Search
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-9330 | high | 8.5 | 8.5 | 2d ago | IBM WebSphere Application Server 9.0, and 8.5 is affected by an improper validation of user-supplied data during deserialization using the SAML Web Single Sign-On component. This could result in remo… | |||
| CVE-2026-7770 | high | 8.8 | 8.8 | 2d ago | IBM i Access Family 1.1.5.0 through 1.1.9.12 IBM i Access Client Solutions (ACS) is vulnerable to remote code execution when configured to listen for requests from IBM i Navigator. | |||
| CVE-2026-49121 | high | 8.1 | 8.1 | 2d ago | AI Tensor Engine for ROCm (AITER) through 0.1.14 contains an unauthenticated remote code execution vulnerability in the MessageQueue.recv() function within shm_broadcast.py that allows unauthenticate… | |||
| CVE-2026-47294 | high | 8.0 | 8.0 | microsoft | 2d ago | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | ||
| CVE-2026-45722 | high | 7.1 | 7.1 | 2d ago | Nextcloud is an open source content collaboration platform. From versions 0.9.0 to before 0.9.7, and 1.0.0 to before 1.0.2, a missing sanitization in the Tables app allowed a user with access to the … | |||
| CVE-2026-45545 | high | 8.2 | 8.2 | 2d ago | Nextcloud is an open source content collaboration platform. From versions 0.7.0 to before 0.7.7, 0.8.0 to before 0.8.10, 0.9.0 to before 0.9.8, and 1.0.0 to before 1.0.4, an authenticated attacker wi… | |||
| CVE-2026-45284 | high | 8.8 | 8.8 | nextcloud | 2d ago | Nextcloud is an open source content collaboration platform. From version 1.3.6 to before version 8.4.0, an improper check allowed users that where provided by LDAP to still authenticate towards user … | ||
| CVE-2026-45281 | high | 8.1 | 8.1 | nextcloud | 2d ago | Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, with the knowledge of other users’ principal URL an… | ||
| CVE-2026-45277 | low | 3.3 | 3.3 | nextcloud | 2d ago | Nextcloud is an open source content collaboration platform. Prior to version 2.7.2, authenticated users can check if arbitrary files are associated with specific approval workflows where they can req… | ||
| CVE-2026-43958 | high | 7.8 | 7.8 | sles debian | 2d ago | A flaw was found in rrdcached, a component of rrdtool. A local attacker with access to a rrdcached socket can exploit a stack-based buffer overflow by sending an oversized CREATE request. This vulner… | ||
| CVE-2026-43624 | high | 8.2 | 8.2 | 2d ago | F5-TTS through version 1.1.20 contains a path traversal vulnerability in the finetune Gradio handlers that allows unauthenticated attackers to write arbitrary files by passing unsanitized user-suppli… | |||
| CVE-2026-43623 | high | 8.8 | 8.8 | 2d ago | microtar through 0.1.0 contains a stack-based buffer overflow vulnerability in the raw_to_header() function in src/microtar.c that allows attackers to corrupt adjacent stack memory by supplying a cra… | |||
| CVE-2026-41013 | high | 8.1 | 8.1 | 2d ago | Input validation bypass in SMB volume mount handling in CloudFoundry Foundation diego-release allows low-privileged CF space developer to inject arbitrary kernel CIFS mount options via bypassing the … | |||
| CVE-2026-37235 | high | 7.5 | 7.5 | mosaic5g | 2d ago | FlexRIC v2.0.0 trusts the xapp_id field from E42 message payloads without binding it to the sender's SCTP association. The validation function valid_xapp_id() only checks that the value is within the… | ||
| CVE-2026-37233 | high | 7.5 | 7.5 | mosaic5g | 2d ago | FlexRIC v2.0.0 contains an authorization bypass in the iApp's xApp isolation mechanism. The equality function eq_xapp_ric_gen_id() in src/ric/iApp/xapp_ric_id.c compares m0->xapp_id against itself (m… | ||
| CVE-2026-37232 | high | 8.6 | 8.6 | openairinterface | 2d ago | An issue was discovered in OpenAirInterface5G 2.4.0 (nr-softmodem) in the E2SM-KPM RAN Function's PRB utilization metric calculation. The functions fill_RRU_PrbTotDl() and fill_RRU_PrbTotUl() in open… | ||
