Search
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-45275 | medium | 6.5 | 6.5 | nextcloud | 3d ago | Nextcloud is an open source content collaboration platform. Prior to version 2.7.2, a privilege escalation vulnerability exists in the Approval app that allows a user without sharing permissions to f… | ||
| CVE-2026-43958 | high | 7.8 | 7.8 | sles debian | 3d ago | A flaw was found in rrdcached, a component of rrdtool. A local attacker with access to a rrdcached socket can exploit a stack-based buffer overflow by sending an oversized CREATE request. This vulner… | ||
| CVE-2026-43625 | medium | 5.9 | 5.9 | 3d ago | CodexBar prior to 0.32.0 contains a session cookie leakage vulnerability that allows network attackers to intercept imported browser session cookies by exploiting improper redirect handling for Amp a… | |||
| CVE-2026-43624 | high | 8.2 | 8.2 | 3d ago | F5-TTS through version 1.1.20 contains a path traversal vulnerability in the finetune Gradio handlers that allows unauthenticated attackers to write arbitrary files by passing unsanitized user-suppli… | |||
| CVE-2026-43623 | high | 8.8 | 8.8 | 3d ago | microtar through 0.1.0 contains a stack-based buffer overflow vulnerability in the raw_to_header() function in src/microtar.c that allows attackers to corrupt adjacent stack memory by supplying a cra… | |||
| CVE-2026-41013 | high | 8.1 | 8.1 | 3d ago | Input validation bypass in SMB volume mount handling in CloudFoundry Foundation diego-release allows low-privileged CF space developer to inject arbitrary kernel CIFS mount options via bypassing the … | |||
| CVE-2026-40990 | medium | 5.7 | 5.7 | 3d ago | OOM error is possible while attempting to add infinite amount of functions to Function Registry. Affected Spring Products and Versions: Spring Cloud Function 3.2.x: versions prior to 3.2.16 Spring C… | |||
| CVE-2026-40989 | medium | 5.7 | 5.7 | 3d ago | Under infinite recursion in the routing layer, request-handling can cause OOM error. Affected Spring Products and Versions: Spring Cloud Function 3.2.x: versions prior to 3.2.16 Spring Cloud Functio… | |||
| CVE-2026-37235 | high | 7.5 | 7.5 | mosaic5g | 3d ago | FlexRIC v2.0.0 trusts the xapp_id field from E42 message payloads without binding it to the sender's SCTP association. The validation function valid_xapp_id() only checks that the value is within the… | ||
| CVE-2026-37233 | high | 7.5 | 7.5 | mosaic5g | 3d ago | FlexRIC v2.0.0 contains an authorization bypass in the iApp's xApp isolation mechanism. The equality function eq_xapp_ric_gen_id() in src/ric/iApp/xapp_ric_id.c compares m0->xapp_id against itself (m… | ||
| CVE-2026-37232 | high | 8.6 | 8.6 | openairinterface | 3d ago | An issue was discovered in OpenAirInterface5G 2.4.0 (nr-softmodem) in the E2SM-KPM RAN Function's PRB utilization metric calculation. The functions fill_RRU_PrbTotDl() and fill_RRU_PrbTotUl() in open… | ||
| CVE-2026-37231 | high | 7.5 | 7.5 | mosaic5g | 3d ago | FlexRIC v2.0.0 uses a uint16_t counter for xapp_id assignment but stores the value in uint32_t message fields. After 65,530+ E42_SETUP_REQUESTs, the 16-bit counter wraps around and produces duplicate… | ||
| CVE-2026-37230 | high | 7.5 | 7.5 | mosaic5g | 3d ago | FlexRIC v2.0.0 crashes when the near-RT RIC receives a RIC_INDICATION message with a ran_func_id that does not exist in its registry. The lookup returns NULL, triggering assert() in Debug builds (SIG… | ||
| CVE-2026-37229 | high | 7.5 | 7.5 | mosaic5g | 3d ago | FlexRIC v2.0.0 contains a reachable assertion in e2ap_create_pdu() triggered when ASN.1 PER decoding fails. A remote unauthenticated attacker can send any non-PER byte sequence (e.g., a single 0x00 b… | ||
| CVE-2026-37228 | high | 7.5 | 7.5 | mosaic5g | 3d ago | FlexRIC v2.0.0 contains a reachable assertion in e2ap_recv_sctp_msg() (src/lib/ep/e2ap_ep.c). The function allocates a fixed 32KB receive buffer and enforces assert(rc < len) on the sctp_recvmsg() re… | ||
