CVE-2026-28553

CVE-2026-28553 describes an improper permission control in the theme setting module. The vulnerability is reported as affecting confidentiality with a CVSS v3.1 base score of 6.9 (MEDIUM). Exploitation requires local access and user interaction, with high attack complexity and no privileges requi...

CVE-2026-34860

Access control vulnerability in the memo module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality...

CVE-2026-34860

Technical details about CVE-2026-34860 are not publicly available in the provided documents. Monitor for updates from vendors and security trackers to obtain affected products, impact specifics, and remediation.

CVE-2026-34860

Access control vulnerability in the memo module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality...

CVE-2026-34860

Access control vulnerability in the memo module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality...

CVE-2026-34851

Race condition vulnerability in the event notification module. Impact: Successful exploitation of this vulnerability may affect availability...

CVE-2026-34851

Race condition vulnerability in the event notification module. Impact: Successful exploitation of this vulnerability may affect availability...

CVE-2026-34851

Race condition vulnerability in the event notification module. Impact: Successful exploitation of this vulnerability may affect availability...

CVE-2026-34851

CVE-2026-34851 is described as a race condition in the event notification module with availability impact. Public sources (NVD) list CVSSv3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (base 7.5, HIGH). Huawei CNA notes a lower local-impact vector (AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L, base 2.2, LOW). E...

perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files

A flaw was found in XML::Parser, a Perl module for parsing XML. This vulnerability, an off-by-one heap buffer overflow, occurs when processing an XML file with very deep element nesting. A remote attacker could exploit this by providing a specially crafted XML file, potentially leading to memory...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. An out-of-bounds write vulnerability exists in the Huawei HarmonyOS WEB module, which can be exploited by an attacker to compromise confidentiality and...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A memory misreference vulnerability exists in the Huawei HarmonyOS communication module, which can be exploited by an attacker to cause availability to be...

PT-2026-32250

UAF vulnerability in the communication module. Impact: Successful exploitation of this vulnerability may affect availability...

PT-2026-32252

UAF vulnerability in the kernel module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality...

PT-2026-32249

Out-of-bounds write vulnerability in the kernel module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality...

CVE-2026-26460

CVE-2026-26460 describes an HTML Injection vulnerability in the Dashboard module of Vtiger CRM 8.4.0 . The issue arises because user input in the tabid parameter of the DashBoardTab view (getTabContents action) is not properly neutralized, allowing an attacker to inject arbitrary HTML that gets r...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a zero-division error in the rtscmin function of the schhfsc module, potentially leading to a...

CVE-2026-36952

Sourcecodester Online Thesis Archiving System v1.0 is vulnerable to SQL injection in the file /otas/admin/curriculum/manage_curriculum.php (CVE-2026-36952). The connected documents consistently describe the same issue, with no exploit details, affected version beyond v1.0, or remediation steps pr...

📄 OpenSTAManager 2.9.8 SQL Injection

OpenSTAManager versions 2.9.8 and below suffer from a remote SQL injection vulnerability in the Scadenzario bulk operations module. CVE-2026-24418: OpenSTAManager has a SQL Injection vulnerability in the Scadenzario bulk operations module Overview | Field | Details | |---|---| | CVE ID |...

📄 OpenSTAManager 2.9.8 SQL Injection

OpenSTAManager versions 2.9.8 and below suffer from a remote SQL injection vulnerability in the Prima Nota module. CVE-2026-24419: OpenSTAManager has a SQL Injection in the Prima Nota module Overview | Field | Details | |---|---| | CVE ID | CVE-2026-24419 | | Severity | HIGH | | Advisory | View...