| CVE-2026-37231 | high | 7.5 | 7.5 | mosaic5g | 2d ago | FlexRIC v2.0.0 uses a uint16_t counter for xapp_id assignment but stores the value in uint32_t message fields. After 65,530+ E42_SETUP_REQUESTs, the 16-bit counter wraps around and produces duplicate… | ||
| CVE-2026-37230 | high | 7.5 | 7.5 | mosaic5g | 2d ago | FlexRIC v2.0.0 crashes when the near-RT RIC receives a RIC_INDICATION message with a ran_func_id that does not exist in its registry. The lookup returns NULL, triggering assert() in Debug builds (SIG… | ||
| CVE-2026-37229 | high | 7.5 | 7.5 | mosaic5g | 2d ago | FlexRIC v2.0.0 contains a reachable assertion in e2ap_create_pdu() triggered when ASN.1 PER decoding fails. A remote unauthenticated attacker can send any non-PER byte sequence (e.g., a single 0x00 b… | ||
| CVE-2026-37228 | high | 7.5 | 7.5 | mosaic5g | 2d ago | FlexRIC v2.0.0 contains a reachable assertion in e2ap_recv_sctp_msg() (src/lib/ep/e2ap_ep.c). The function allocates a fixed 32KB receive buffer and enforces assert(rc < len) on the sctp_recvmsg() re… | ||
| CVE-2026-37226 | high | 7.5 | 7.5 | mosaic5g | 2d ago | FlexRIC v2.0.0 crashes when the iApp receives an E42_RIC_SUBSCRIPTION_REQUEST referencing a non-existent E2 Node. The lookup function returns NULL, which is enforced by assert() in Debug builds (SIGA… | ||
| CVE-2026-10281 | high | 7.3 | 7.3 | 2d ago | A weakness has been identified in Enderfga claw-orchestrator up to 3.5.5. This affects the function EmbeddedServer of the file src/embedded-server.ts of the component API Endpoint. This manipulation … | |||
| CVE-2026-10280 | high | 7.3 | 7.3 | 2d ago | A security flaw has been discovered in horizon921 mcpilot 0.1.0. The impacted element is an unknown function of the file client/src/app/api/mcp/call/route.ts of the component MCP API Call Endpoint. T… | |||
| CVE-2026-0072 | high | 7.8 | 7.8 | 2d ago | In addInputMethodListener of com.android.server.inputmethod.InputMethodManagerService, there is a missing permission check. This could lead to local escalation of privilege with no additional executi… | |||
| CVE-2026-49136 | high | 7.5 | 7.5 | 2d ago | Banana Slides through 0.4.0, patched in commit e8bc490, contains a path traversal vulnerability in the generate_image() function within the AI service backend that allows unauthenticated attackers to… | |||
| CVE-2026-49135 | high | 7.1 | 7.1 | 2d ago | CodexBar prior to 0.32.0 contains an insecure temporary file handling vulnerability that allows local attackers to access sensitive credentials or tamper with build artifacts by exploiting predictabl… | |||
| CVE-2026-49134 | high | 7.1 | 7.1 | 2d ago | CodexBar prior to 0.32.0 contains a privilege escalation vulnerability in the CLI installer that allows local attackers to execute arbitrary commands as root by exploiting a race condition in tempora… | |||
| CVE-2026-24751 | high | 8.2 | 8.2 | accellion | 2d ago | Kiteworks is a private data network (PDN). Prior to version 9.3.0, a reflected XSS vulnerability in Kiteworks Secure Data Forms could allow an external attacker to trick a user into executing arbitra… | ||
| CVE-2026-8501 | high | 7.8 | 7.8 | 2d ago | Improper access control in the PCTCore64.sys Windows kernel driver from PC Tools Internet Security allows user-mode processes to access the PCTCoreDriver WDM device interface and invoke privileged IO… | |||
| CVE-2026-46243 | high | 7.8 | 7.8 | FIX | debian sles | 2d ago | In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions cifs.spnego key descriptions contain authority-bearing fields such as pid,… | |
| CVE-2026-45266 | low | 3.5 | 3.5 | 2d ago | Nextcloud is an open source content collaboration platform. Prior to versions 21.1.10, 22.0.11, and 23.0.3, a low-privileged user can force other user's microphones to be muted in calls when no High-… | |||
| CVE-2026-45159 | low | 3.5 | 3.5 | 2d ago | Nextcloud is an open source content collaboration platform. From versions 1.15.0 to before 1.15.4, 1.16.0 to before 1.16.3, 1.17.0 to before 1.17.1, and 1.18.0 to before 1.18.1, a malicious user with… | |||
| CVE-2026-45156 | high | 8.1 | 8.1 | 2d ago | Nextcloud is an open source content collaboration platform. From versions 0.3.0 to before 3.1.0, 5.0.0 to before 5.1.0, and 6.0.0 to before 6.4.0, a missing signature verification in User OIDC allowe… | |||