| CVE-2026-37226 | high | 7.5 | 7.5 | mosaic5g | 3d ago | FlexRIC v2.0.0 crashes when the iApp receives an E42_RIC_SUBSCRIPTION_REQUEST referencing a non-existent E2 Node. The lookup function returns NULL, which is enforced by assert() in Debug builds (SIGA… | ||
| CVE-2026-23638 | medium | 6.5 | 6.5 | accellion | 3d ago | Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks Secure Data Forms allows an authenticated attacker to tamper w… | ||
| CVE-2026-10283 | medium | 6.3 | 6.3 | 3d ago | A vulnerability was detected in Bottelet DaybydayCRM up to 2.2.1. Affected is an unknown function of the component Setting Handler. Performing a manipulation results in missing authentication. Remote… | |||
| CVE-2026-10282 | medium | 4.3 | 4.3 | 3d ago | A security vulnerability has been detected in Bottelet DaybydayCRM up to 2.2.1. This impacts the function view of the file app/Http/Controllers/DocumentsController.php. Such manipulation leads to imp… | |||
| CVE-2026-10281 | high | 7.3 | 7.3 | 3d ago | A weakness has been identified in Enderfga claw-orchestrator up to 3.5.5. This affects the function EmbeddedServer of the file src/embedded-server.ts of the component API Endpoint. This manipulation … | |||
| CVE-2026-10280 | high | 7.3 | 7.3 | 3d ago | A security flaw has been discovered in horizon921 mcpilot 0.1.0. The impacted element is an unknown function of the file client/src/app/api/mcp/call/route.ts of the component MCP API Call Endpoint. T… | |||
| CVE-2026-10279 | medium | 6.3 | 6.3 | 3d ago | A vulnerability was identified in hiraishikentaro wezterm-mcp 0.1.0. The affected element is an unknown function of the file src/wezterm_executor.ts of the component switch_pane/write_to_specific_pan… | |||
| CVE-2026-10278 | medium | 6.3 | 6.3 | 3d ago | A vulnerability was determined in ishayoyo excel-mcp up to 1.0.2. Impacted is an unknown function of the file src/index.ts of the component read_file/write_file. Executing a manipulation of the argum… | |||
| CVE-2026-10277 | medium | 6.3 | 6.3 | 3d ago | A vulnerability was found in j3k0 mcp-google-workspace up to 831790e7d5c2663325733d9f5579cc339a267c4c. This issue affects the function saveToDisk of the file src/tools/gmail.ts of the component MCP G… | |||
| CVE-2026-10276 | medium | 6.3 | 6.3 | 3d ago | A vulnerability has been found in hekmon8 Jenkins-server-mcp 0.1.0. This vulnerability affects the function jobPath of the file src/index.ts of the component get_build_status/get_build_log/trigger_bu… | |||
| CVE-2026-0072 | high | 7.8 | 7.8 | 3d ago | In addInputMethodListener of com.android.server.inputmethod.InputMethodManagerService, there is a missing permission check. This could lead to local escalation of privilege with no additional executi… | |||
| CVE-2026-10285 | medium | 5.4 | 5.4 | 3d ago | A vulnerability has been found in DevaslanPHP project-management up to 2.0.0-beta1. Affected by this issue is the function KanbanScrumHelper::recordUpdated of the file app/Helpers/KanbanScrumHelper.p… | |||
| CVE-2026-49136 | high | 7.5 | 7.5 | 3d ago | Banana Slides through 0.4.0, patched in commit e8bc490, contains a path traversal vulnerability in the generate_image() function within the AI service backend that allows unauthenticated attackers to… | |||
| CVE-2026-10284 | medium | 5.4 | 5.4 | 3d ago | A flaw has been found in DevaslanPHP project-management up to 2.0.0-beta1. Affected by this vulnerability is the function editComment/doDeleteComment of the file app/Filament/Resources/TicketResource… | |||
| CVE-2026-49135 | high | 7.1 | 7.1 | 3d ago | CodexBar prior to 0.32.0 contains an insecure temporary file handling vulnerability that allows local attackers to access sensitive credentials or tamper with build artifacts by exploiting predictabl… | |||
| CVE-2026-49134 | high | 7.1 | 7.1 | 3d ago | CodexBar prior to 0.32.0 contains a privilege escalation vulnerability in the CLI installer that allows local attackers to execute arbitrary commands as root by exploiting a race condition in tempora… | |||
