CVE-2026-11530

A vulnerability was identified in imvks786 studentmanagementsystem up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. This affects an unknown function of the file /index.ph of the component Login. Such manipulation of the argument usr/pwd leads to sql injection. The attack can be executed remotely...

CVE-2026-48851

PuTTY 0.77 before 0.84 uses a copy of the PuTTY icon as a trust indication for TELNET data but the trust status is not cleared between proxy authentication and the main session...

PT-2026-42850

Name of the Vulnerable Software and Affected Versions Microsoft SharePoint Server Subscription Edition versions prior to 16.0.19725.20280 Microsoft SharePoint Server 2019 versions prior to 16.0.10417.20128 Microsoft SharePoint Enterprise Server 2016 versions prior to 16.0.5552.1002 Description...

CVE-2026-43205

A flaw was found in the Linux kernel dpaa2-switch driver. This out-of-bounds write vulnerability occurs because the driver does not validate the numifs value reported by the firmware against the DPSWMAXIF limit. A highly privileged attacker, capable of influencing the DPAA2 firmware or management...

CVE-2026-5577

A vulnerability has been found in Song-Li crossbrowser up to ca690f0fe6954fd9bcda36d071b68ed8682a786a. This affects an unknown part of the file flask/uniquemachineapp.py of the component details Endpoint. Such manipulation of the argument ID leads to sql injection. The attack can be executed...

PT-2026-30446

Name of the Vulnerable Software and Affected Versions Song-Li cross browser up to ca690f0fe6954fd9bcda36d071b68ed8682a786a Description A vulnerability exists in Song-Li cross browser, potentially allowing for SQL injection. The issue affects an unknown part of the flask/uniquemachine app.py file...

CVE-2026-23322

In the Linux kernel, the following vulnerability has been resolved: ipmi: Fix use-after-free and list corruption on sender error The analysis from Breno: When the SMI sender returns an error, smiwork delivers an error response but then jumps back to restart without cleaning up properly: 1...

CVE-2026-23262

A memory corruption vulnerability was found in the Linux kernel's Google Virtual Ethernet gve driver. The driver and NIC share a memory region for statistics reporting, with the NIC calculating its write offset based on the region size. When queue count is increased, the driver resizes the stats...

CVE-2026-23251

A NULL pointer dereference vulnerability was found in the Linux kernel's XFS filesystem. The xfarraydestroy and xfblobdestroy functions are called without checking if the pointer is valid. When these destructors are invoked on NULL pointers during cleanup paths, a kernel crash occurs. The fix add...

CVE-2026-32627

A flaw was found in cpp-httplib. When a client is configured with a proxy and setfollowlocationtrue, any HTTPS redirect it follows will have TLS certificate and hostname verification silently disabled on the new connection. The client will accept any certificate presented by the redirect target...

CVE-2026-4010

A vulnerability was found in ThakeeNathees pocketlang up to cc73ca61b113d48ee130d837a7a8b145e41de5ce. The affected element is the function pkByteBufferAddString. The manipulation of the argument length with the input 4294967290 results in memory corruption. The attack requires a local approach. T...

CVE-2026-2800

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Spoofing issue in the WebAuthn component in Firefox for Android...

CVE-2026-2769

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the Storage: IndexedDB component...

CVE-2026-27318

Not used...

CVE-2026-23182

In the Linux kernel, the following vulnerability has been resolved: spi: tegra: Fix a memory leak in tegraslinkprobe In tegraslinkprobe, when platformgetirq fails, it directly returns from the function with an error code, which causes a memory leak. Replace it with a goto label to ensure proper...

CVE-2026-23181

A race condition was found in the Linux kernel's Btrfs filesystem when reading the disk superblock. If a user changes the block device's block size via BLKBSZSET ioctl while Btrfs is mounting, the inconsistency between folio allocation and the new block size can trigger a VMBUGON assertion or NUL...

CVE-2026-2246

A security vulnerability has been detected in AprilRobotics apriltag up to 3.4.5. Affected by this vulnerability is the function apriltagdetectordetect of the file apriltag.c. The manipulation leads to memory corruption. The attack must be carried out locally. The exploit has been disclosed...

CVE-2026-2184

A vulnerability was detected in Great Developers Certificate Generation System up to 97171bb0e5e22e52eacf4e4fa81773e5f3cffb73. This vulnerability affects unknown code of the file /restructured/csv.php. The manipulation of the argument photo results in os command injection. The attack can be...

CVE-2026-2078

A vulnerability was detected in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function addPermission/updatePermission/deletePermission of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\PermissionController.java of the component...

CVE-2026-23089

A use-after-free vulnerability was found in the Linux kernel's USB audio driver. When sndusbcreatemixer fails, sndusbmixerfree frees mixer-idelems while controls already added to the sound card still reference this memory. When sndcardregister later runs, the OSS mixer layer invokes callbacks on...