| CVE-2026-45155 | low | 2.6 | 2.6 | 2d ago | Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.7 and 33.0.0 to before 33.0.1, a missing access check on API level allowed to add u… | |||
| CVE-2026-45154 | low | 2.6 | 2.6 | 2d ago | Nextcloud is an open source content collaboration platform. From version 2.6.0 to before version 4.3.0, when a previous collective pages was deleted and the collective was shared view-only, guests wi… | |||
| CVE-2026-42678 | high | 7.1 | 7.1 | 2d ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Liquid Web / StellarWP GiveWP allows DOM-Based XSS. This issue affects GiveWP: from n/a through … | |||
| CVE-2026-42677 | high | 7.5 | 7.5 | 2d ago | Missing Authorization vulnerability in Ben Balter WP Document Revisions allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Document Revisions: from n/a be… | |||
| CVE-2026-42675 | high | 7.3 | 7.3 | 2d ago | Missing Authorization vulnerability in Themefic Hydra Booking allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Hydra Booking: from n/a through 1.1.41. | |||
| CVE-2026-42674 | high | 7.5 | 7.5 | 2d ago | Authentication Bypass by Spoofing vulnerability in AAM Plugin Advanced Access Manager allows URL Encoding. This issue affects Advanced Access Manager: from n/a through 7.1.0. | |||
| CVE-2026-42673 | high | 7.5 | 7.5 | 2d ago | Insertion of Sensitive Information Into Sent Data vulnerability in Logtivity Activity Logs Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity allows Retrieve Embedded Sensit… | |||
| CVE-2026-38950 | high | 7.8 | 7.8 | 2d ago | An issue in ESA AnomalyMatch before 1.3.1 allow attackers to execute arbitrary code via crafted model checkpoint files. The affected components load model files from session directories using torch.l… | |||
| CVE-2026-37227 | high | 7.5 | 7.5 | 2d ago | FlexRIC v2.0.0 contains reachable assert(0) calls in stub message handlers for whitelisted but unimplemented E2AP message types in the near-RT RIC. A remote unauthenticated attacker can send a decoda… | |||
| CVE-2026-37225 | high | 7.5 | 7.5 | 2d ago | FlexRIC v2.0.0 crashes when the iApp receives an E42_RIC_SUBSCRIPTION_REQUEST with an empty ricEventTriggerDefinition field. The E42 layer decoder accepts this as valid, but the E2AP encoder asserts … | |||
| CVE-2026-37224 | high | 7.5 | 7.5 | 2d ago | FlexRIC v2.0.0 crashes when receiving a duplicate E2_SETUP_REQUEST from the same or spoofed E2 Node. The iApp registry enforces node ID uniqueness via assert() rather than graceful rejection. A remot… | |||
| CVE-2026-37223 | high | 7.5 | 7.5 | 2d ago | FlexRIC v2.0.0 contains a reachable assertion in the iApp message dispatcher. The dispatcher validates incoming E2AP messages against a 9-entry whitelist using assert(). A remote unauthenticated atta… | |||
| CVE-2026-37222 | high | 7.5 | 7.5 | 2d ago | FlexRIC v2.0.0 uses hardcoded assertions to validate Information Element (IE) counts in decoded E2AP messages. A remote unauthenticated attacker can send a valid E2AP PDU containing an unexpected num… | |||
| CVE-2026-10273 | high | 7.3 | 7.3 | 2d ago | A vulnerability was found in php-censor up to 2.1.6. This affects an unknown function of the file src/Model/Build/GitBuild.php of the component Webhook Endpoint. Performing a manipulation of the argu… | |||
| CVE-2026-10270 | high | 7.5 | 7.5 | dlink | 2d ago | A vulnerability was detected in D-Link DI-7001 MINI up to 19.09.19A1. Impacted is the function sprintf of the file /httpd_debug.asp of the component API. The manipulation of the argument Time results… | ||
| CVE-2026-10268 | low | 3.3 | 3.3 | 2d ago | A weakness has been identified in janet-lang janet up to 1.41.0. This vulnerability affects the function unmarshal_one_fiber of the file src/core/marsh.c. Executing a manipulation can lead to integer… | |||
| CVE-2026-10118 | high | 7.8 | 7.8 | FIX | debian | 2d ago | A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the `tilingPatte… | |