| CVE-2026-24751 | high | 8.2 | 8.2 | accellion | 3d ago | Kiteworks is a private data network (PDN). Prior to version 9.3.0, a reflected XSS vulnerability in Kiteworks Secure Data Forms could allow an external attacker to trick a user into executing arbitra… | ||
| CVE-2026-8501 | high | 7.8 | 7.8 | 3d ago | Improper access control in the PCTCore64.sys Windows kernel driver from PC Tools Internet Security allows user-mode processes to access the PCTCoreDriver WDM device interface and invoke privileged IO… | |||
| CVE-2026-46243 | high | 7.8 | 7.8 | FIX | debian sles | 3d ago | In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions cifs.spnego key descriptions contain authority-bearing fields such as pid,… | |
| CVE-2026-45267 | medium | 6.5 | 6.5 | 3d ago | Nextcloud is an open source content collaboration platform. Prior to version 5.2.6, a missing permissions check allowed users to request reading form submissions of other users. This issue has been p… | |||
| CVE-2026-45266 | low | 3.5 | 3.5 | 3d ago | Nextcloud is an open source content collaboration platform. Prior to versions 21.1.10, 22.0.11, and 23.0.3, a low-privileged user can force other user's microphones to be muted in calls when no High-… | |||
| CVE-2026-45264 | medium | 4.3 | 4.3 | 3d ago | Nextcloud is an open source content collaboration platform. From versions 17.0.0 to before 17.0.15, 18.0.0 to before 18.1.12, 19.0.0 to before 19.1.16, 20.0.0 to before 20.1.11, and 21.0.0 to before … | |||
| CVE-2026-45159 | low | 3.5 | 3.5 | 3d ago | Nextcloud is an open source content collaboration platform. From versions 1.15.0 to before 1.15.4, 1.16.0 to before 1.16.3, 1.17.0 to before 1.17.1, and 1.18.0 to before 1.18.1, a malicious user with… | |||
| CVE-2026-45157 | medium | 6.3 | 6.3 | 3d ago | Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, when a malicious user has access to a file share of… | |||
| CVE-2026-45156 | high | 8.1 | 8.1 | 3d ago | Nextcloud is an open source content collaboration platform. From versions 0.3.0 to before 3.1.0, 5.0.0 to before 5.1.0, and 6.0.0 to before 6.4.0, a missing signature verification in User OIDC allowe… | |||
| CVE-2026-45155 | low | 2.6 | 2.6 | 3d ago | Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.7 and 33.0.0 to before 33.0.1, a missing access check on API level allowed to add u… | |||
| CVE-2026-45154 | low | 2.6 | 2.6 | 3d ago | Nextcloud is an open source content collaboration platform. From version 2.6.0 to before version 4.3.0, when a previous collective pages was deleted and the collective was shared view-only, guests wi… | |||
| CVE-2026-45153 | medium | 4.6 | 4.6 | 3d ago | Nextcloud is an open source content collaboration platform. From version 33.0.0 to before version 33.1.0, after unlocking a locked Android phone the back-button could be used to bypass the Nextcloud … | |||
| CVE-2026-42679 | medium | 6.5 | 6.5 | 3d ago | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Mamunur Rashid Classified Listing allows Path Traversal. This issue affects Classified Listing: from n… | |||
| CVE-2026-42678 | high | 7.1 | 7.1 | 3d ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Liquid Web / StellarWP GiveWP allows DOM-Based XSS. This issue affects GiveWP: from n/a through … | |||
| CVE-2026-42677 | high | 7.5 | 7.5 | 3d ago | Missing Authorization vulnerability in Ben Balter WP Document Revisions allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Document Revisions: from n/a be… | |||
| CVE-2026-42676 | medium | 6.5 | 6.5 | 3d ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in myCred allows Stored XSS. This issue affects myCred: from n/a through 3.0.4. | |||
| CVE-2026-42675 | high | 7.3 | 7.3 | 3d ago | Missing Authorization vulnerability in Themefic Hydra Booking allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Hydra Booking: from n/a through 1.1.41. | |||
| CVE-2026-42674 | high | 7.5 | 7.5 | 3d ago | Authentication Bypass by Spoofing vulnerability in AAM Plugin Advanced Access Manager allows URL Encoding. This issue affects Advanced Access Manager: from n/a through 7.1.0. | |||
