SUSE CVE-2026-11251

Insufficient policy enforcement in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass discretionary access control via a crafted HTML page. Chromium security severity: Low...

SUSE CVE-2026-11257

Inappropriate implementation in Browser in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...

EUVD-2026-34984

A vulnerability was found in Tiobon Employee Self-Service System up to 7.2. Affected by this vulnerability is an unknown functionality of the file /Blog/BlogSearch.aspx of the component Login Endpoint. The manipulation of the argument Keyword results in sql injection. The attack can be launched...

Adobe Experience Manager - Expression Language Injection

Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 has an expression language injection vulnerability. id: CVE-2019-16469 info: name: Adobe Experience Manager - Expression Language Injection author: DomenicoVeneziano severity: high description: | Adobe Experience Manager versions...

CVE-2026-45779

OpenXDMoD is an open framework for collecting and analyzing HPC metrics. An SQL injection vulnerability exists in Open XDMoD versions prior to 10.0.3 that allows an unauthenticated remote attacker to execute arbitrary SQL statements. Exploitation requires no authentication or user interaction and...

CVE-2026-11435 Jinher OA nextselectplan.aspx sql injection

A security vulnerability has been detected in Jinher OA 1.0. This affects an unknown function of the file nextselectplan.aspx. Such manipulation of the argument httpOID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor...

php security update

An update is available for php. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list PHP is an HTML-embedded scripting language commonly used with the Apache HTTP...

Xdebug <= 2.5.5 - Command Injection

Xdebug = 2.5.5 contains an unauthenticated command injection caused by accepting debugger protocol commands without authentication when remote debugging is enabled, letting remote attackers execute arbitrary PHP code and system commands, exploit requires remote debugging enabled. id: CVE-2015-101...

CVE-2026-10958

Use after free in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

RHEL 10 : php (RHSA-2026:23388)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:23388 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: PHP: PHP: Denial of Service via...

RHEL 10 : image-builder (RHSA-2026:22937)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:22937 advisory. A local binary for building customized OS artifacts such as VM images and OSTree commits. Uses osbuild under the hood. Security Fixes:...

CVE-2026-6448

The CVE-2026-6448 entry concerns the WordPress plugin Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker. All versions up to 11.1.2 are listed as vulnerable to time-based blind SQL Injection via the order parameter due to insufficient escaping and improper query preparation. The issue enab...

CVE-2026-10802

A vulnerability was detected in keystonejs keystone up to 20260319. This vulnerability affects unknown code in the library packages/core/src/lib/core/queries/output-field.ts of the component GraphQL API Endpoint. The manipulation results in resource consumption. It is possible to launch the attac...

CVE-2026-42480

A stack-based out-of-bounds read vulnerability in VrmlDataScene::ReadLine in the VRML parser in Open CASCADE Technology OCCT V800rc5 allows attackers to cause a denial of service via a crafted VRML file. The issue occurs because the quoted-string escape handler uses ptr++anOffset without proper...

CVE-2026-42479

An out-of-bounds read vulnerability in VrmlDataIndexedLineSet::TShape in the VRML parser in Open CASCADE Technology OCCT V800rc5 allows attackers to cause a denial of service via a crafted VRML file. The issue occurs because coordIndex values from parsed input are used as direct array indices...

CVE-2026-46473

Authen::TOTP versions before 0.1.1 for Perl generate secrets using rand. Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage...

CVE-2026-37600

SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the file /scheduler/admin/appointments/viewdetails.php...

CVE-2026-31236

The llm CLI tool thru 0.27.1 contains a critical code injection vulnerability via its --functions command-line argument. This argument is intended to allow users to provide custom Python function definitions. However, the tool directly executes the provided code using the unsafe exec function...

CVE-2026-31380

Improper Neutralization of Special Elements used in an Expression Language Statement 'Expression Language Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

CVE-2026-44242

Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily testable JVM applications. Prior to 4.10.22, the bundleCache is keyed by Locale, baseName where the locale originates from the HTTP Accept-Language header. In applications that explicitly register a...