sedi endpoint) | devcode-it | openstamanager | - | - | 2026-02-04 17:42:28 | Deep Dive |
| CVE-2025-65103 | OpenSTAManager has an authenticated SQL Injection vulnerability in API via 'display' parameter | devcode-it | openstamanager | High | 8.8 | 2025-11-19 19:09:09 | Deep Dive |