| CVE-2026-42673 | high | 7.5 | 7.5 | 3d ago | Insertion of Sensitive Information Into Sent Data vulnerability in Logtivity Activity Logs Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity allows Retrieve Embedded Sensit… | |||
| CVE-2026-42671 | medium | 6.5 | 6.5 | 3d ago | Missing Authorization vulnerability in Paolo GeoDirectory allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GeoDirectory: from n/a through 2.8.157. | |||
| CVE-2026-38950 | high | 7.8 | 7.8 | 3d ago | An issue in ESA AnomalyMatch before 1.3.1 allow attackers to execute arbitrary code via crafted model checkpoint files. The affected components load model files from session directories using torch.l… | |||
| CVE-2026-37227 | high | 7.5 | 7.5 | 3d ago | FlexRIC v2.0.0 contains reachable assert(0) calls in stub message handlers for whitelisted but unimplemented E2AP message types in the near-RT RIC. A remote unauthenticated attacker can send a decoda… | |||
| CVE-2026-37225 | high | 7.5 | 7.5 | 3d ago | FlexRIC v2.0.0 crashes when the iApp receives an E42_RIC_SUBSCRIPTION_REQUEST with an empty ricEventTriggerDefinition field. The E42 layer decoder accepts this as valid, but the E2AP encoder asserts … | |||
| CVE-2026-37224 | high | 7.5 | 7.5 | 3d ago | FlexRIC v2.0.0 crashes when receiving a duplicate E2_SETUP_REQUEST from the same or spoofed E2 Node. The iApp registry enforces node ID uniqueness via assert() rather than graceful rejection. A remot… | |||
| CVE-2026-37223 | high | 7.5 | 7.5 | 3d ago | FlexRIC v2.0.0 contains a reachable assertion in the iApp message dispatcher. The dispatcher validates incoming E2AP messages against a 9-entry whitelist using assert(). A remote unauthenticated atta… | |||
| CVE-2026-37222 | high | 7.5 | 7.5 | 3d ago | FlexRIC v2.0.0 uses hardcoded assertions to validate Information Element (IE) counts in decoded E2AP messages. A remote unauthenticated attacker can send a valid E2AP PDU containing an unexpected num… | |||
| CVE-2026-10275 | medium | 5.0 | 5.0 | sles debian | 3d ago | A flaw has been found in OpenSC up to 0.26.1. This affects the function test_kpgen_certwrite of the file src/tools/pkcs11-tool.c of the component pkcs11-tool Key Generation Module. This manipulation … | ||
| CVE-2026-10274 | medium | 6.3 | 6.3 | 3d ago | A vulnerability was determined in indrasishbanerjee aem-mcp-server up to b5f833aef9b5dfd17a5991b3b18a8a11edbdc583. This impacts the function getAssetMetadata of the file src/mcp-server.ts of the comp… | |||
| CVE-2026-10273 | high | 7.3 | 7.3 | 3d ago | A vulnerability was found in php-censor up to 2.1.6. This affects an unknown function of the file src/Model/Build/GitBuild.php of the component Webhook Endpoint. Performing a manipulation of the argu… | |||
| CVE-2026-10272 | medium | 6.5 | 6.5 | 3d ago | A vulnerability has been found in a4m4 Student-Management-System up to f0c5f6842c5e8c431ff02b5260a565ca844df3a0. The impacted element is an unknown function of the file admin/deleteform.php. Such man… | |||
| CVE-2026-10271 | medium | 6.3 | 6.3 | 3d ago | A flaw has been found in a4m4 Student-Management-System up to f0c5f6842c5e8c431ff02b5260a565ca844df3a0. The affected element is an unknown function of the file admin/ of the component Admin Endpoint.… | |||
| CVE-2026-10270 | high | 7.5 | 7.5 | dlink | 3d ago | A vulnerability was detected in D-Link DI-7001 MINI up to 19.09.19A1. Impacted is the function sprintf of the file /httpd_debug.asp of the component API. The manipulation of the argument Time results… | ||
| CVE-2026-10269 | medium | 6.3 | 6.3 | 3d ago | A security vulnerability has been detected in decolua 9router up to 0.4.0. This issue affects the function isAuthenticated of the file src/dashboardGuard.js of the component HTTP Header Handler. The … | |||
| CVE-2026-10268 | low | 3.3 | 3.3 | 3d ago | A weakness has been identified in janet-lang janet up to 1.41.0. This vulnerability affects the function unmarshal_one_fiber of the file src/core/marsh.c. Executing a manipulation can lead to integer… | |||
