CVE-2026-31707

A flaw was found in the Linux kernel's ksmbd component. A remote attacker could exploit an integer overflow vulnerability when the system processes specially crafted daemon responses. This manipulation of data sizes can bypass internal security checks, leading to memory corruption. Such an issue...

CVE-2026-7592

A weakness has been identified in itsourcecode Courier Management System 1.0. This affects an unknown function of the file /editstaff.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public...

CVE-2026-7587

Open5GS AMF vulnerable in function amf_nsmf_pdusession_handle_update_sm_context (in /src/amf/nsmf-handler.c) up to version 2.7.7. The manipulation can cause a denial of service and is remotely initiable. The exploit has been disclosed publicly. No remediation or patch details are provided in the ...

CVE-2026-7585

A vulnerability was determined in Open5GS up to 2.7.7. The impacted element is the function amfnudmsdmhandleprovisioned of the file /src/amf/nudm-handler.c of the component AMF. Executing a manipulation can lead to denial of service. The attack can be launched remotely. The exploit has been...

CVE-2026-7581

The CVE describes a vulnerability in alexta69 MeTube up to 2026.04.09, affecting the CORS Policy implementation (function on_prepare in app/main.py). The issue results in a permissive cross-domain policy that can interact with untrusted domains and is exploitable remotely. A public exploit is ind...

CVE-2026-7554

A vulnerability was determined in D-Link M60 up to 1.20B02. Affected by this issue is some unknown functionality of the file /usr/bin/httpd. This manipulation causes weak password recovery. The attack can be initiated remotely. A high degree of complexity is needed for the attack. The exploitatio...

EUVD-2026-26480

A vulnerability was determined in D-Link M60 up to 1.20B02. Affected by this issue is some unknown functionality of the file /usr/bin/httpd. This manipulation causes weak password recovery. The attack can be initiated remotely. A high degree of complexity is needed for the attack. The exploitatio...

CVE-2026-7550

CVE-2026-7550 affects SourceCodester Pharmacy Sales and Inventory System 1.0. The vulnerability is in an unknown function of the file /ajax.php?action=save_customer where manipulation of the argument ID leads to an SQL injection. It is exploitable remotely and the exploit has been disclosed publi...

CVE-2026-7549 SourceCodester Pharmacy Sales and Inventory System ajax.php delete_customer sql injection

A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts an unknown function of the file /ajax.php?action=deletecustomer. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been...

SUSE CVE-2026-3833

A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of nameConstraints labels, specifically for dNSName DNS or rfc822Name email constraints within excludedSubtrees or permittedSubtrees. A remote attacker can exploit this by crafting a leaf...

CVE-2026-7536 Open5GS BSF pcfBindings bsf_sess_add_by_ip_address denial of service

A vulnerability was determined in Open5GS up to 2.7.7. This vulnerability affects the function bsfsessaddbyipaddress of the file /nbsf-management/v1/pcfBindings of the component BSF. Executing a manipulation of the argument ipv4Addr can lead to denial of service. The attack can be launched...

CVE-2026-7536

A vulnerability was determined in Open5GS up to 2.7.7. This vulnerability affects the function bsfsessaddbyipaddress of the file /nbsf-management/v1/pcfBindings of the component BSF. Executing a manipulation of the argument ipv4Addr can lead to denial of service. The attack can be launched...

CVE-2026-7535

A vulnerability was found in Open5GS up to 2.7.7. This affects the function amfnamfcommhandleregistrationstatusupdaterequest in the library /lib/app/ogs-init.c of the file /namf-comm/v1/ue-contexts/ueContextId/transfer-update. Performing a manipulation of the argument ueContextId results in denia...

CVE-2026-37539

Buffer overflow vulnerability in cannelloni v2.0.0 in CAN frame parsing in parser.cpp in function parseCANFrame, and decoder.cpp in function decodeFrame allowing remote attackers to cause a denial of service crash or possibly execute arbitrary code via crafted CAN FD frames...

CVE-2026-37554

An issue was discovered in Vanetza V2X v26.02 allowing remote unauthorized attackers to cause a denial of service. The vulnerability exists in the GeoNetworking packet processing pipeline where OpenSSL exceptions from ECC point validation invalid compressed point, point not on curve are not...

maccms_pro 访问控制错误漏洞

Maccmspro is a content management system developed by Maccmspro’s individual developers. Versions of Maccmspro prior to 2022.1.3 had an access control vulnerability. This vulnerability stemmed from an unlimited upload issue in the install function of the file/admi.php/admin/addon/add.html within...

PT-2026-36531

A vulnerability was found in ggerve coding-standards-mcp. This issue affects the function get style guide/get best practices of the file server.py. The manipulation of the argument Language results in path traversal. It is possible to launch the attack remotely. The exploit has been made public a...

PT-2026-36536

Name of the Vulnerable Software and Affected Versions astro-mcp-server versions prior to 1.1.2 Description A flaw in the MCP Tool Query Construction component, specifically within a function in the src/index.ts file, allows for remote SQL injection. This occurs when the request.params.arguments...

PT-2026-36495

Name of the Vulnerable Software and Affected Versions Open5GS versions prior to 2.7.8 Description A remote denial of service can be triggered through the manipulation of the amf nudm sdm handle provisioned function located in the /src/amf/nudm-handler.c file within the AMF component...

EUVD-2026-26465

A vulnerability has been found in UTT HiPER 1200GW up to 2.5.3-170306. The impacted element is the function strcpy of the file /goform/formRemoteControl. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used...