EUVD-2026-16939

HTTP::Session versions through 0.53 for Perl defaults to using insecurely generated session ids. HTTP::Session defaults to using HTTP::Session::ID::SHA1 to generate session ids using a SHA-1 hash seeded with the built-in rand function, the high resolution epoch time, and the PID. The PID will com...

CVE-2026-3256

HTTP::Session versions through 0.53 for Perl defaults to using insecurely generated session ids. HTTP::Session defaults to using HTTP::Session::ID::SHA1 to generate session ids using a SHA-1 hash seeded with the built-in rand function, the high resolution epoch time, and the PID. The PID will com...

EUVD-2026-16921

A vulnerability was identified in Sinaptik AI PandasAI up to 0.1.4. Affected by this issue is the function deletequestionandanswers/deletedocs/updatequestionanswer/updatedocs/getrelevantquestionanswersbyid/getrelevantdocsbyid of the file extensions/ee/vectorstores/lancedb/pandasailancedb/lancedb....

CVE-2026-4996

CVE-2026-4996 affects Sinaptik AI PandasAI up to 0.1.4, specifically the pandasai-lancedb Extension’s lancedb.py functions (delete_question_and_answers/delete_docs/update_question_answer/update_docs/get_relevant_question_answers_by_id/get_relevant_docs_by_id). The issue is a SQL injection caused ...

EUVD-2026-16897

A vulnerability was detected in QDOCS Smart School Management System up to 7.2. The impacted element is an unknown function of the file /admin/enquiry of the component Admission Enquiry Module. Performing a manipulation of the argument Note results in cross site scripting. The attack is possible ...

SUSE CVE-2026-33192

Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. In versions prior to 1.4.2, the UDM incorrectly converts a downstream 400 Bad Request from UDR into a 500 Internal Server Error when handling PATCH requests with an empty supi path parameter...

[SECURITY] Fedora 44 Update: perl-XML-Parser-2.51-1.fc44

This module provides ways to parse XML documents. It is built on top of XML::Parser::Expat, which is a lower level interface to James Clark's expat library. Each call to one of the parsing methods creates a new instance of XML::Parser::Expat which is then used to parse the document. Expat options...

PT-2026-28276

Name of the Vulnerable Software and Affected Versions Amon2 versions prior to 6.17 Description Amon2 for Perl utilizes an insecure random string implementation in its security functions. Versions 6.06 through 6.16 attempt to use /dev/urandom, but fall back to a SHA-1 hash seeded with the built-in...

Linux Distros Unpatched Vulnerability : CVE-2026-33307

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Modgnutls is a TLS module for Apache HTTPD based on GnuTLS. In versions prior to 0.12.3 and 0.13.0, code for client certificate verification imported the...

NewStart CGSL MAIN 7.02 : python3.11 Vulnerability (NS-SA-2026-0034)

The remote NewStart CGSL host, running version MAIN 7.02, has python3.11 packages installed that are affected by a vulnerability: - There is a defect in the CPython tarfile module affecting the TarFile extraction and entry enumeration APIs. The tar implementation would process tar archives with...

Security update for salt (important)

openSUSE security update: security update for salt ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20412-1 Rating: important References: bsc1240532 bsc1246130 bsc1254325 bsc1254903 bsc1254904 bsc1254905 Cross-References: CVE-2025-13836 CVE-2025-6772...

SUSE SLES15 / openSUSE 15 Security Update : python312 (SUSE-SU-2026:1107-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1107-1 advisory. Update to Python 3.12.13: - CVE-2025-6075: quadratic complexity in os.path.expandvars bsc1252974. - CVE-2025-11468:...

CVE-2026-4991

A vulnerability was detected in QDOCS Smart School Management System up to 7.2. The impacted element is an unknown function of the file /admin/enquiry of the component Admission Enquiry Module. Performing a manipulation of the argument Note results in cross site scripting. The attack is possible ...

CVE-2026-33943

Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. In versions 15.10.0 through 20.8.7, a code injection vulnerability in ECMAScriptModuleCompiler allows an attacker to achieve Remote Code Execution RCE by injecting arbitrary JavaScript expressions insi...

CVE-2026-4991 QDOCS Smart School Management System Admission Enquiry enquiry cross site scripting

A vulnerability was detected in QDOCS Smart School Management System up to 7.2. The impacted element is an unknown function of the file /admin/enquiry of the component Admission Enquiry Module. Performing a manipulation of the argument Note results in cross site scripting. The attack is possible ...

CVE-2026-4991 QDOCS Smart School Management System Admission Enquiry enquiry cross site scripting

A vulnerability was detected in QDOCS Smart School Management System up to 7.2. The impacted element is an unknown function of the file /admin/enquiry of the component Admission Enquiry Module. Performing a manipulation of the argument Note results in cross site scripting. The attack is possible ...

CVE-2026-4991

CVE-2026-4991 affects QDOCS Smart School Management System (up to 7.2). The vulnerability resides in the Admission Enquiry Module’s /admin/enquiry, where manipulating the Note argument triggers cross-site scripting. This can be exploited remotely. The provided sources do not specify affected vend...

CVE-2026-4991

A vulnerability was detected in QDOCS Smart School Management System up to 7.2. The impacted element is an unknown function of the file /admin/enquiry of the component Admission Enquiry Module. Performing a manipulation of the argument Note results in cross site scripting. The attack is possible ...

CVE-2026-33943 Happy DOM ECMAScriptModuleCompiler: unsanitized export names are interpolated as executable code

Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. In versions 15.10.0 through 20.8.7, a code injection vulnerability in ECMAScriptModuleCompiler allows an attacker to achieve Remote Code Execution RCE by injecting arbitrary JavaScript expressions insi...

CVE-2026-33943 Happy DOM ECMAScriptModuleCompiler: unsanitized export names are interpolated as executable code

Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. In versions 15.10.0 through 20.8.7, a code injection vulnerability in ECMAScriptModuleCompiler allows an attacker to achieve Remote Code Execution RCE by injecting arbitrary JavaScript expressions insi...