| CVE-2022-4991 | high | 7.4 | 7.4 | 2d ago | Tychon includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory that may be controllable by an unprivileged user on Windows. Tychon contains a privileged service that use… | |||
| CVE-2026-48865 | high | 7.1 | 7.1 | 3d ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress LearnPress allows Reflected XSS. This issue affects LearnPress: from n/a through 4.3.6. | |||
| CVE-2026-48839 | high | 7.1 | 7.1 | 3d ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs WP Statistics allows DOM-Based XSS. This issue affects WP Statistics: from n/a throug… | |||
| CVE-2026-42683 | high | 7.1 | 7.1 | 3d ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS allows DOM-Based XSS. This issue affects VikBooki… | |||
| CVE-2026-42681 | high | 7.1 | 7.1 | 3d ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in E2Pdf.Com e2pdf allows Reflected XSS. This issue affects e2pdf: from n/a through 1.32.14. | |||
| CVE-2026-37221 | high | 7.5 | 7.5 | 3d ago | FlexRIC v2.0.0 crashes when receiving a RIC_SUBSCRIPTION_RESPONSE with an unknown ric_id that has no corresponding pending event. The near-RT RIC uses assert() to enforce the existence of a pending e… | |||
| CVE-2026-37220 | high | 7.5 | 7.5 | 3d ago | FlexRIC v2.0.0 crashes when an SCTP association is closed before an E2_SETUP_REQUEST is sent. The near-RT RIC assumes a mapping between SCTP association and E2 node always exists in the cleanup path … | |||
| CVE-2026-10267 | low | 3.3 | 3.3 | 3d ago | A security flaw has been discovered in janet-lang janet up to 1.41.0. This affects the function doframe of the file src/core/debug.c. Performing a manipulation results in out-of-bounds read. Attackin… | |||
| CVE-2026-10264 | low | 3.5 | 3.5 | 3d ago | A vulnerability was determined in lharries whatsapp-mcp 0.0.1. Affected by this vulnerability is the function SendMessageRequest of the file whatsapp-bridge/main.go of the component Send API Endpoint… | |||
| CVE-2026-10263 | high | 7.3 | 7.3 | 3d ago | A vulnerability was found in SourceCodester Computer Repair Shop Management System up to 1.0. Affected is an unknown function of the file /admin/products/manage_product.php. The manipulation of the a… | |||
| CVE-2026-10262 | high | 7.3 | 7.3 | 3d ago | A vulnerability has been found in code-projects Real State Services 1.0. This impacts an unknown function of the file /loginuser.php of the component Login. The manipulation of the argument Username … | |||
| CVE-2026-10261 | high | 7.3 | 7.3 | 3d ago | A flaw has been found in CodeAstro Online Job Portal 1.0. This affects an unknown function of the file /users/application_status.php. Executing a manipulation of the argument ID can lead to sql injec… | |||
| CVE-2026-10260 | high | 7.3 | 7.3 | 3d ago | A vulnerability was detected in CodeAstro Online Job Portal 1.0. The impacted element is an unknown function of the file /admin/jobs-admins/delete-jobs.php. Performing a manipulation of the argument … | |||
| CVE-2026-10259 | high | 8.8 | 8.8 | 3d ago | A security vulnerability has been detected in H3C Magic B0 up to 100R002. The affected element is the function SetMobileAPInfoById of the file /goform/aspForm. Such manipulation of the argument param… | |||
| CVE-2024-40646 | high | 8.6 | 8.6 | 3d ago | Vertex is a management tool for PT (Private Tracker) users to manage streaming and watching videos. Versions prior to commit fbde301b97986d5913fc4bc95f5445750d282e11 are vulnerable to path traversal.… | |||
| CVE-2026-10253 | high | 7.3 | 7.3 | 3d ago | A vulnerability was detected in itsourcecode Online House Rental System 1.0. This impacts an unknown function of the file /manage_payment.php. The manipulation of the argument ID results in sql injec… | |||
| CVE-2026-10252 | high | 7.3 | 7.3 | 3d ago | A security vulnerability has been detected in itsourcecode Online House Rental System 1.0. This affects an unknown function of the file /manage_tenant.php. The manipulation of the argument ID leads t… | |||