| CVE-2026-10118 | high | 7.8 | 7.8 | FIX | debian | 3d ago | A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the `tilingPatte… | |
| CVE-2022-4991 | high | 7.4 | 7.4 | 3d ago | Tychon includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory that may be controllable by an unprivileged user on Windows. Tychon contains a privileged service that use… | |||
| CVE-2026-48865 | high | 7.1 | 7.1 | 3d ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress LearnPress allows Reflected XSS. This issue affects LearnPress: from n/a through 4.3.6. | |||
| CVE-2026-48839 | high | 7.1 | 7.1 | 3d ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs WP Statistics allows DOM-Based XSS. This issue affects WP Statistics: from n/a throug… | |||
| CVE-2026-48559 | medium | 5.4 | 5.4 | 3d ago | Lightweight Music Server (LMS) though 3.76.0 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary JavaScript by embedding malicious HTML in media file metad… | |||
| CVE-2026-42683 | high | 7.1 | 7.1 | 3d ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS allows DOM-Based XSS. This issue affects VikBooki… | |||
| CVE-2026-42681 | high | 7.1 | 7.1 | 3d ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in E2Pdf.Com e2pdf allows Reflected XSS. This issue affects e2pdf: from n/a through 1.32.14. | |||
| CVE-2026-37221 | high | 7.5 | 7.5 | 3d ago | FlexRIC v2.0.0 crashes when receiving a RIC_SUBSCRIPTION_RESPONSE with an unknown ric_id that has no corresponding pending event. The near-RT RIC uses assert() to enforce the existence of a pending e… | |||
| CVE-2026-37220 | high | 7.5 | 7.5 | 3d ago | FlexRIC v2.0.0 crashes when an SCTP association is closed before an E2_SETUP_REQUEST is sent. The near-RT RIC assumes a mapping between SCTP association and E2 node always exists in the cleanup path … | |||
| CVE-2026-10533 | medium | 5.0 | 5.0 | 3d ago | A flaw was found in OpenShift Container Platform. Completed pods with restartPolicy: Never do not count toward ResourceQuota pod limits, and Kubernetes events are not quota-scoped. A non-privileged u… | |||
| CVE-2026-10267 | low | 3.3 | 3.3 | 3d ago | A security flaw has been discovered in janet-lang janet up to 1.41.0. This affects the function doframe of the file src/core/debug.c. Performing a manipulation results in out-of-bounds read. Attackin… | |||
| CVE-2026-10265 | medium | 6.3 | 6.3 | 3d ago | A vulnerability was identified in itsourcecode Content Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/edit_topic.php. Such manipulation of the argument… | |||
| CVE-2026-10264 | low | 3.5 | 3.5 | 3d ago | A vulnerability was determined in lharries whatsapp-mcp 0.0.1. Affected by this vulnerability is the function SendMessageRequest of the file whatsapp-bridge/main.go of the component Send API Endpoint… | |||
| CVE-2026-10263 | high | 7.3 | 7.3 | 3d ago | A vulnerability was found in SourceCodester Computer Repair Shop Management System up to 1.0. Affected is an unknown function of the file /admin/products/manage_product.php. The manipulation of the a… | |||
| CVE-2026-10262 | high | 7.3 | 7.3 | 3d ago | A vulnerability has been found in code-projects Real State Services 1.0. This impacts an unknown function of the file /loginuser.php of the component Login. The manipulation of the argument Username … | |||
| CVE-2026-10261 | high | 7.3 | 7.3 | 3d ago | A flaw has been found in CodeAstro Online Job Portal 1.0. This affects an unknown function of the file /users/application_status.php. Executing a manipulation of the argument ID can lead to sql injec… | |||
| CVE-2026-10260 | high | 7.3 | 7.3 | 3d ago | A vulnerability was detected in CodeAstro Online Job Portal 1.0. The impacted element is an unknown function of the file /admin/jobs-admins/delete-jobs.php. Performing a manipulation of the argument … | |||
| CVE-2026-10259 | high | 8.8 | 8.8 | 3d ago | A security vulnerability has been detected in H3C Magic B0 up to 100R002. The affected element is the function SetMobileAPInfoById of the file /goform/aspForm. Such manipulation of the argument param… | |||
