ROS-20260129-73-0040

A vulnerability in the libpq library of the PostgreSQL database management system is related to integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20260129-73-0036

A vulnerability in the libpq library of the PostgreSQL database management system is related to integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20260129-73-0037

A vulnerability in the libpq library of the PostgreSQL database management system is related to integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20260129-73-0052

A vulnerability in the Canvas and WebGL interfaces of Mozilla Firefox, Firefox ESR and Thunderbird email client is related to insufficient checking for unusual or exceptional states. Exploitation of the vulnerability could allow an attacker acting remotely to bypass the sandbox protection mechani...

PT-2026-5325

Name of the Vulnerable Software and Affected Versions Bdtask Bhojon All-In-One Restaurant Management System versions prior to 20260117 Description A business logic error exists in the Add-to-Cart Submission Endpoint. The backend accepts user-controlled pricing values without validating them again...

CVE-2026-1546 jishenghua jshERP com.jsh.erp.datasource.mappers.DepotItemMapperEx importItemExcel getBillItemByParam sql injection

A security vulnerability has been detected in jishenghua jshERP up to 3.6. The impacted element is the function getBillItemByParam of the file /jshERP-boot/depotItem/importItemExcel of the component com.jsh.erp.datasource.mappers.DepotItemMapperEx. The manipulation of the argument barCodes leads ...

CVE-2026-1545 itsourcecode School Management System index.php sql injection

A weakness has been identified in itsourcecode School Management System 1.0. The affected element is an unknown function of the file /course/index.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been made availab...

CVE-2026-1535 code-projects Online Music Site AdminReply.php sql injection

A security vulnerability has been detected in code-projects Online Music Site 1.0. This impacts an unknown function of the file /Administrator/PHP/AdminReply.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

CVE-2026-1522

A weakness has been identified in Open5GS up to 2.7.6. This vulnerability affects the function sgwcs5chandlemodifybearerresponse of the file src/sgwc/s5c-handler.c of the component SGWC. Executing a manipulation can lead to denial of service. The attack can be launched remotely. The exploit has...

CVE-2026-1521 Open5GS SGWC s5c-handler.c denial of service

A security flaw has been discovered in Open5GS up to 2.7.6. This affects the function sgwcs5chandlebearerresourcefailureindication of the file src/sgwc/s5c-handler.c of the component SGWC. Performing a manipulation results in denial of service. The attack can be initiated remotely. The exploit ha...

CVE-2026-1520 rethinkdb Secondary Index cross site scripting

A vulnerability was identified in rethinkdb up to 2.4.3. Affected by this issue is some unknown functionality of the component Secondary Index Handler. Such manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit is publicly available and might be use...

openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing

A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service DoS by providing a specially crafted, malformed PKCS12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12itemdecryptd2iex function when...

EUVD-2025-206495

An issue in Amidaware Inc Tactical RMM v1.3.1 and before allows a remote attacker to execute arbitrary code via the /api/tacticalrmm/apiv3/views.py component...

CVE-2025-69517

CVE-2025-69517 involves Amidaware Inc Tactical RMM v1.3.1 and earlier. A remote HTML injection occurs when creating a new agent via POST /api/v3/newagent/; the agent_id field (max 255 chars) is sanitized with DOMPurify.sanitize() with html: true, which does not filter HTML adequately. The injecte...

ROS-20260128-73-0029

A vulnerability in the net component of the Linux kernel is related to buffer copying without input validation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

PT-2026-5228

Name of the Vulnerable Software and Affected Versions itsourcecode School Management System version 1.0 Description A weakness exists in itsourcecode School Management System 1.0. The issue involves a SQL injection that can be triggered by manipulating the ID argument in the /course/index.php fil...

CVE-2026-22773

A flaw was found in vLLM, an inference and serving engine for large language models LLMs. A remote attacker can exploit this vulnerability by sending a specially crafted 1x1 pixel image to a vLLM engine serving multimodal models that use the Idefics3 vision model implementation. This leads to a...

CVE-2020-36946 SyncBreeze 10.0.28 - 'login' Denial of Service

SyncBreeze 10.0.28 contains a denial of service vulnerability in the login endpoint that allows remote attackers to crash the service. Attackers can send an oversized payload in the login request to overwhelm the application and potentially disrupt service availability...

EUVD-2025-206407

A low privileged remote attacker can execute arbitrary code by sending specially crafted calls to the web service of the Device Manager or locally via an API and can cause integer overflows which then may lead to arbitrary code execution within privileged processes...

CVE-2026-1424

A vulnerability was identified in PHPGurukul News Portal 1.0. This affects an unknown part of the component Profile Pic Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit is publicly available and might be used...