| CVE-2026-10251 | high | 7.3 | 7.3 | 3d ago | A weakness has been identified in itsourcecode Online House Rental System 1.0. The impacted element is an unknown function of the file /ajax.php?action=login. Executing a manipulation of the argument… | |||
| CVE-2026-10250 | high | 7.3 | 7.3 | 3d ago | A security flaw has been discovered in itsourcecode Online Blood Bank Management System 1.0. The affected element is an unknown function of the file /admin/campsdetails.php. Performing a manipulation… | |||
| CVE-2026-10249 | high | 7.3 | 7.3 | 3d ago | A vulnerability was identified in itsourcecode Online Blood Bank Management System 1.0. Impacted is an unknown function of the file /admin/viewrequest.php. Such manipulation of the argument ID leads … | |||
| CVE-2026-10247 | low | 3.5 | 3.5 | 3d ago | A vulnerability was found in SourceCodester Pharmacy Sales and Inventory System 1.0. This vulnerability affects the function create_generic_name of the file /ShowForm/create_generic_name/main. The ma… | |||
| CVE-2026-10246 | low | 3.5 | 3.5 | 3d ago | A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects the function create_medicine_presentation of the file /ShowForm/create_medicine_presentation/mai… | |||
| CVE-2026-10245 | low | 3.5 | 3.5 | 3d ago | A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected by this issue is the function create_supplier of the file /ShowForm/create_supplier/main. Executing a manipul… | |||
| CVE-2026-10244 | low | 3.5 | 3.5 | 3d ago | A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected by this vulnerability is the function create_medicine_name of the file /ShowForm/create_medicine_name/… | |||
| CVE-2026-9024 | high | 8.7 | 8.7 | 3d ago | A Stored Cross-site Scripting (XSS) vulnerability affecting Process Experience Studio in DELMIA Service Process Engineer from Release 3DEXPERIENCE R2024x through Release 3DEXPERIENCE R2026x could all… | |||
| CVE-2026-49361 | high | 7.5 | 7.5 | apache | 3d ago | Apache Fluss versions prior to 0.9.1 configure the Netty LengthFieldBasedFrameDecoder with Integer.MAX_VALUE as the maximum frame length, allowing unauthenticated remote attackers to exhaust JVM heap… | ||
| CVE-2026-49298 | high | 8.8 | 8.8 | apache | 3d ago | A bug in Apache Airflow's KubernetesExecutor caused JWT tokens used by worker pods to authenticate against the Execution API to be passed to the worker container as command-line arguments visible in … | ||
| CVE-2026-49157 | high | 8.8 | 8.8 | debian | apache | 3d ago | Incorrect Default Permissions vulnerability in Apache ActiveMQ. This issue affects Apache ActiveMQ: before 5.19.7, from 6.0.0 before 6.2.6. The default Jolokia authorization settings granted non-ad… | |
| CVE-2026-48827 | high | 7.1 | 7.1 | debian sles | apache | 3d ago | Path traversal vulnerability in Apache MINA SSHD bundle sshd-git. Lack of path validation in git-upload-pack, git-receive-pack, and other git operations allows users authenticated over SSH access to … | |
| CVE-2026-45505 | high | 8.8 | 8.8 | debian | apache | 3d ago | Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Non-parenthesized discovery wrapp… | |
| CVE-2026-45426 | low | 3.1 | 3.1 | apache | 3d ago | Exploitation requires the attacker to already be an authenticated Airflow worker holding a valid Log-server JWT issued for at least one Dag. Apache Airflow's Log server authorized JWT tokens against … | ||
| CVE-2026-45360 | high | 7.3 | 7.3 | apache | 3d ago | Apache Airflow's scheduler-side deadline-reference decoder (`SerializedCustomReference.deserialize_reference`) imported and dispatched arbitrary class paths drawn from DAG-author-controlled serialize… | ||
| CVE-2026-44825 | high | 8.1 | 8.1 | FIX | debian | apache | 3d ago | Hardcoded credentials in the Basic Authentication setup tool (bin/solr auth enable) in Apache Solr versions 9.4.0 through 9.10.1 and 10.0.0 allows a remote attacker to gain full administrative access… |
| CVE-2026-42588 | high | 8.1 | 8.1 | debian | apache | 3d ago | Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Apache ActiveMQ Classic exposes th… | |