| CVE-2025-60495 | medium | 5.5 | 5.5 | debian | 3d ago | A segmentation violation in the gf_media_get_color_info function (/media_tools/isom_tools.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a … | ||
| CVE-2025-60486 | medium | 5.5 | 5.5 | debian | 3d ago | A heap use-after-free in the dasher_process function (/filters/dasher.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MPEG-2 file. | ||
| CVE-2025-60485 | medium | 5.5 | 5.5 | debian | 3d ago | A segmentation violation in the gf_isom_apple_set_tag_ex function (/isomedia/isom_write.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a cr… | ||
| CVE-2025-60483 | medium | 5.5 | 5.5 | debian | 3d ago | A NULL pointer dereference in the gf_ac4_pres_b_4_back_channels_present function (/media_tools/av_parsers.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) … | ||
| CVE-2025-60481 | medium | 5.5 | 5.5 | debian | 3d ago | A NULL pointer dereference in the gf_odf_ac4_cfg_dsi_v1 function (/odf/descriptors.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted… | ||
| CVE-2025-55664 | medium | 5.5 | 5.5 | debian | 3d ago | A heap buffer overflow in the m2tsdmx_send_packet function (filters/dmx_m2ts.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file. | ||
| CVE-2024-40646 | high | 8.6 | 8.6 | 3d ago | Vertex is a management tool for PT (Private Tracker) users to manage streaming and watching videos. Versions prior to commit fbde301b97986d5913fc4bc95f5445750d282e11 are vulnerable to path traversal.… | |||
| CVE-2026-9309 | medium | 5.4 | 5.4 | mozilla | 3d ago | Firefox for iOS Reader View did not properly escape HTML tags in JSON-LD metadata. A malicious page could inject markup that changed Reader View behavior and leaked sensitive URL parameters. These pa… | ||
| CVE-2026-9308 | medium | 5.4 | 5.4 | mozilla | 3d ago | Firefox for iOS Reader View replaced page content in its HTML template before replacing other internal placeholders. A malicious page could include a placeholder string that was later substituted wit… | ||
| CVE-2026-34193 | medium | 4.3 | 4.3 | 3d ago | Kernel software installed and running inside a Guest/Host VM may post improper commands to the GPU Firmware to trigger a write of data outside the intended GPU memory. A logic error in the address… | |||
| CVE-2026-10258 | medium | 6.3 | 6.3 | 3d ago | A weakness has been identified in itsourcecode Content Management System 1.0. Impacted is an unknown function of the file /admin/add_sub_topic.php. This manipulation of the argument topic_id causes s… | |||
| CVE-2026-10257 | medium | 6.3 | 6.3 | 3d ago | A security flaw has been discovered in itsourcecode Content Management System 1.0. This issue affects some unknown processing of the file /admin/update_ss_img.php. The manipulation of the argument to… | |||
| CVE-2026-10256 | medium | 6.3 | 6.3 | 3d ago | A vulnerability was identified in itsourcecode Content Management System 1.0. This vulnerability affects unknown code of the file /save_comment.php. The manipulation of the argument Name leads to sql… | |||
| CVE-2026-10255 | medium | 5.3 | 5.3 | 3d ago | A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected by this vulnerability is the function sell_statement of the file application/controllers/ShowForm.ph… | |||
| CVE-2026-10254 | medium | 5.3 | 5.3 | 3d ago | A flaw has been found in SourceCodester Pet Grooming Management Software 1.0. Affected is an unknown function of the file /admin/. This manipulation causes file and directory information exposure. Th… | |||
| CVE-2026-10253 | high | 7.3 | 7.3 | 3d ago | A vulnerability was detected in itsourcecode Online House Rental System 1.0. This impacts an unknown function of the file /manage_payment.php. The manipulation of the argument ID results in sql injec… | |||
| CVE-2026-10252 | high | 7.3 | 7.3 | 3d ago | A security vulnerability has been detected in itsourcecode Online House Rental System 1.0. This affects an unknown function of the file /manage_tenant.php. The manipulation of the argument ID leads t… |