CVE-2026-5811

A vulnerability was identified in SourceCodester Online Food Ordering System 1.0. Affected by this issue is the function saveproduct of the file /Actions.php of the component POST Parameter Handler. Such manipulation of the argument price leads to business logic errors. The attack may be performe...

CVE-2026-5913

Out of bounds read in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: Low...

CVE-2026-5898

The CVE-2026-5898 entry concerns a security UI issue in the Omnibox of Google Chrome on iOS (Chromium). The underlying problem is an incorrect security UI that could enable UI spoofing via a crafted HTML page, classified with a Chromium security severity of Low and a CVSS 3.1 base score of 4.3 (M...

CVE-2026-5894

Inappropriate implementation in PDF in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...

CVE-2026-5888

CVE-2026-5888 concerns Google Chrome/WebCodecs. The issue is described as an uninitialized use in WebCodecs that could allow a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. The vulnerability is categorized with a Medium severity in Chromi...

CVE-2026-5885

Insufficient validation of untrusted input in WebML in Google Chrome on Windows prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-5875

Policy bypass in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-5864

Heap buffer overflow in WebAudio in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

CVE-2026-5859

Integer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

CVE-2026-5805 code-projects Easy Blog Site contact_us.php sql injection

A weakness has been identified in code-projects Easy Blog Site up to 1.0. The impacted element is an unknown function of the file /users/contactus.php. Executing a manipulation of the argument Name can lead to sql injection. The attack can be launched remotely. The exploit has been made available...

opentelemetry-go: OTLP HTTP exporters read unbounded HTTP response bodies

overview: this report shows that the otlp HTTP exporters traces/metrics/logs read the full HTTP response body into an in-memory bytes.Buffer without a size cap. this is exploitable for memory exhaustion when the configured collector endpoint is attacker-controlled or a network attacker can mitm t...

JLSEC-2026-61

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation...

CVE-2026-39395

A flaw was found in Cosign, a tool for code signing and transparency for containers and binaries. A remote attacker could exploit this vulnerability by providing malformed payloads or attestations with mismatched predicate types. This could lead to Cosign erroneously reporting a "Verified OK"...

Sonatype Nexus Repository 安全漏洞

Sonatype Nexus Repository is a repository manager developed by Sonatype, Inc. in the United States. It is primarily used for managing, storing, and distributing software. Versions of Sonatype Nexus Repository 3.90.2 and earlier contain security vulnerabilities. These vulnerabilities stem from...

PT-2026-31447

A security flaw has been discovered in bigsk1 openai-realtime-ui up to 188ccde27fdf3d8fab8da81f3893468f53b2797c. The affected element is an unknown function of the file server.js of the component API Proxy Endpoint. Performing a manipulation of the argument Query results in server-side request...

CVE-2026-5671

A vulnerability was determined in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. Impacted is an unknown function of the file /admin/class%20schedule/deletebatch.php of the component Class Schedule Deletion Endpoint. Executing a manipulation of the argument bat...

CVE-2026-5676

A vulnerability was identified in Totolink A8000R 5.9c.681B20180413. This issue affects the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument langType leads to missing authentication. The attack can be launched remotely. The exploit is publicly available...

OpenTelemetry-Go: multi-value `baggage` header extraction causes excessive allocations (remote dos amplification)

multi-value baggage: header extraction parses each header field-value independently and aggregates members across values. this allows an attacker to amplify cpu and allocations by sending many baggage: header lines, even when each individual value is within the 8192-byte per-value parse limit...

CVE-2026-33034

A flaw was found in Django. A remote attacker can exploit this vulnerability by sending ASGI Asynchronous Server Gateway Interface requests with a missing or understated Content-Length header. This allows the attacker to bypass the DATAUPLOADMAXMEMORYSIZE limit, leading to an unbounded request bo...

CVE-2026-5669

A vulnerability has been found in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This vulnerability affects unknown code of the file /login.php of the component Parameter Handler. Such manipulation of the argument Password leads to sql injection. It is possibl...