CVE-2026-5274

CVE-2026-5274 is a Chrome/Chromium vulnerability: an integer overflow in Codecs allows a remote attacker to perform arbitrary read/write through a crafted HTML page. Affected software includes Google Chrome prior to version 146.0.7680.178 (with references to Chromium fixes). The issue is describe...

Astra Linux – Vulnerability in Chromium

Before version 146.0.7680.75, using Skia in Google Chrome allowed a remote attacker to perform out-of-bounds memory access through a crafted HTML page. Chromium security severity: High...

Astra Linux – Vulnerability in Chromium

Inappropriate implementation in File input in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

Astra Linux – Vulnerability in Chromium

Integer overflow in Skia in Google Chrome prior to version 145.0.7632.159 allowed a remote attacker to potentially perform out-of-bounds memory access through a crafted HTML page. Chromium security severity: Critical...

Astra Linux – Vulnerability in Chromium

Using “after free” in Ozone in Google Chrome before version 145.0.7632.45 allowed a remote attacker who convinced a user to perform certain UI gestures to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: Medium...

CVE-2026-5248 gougucms User Registration Login.php reg_submit dynamically-determined object attributes

A vulnerability has been found in gougucms 4.08.18. This affects the function regsubmit of the file gougucms-master\app\home\controller\Login.php of the component User Registration Handler. Such manipulation of the argument level leads to dynamically-determined object attributes. The attack may b...

CVE-2026-5248

Summary : CVE-2026-5248 affects gougucms 4.08.18, specifically the function reg_submit in gougucms-master\app\home\controller\Login.php (User Registration Handler). The issue involves manipulation of the argument level that leads to dynamically-determined object attributes, enabling a potential r...

EUVD-2026-17731

A security flaw has been discovered in itsourcecode Payroll Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /manageuser.php of the component Parameter Handler. Performing a manipulation of the argument ID results in sql injection. The attack is possib...

PT-2026-29553

A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with administrative privileges to conduct a stored XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker could...

PT-2026-29551

A vulnerability in the web-based management interface of Cisco IMC could allow an unauthenticated, remote attacker to conduct a reflected XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by...

PT-2026-29618

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow a remote attacker to conduct phishing attacks, caused by an...

PT-2026-29638

A vulnerability has been found in Nothings stb up to 2.30. This issue affects the function stbi gif load next in the library stb image.h of the component GIF Decoder. Such manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public an...

ROS-20260401-73-0028

Vulnerability in libpng12 related to buffer copying without checking input size. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20260401-73-0043

Vulnerability in pdns-recursor related to unrestricted resource allocation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20260401-73-0032

Vulnerability in libpng15 related to buffer copying without checking input size. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

Cisco IOS XE Software Secure Channel for Meraki Information Disclosure (cisco-sa-iosxe_infodis-6J847uEB)

According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability. - A vulnerability in Cisco IOS XE Software for Cisco Meraki could allow a remote, unauthenticated attacker to view confidential device information. This vulnerability is due to a device configuration...

ROS-20260401-73-0030

Vulnerability in libpng related to buffer copying without checking input size. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

CVE-2026-5240

A security vulnerability has been detected in code-projects BloodBank Managing System 1.0. This affects an unknown part of the file /adminstate.php. The manipulation of the argument statename leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been...

CVE-2026-5240

CVE-2026-5240 affects code-projects BloodBank Managing System 1.0. The issue arises in an unknown part of /admin_state.php where manipulating the statename argument causes a cross-site scripting (XSS) vulnerability. The description notes remote initiation and that the exploit has been publicly di...

CVE-2026-5238

Affects itsourcecode Payroll Management System 1.0. The vulnerability exists in the Parameter Handler’s view_employee.php, where manipulating the ID parameter leads to SQL injection. This is a remote exploit with public proof-of-concept; CVSS metrics indicate high impact (network access, no authe...