| CVE-2026-42359 | high | 8.8 | 8.8 | apache | 3d ago | A bug in Apache Airflow's XCom PATCH endpoint `PATCH /api/v2/xcomEntries/{key}` allowed an authenticated UI/API user with XCom write permission on a Dag to set XCom entries under reserved key names (… | ||
| CVE-2026-41084 | high | 7.5 | 7.5 | apache | 3d ago | A bug in Apache Airflow's bulk Task Instances API (`PATCH/DELETE /api/v2/dags/{dag_id}/dagRuns/{dag_run_id}/taskInstances`) evaluated authorization against the `dag_id` resolved from the URL path whi… | ||
| CVE-2026-40963 | low | 3.1 | 3.1 | apache | 3d ago | The structure_data endpoint in the Airflow UI returned external dependency graph nodes for linked Dags without checking whether the caller had read permission on those linked Dags. An authenticated U… | ||
| CVE-2026-40961 | high | 7.2 | 7.2 | apache | 3d ago | A bug in the login redirect route in Apache Airflow allowed authenticated users to craft URLs that bypassed the `is_safe_url` check, enabling redirection from a trusted Airflow domain to an attacker-… | ||
| CVE-2026-32325 | high | 7.8 | 7.8 | 3d ago | Privilege chaining issue exists in ServerView Agents for Windows V11.60.04 and earlier. If this vulnerability is exploited, a local authenticated attacker who can log in to the server where the affec… | |||
| CVE-2026-27788 | high | 7.8 | 7.8 | 3d ago | Incorrect permission assignment for critical resource issue exists in ServerView Agents for Windows V11.60.04 and earlier. If this vulnerability is exploited, a local authenticated attacker who can l… | |||
| CVE-2026-10243 | high | 7.3 | 7.3 | 3d ago | A security vulnerability has been detected in code-projects Smart Parking System 1.0. Affected is an unknown function of the component Admin Endpoint. Such manipulation leads to missing authenticatio… | |||
| CVE-2026-10236 | high | 7.3 | 7.3 | 3d ago | A vulnerability has been found in SourceCodester Water Billing Management System 1.0. This issue affects some unknown processing of the file /classes/Users.php?f=save of the component User Management… | |||
| CVE-2026-35563 | high | 8.5 | 8.5 | debian | apache | 3d ago | It was identified that the LDAP client implementation in version 2.1.7 does not verify if the server certificate matches the intended LDAP hostname. While the underlying code validates the certifica… | |
| CVE-2026-10234 | low | 3.5 | 3.5 | 3d ago | A vulnerability was detected in Mettle sendportal up to 3.0.1. This affects an unknown part of the file /webview/ of the component Campaign Handler. The manipulation of the argument content results i… | |||
| CVE-2026-10233 | low | 3.3 | 3.3 | sles debian | 3d ago | A security vulnerability has been detected in Assimp up to 6.0.4. Affected by this issue is the function HL1MDLLoader::read_sequence_infos of the file HL1MDLLoader.cpp of the component Half-Life 1 MD… | ||
| CVE-2026-10228 | low | 3.5 | 3.5 | 3d ago | A vulnerability was found in raisulislamg4 student_management_system_by_php up to 310d950e09013d5133c6b9210aff9444382d16d1. The impacted element is an unknown function of the file admission_form_chec… | |||
| CVE-2026-10227 | high | 7.3 | 7.3 | 3d ago | A vulnerability has been found in raisulislamg4 student_management_system_by_php up to 310d950e09013d5133c6b9210aff9444382d16d1. The affected element is an unknown function of the file add_user_check… | |||
| CVE-2026-10226 | high | 7.3 | 7.3 | 3d ago | A flaw has been found in raisulislamg4 student_management_system_by_php up to 310d950e09013d5133c6b9210aff9444382d16d1. Impacted is an unknown function of the file delete.php. Executing a manipulatio… | |||
| CVE-2026-10225 | high | 7.3 | 7.3 | 3d ago | A vulnerability was detected in raisulislamg4 student_management_system_by_php up to 310d950e09013d5133c6b9210aff9444382d16d1. This issue affects some unknown processing of the file login_check.php o… | |||
| CVE-2026-48209 | high | 7.1 | 7.1 | 3d ago | An improper neutralization of user-controllable input in OTRS or ((OTRS)) Community Edition ticket handling allows authenticated attackers to perform reflected cross-site scripting (XSS) attacks via … |