EUVD-2026-25851

A weakness has been identified in SourceCodester Pharmacy Sales and Inventory System 1.0. This vulnerability affects unknown code of the file /ajax.php?action=deletereceiving. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has...

CVE-2026-31955 Xibo CMS has Authenticated Server-Side Request Forgery (SSRF) in Remote DataSet Functionality

Xibo is an open source digital signage platform with a web content management system and Windows display player software. An authenticated Server-Side Request Forgery SSRF vulnerability in versions prior to 4.4.1 allows users with DataSet permissions to make arbitrary HTTP requests from the CMS...

CVE-2026-39842

OpenRemote is an open-source IoT platform. Versions 1.21.0 and below contain two interrelated expression injection vulnerabilities in the rules engine that allow arbitrary code execution on the server. The JavaScript rules engine executes user-supplied scripts via Nashorn's ScriptEngine.eval...

CVE-2026-31425

In the Linux kernel, the following vulnerability has been resolved: rds: ib: reject FRMR registration before IB connection is established rdsibgetmr extracts the rdsibconnection from conn-ctransportdata and passes it to rdsibregfrmr for FRWR memory registration. On a fresh outgoing connection, ic...

CVE-2026-31262

Cross Site Scripting vulnerability in Altenar Sportsbook Software Platform SB2 v.2.0 allows a remote attacker to obtain sensitive information and execute arbitrary code via the URL parameter...

CVE-2026-31262

CVE-2026-31262 is a Cross Site Scripting vulnerability in Altenar Sportsbook Software Platform (SB2) version 2.0. The entry states that a remote attacker can obtain sensitive information and execute arbitrary code via a URL parameter. Connected documents consistently describe the issue as XSS in ...

CVE-2026-1491 Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 IBM Security Verify could allow a remote attacker to access sensitive...

CVE-2026-1491

CVE-2026-1491 : IBM Security Verify-related products are affected by an HTTP request handling issue in reverse proxies that could allow a remote attacker to access sensitive information. Affected are IBM Verify Identity Access Container (11.0–11.0.2), IBM Security Verify Access Container (10.0–10...

CVE-2026-2862

CVE-2026-2862 : IBM security products IBM Verify Identity Access Container (11.0–11.0.2) and IBM Security Verify Access Container (10.0–10.0.9.1) are affected by an issue where an inconsistent interpretation of an HTTP request by a reverse proxy could allow a remote attacker to access sensitive i...

Qnap QTS and QuTS hero Improper Neutralization of CRLF Sequences (CVE-2024-14026)

An improper neutralization of CRLF sequences 'CRLF Injection' vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify application data. We have already fixed the...

Google Chrome 输入验证错误漏洞

Google Chrome is a web browser developed by Google Inc. In versions prior to 146.0.7680.153, there was a vulnerability related to input validation. This vulnerability stemmed from an integer overflow in the Dawn component of the browser’s Mac system, which could allow remote attackers to exploit...

ROS-20260319-73-0011

A vulnerability in the inhttp, insplunk and inelasticsearch plugins of the Fluent Bit log collection and processing tool is related to incorrect input data type validation when processing the tagkey parameter. Exploitation of the vulnerability could allow an attacker acting remotely to disclose a...

CVE-2026-3152

A flaw has been found in itsourcecode College Management System 1.0. This issue affects some unknown processing of the file /admin/teacher-salary.php. This manipulation of the argument teacherid causes sql injection. It is possible to initiate the attack remotely. The exploit has been published a...

Parse Dashboard 访问控制错误漏洞

Parse Dashboard is an dashboard tool open source by the Parse Platform. Versions of Parse Dashboard from 7.3.0-alpha.42 to 9.0.0-alpha.7 contain access control vulnerability issues. This vulnerability stems from multiple security vulnerabilities in the AI Agent API endpoints, which may allow...

Cisco Catalyst SD-WAN Manager（Cisco SD-WAN vManage） 信息泄露漏洞

Cisco Catalyst SD-WAN Manager Cisco SD-WAN vManage is a highly customizable dashboard provided by the American company Cisco. It simplifies and automates the deployment, configuration, management, and operation of Cisco SD-WAN. Cisco Catalyst SD-WAN Manager has a vulnerability related to...

VulnCheck KEV: CVE-2021-39152

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. ...

Security Bulletin: IBM Integration Designer is vulnerable to improper access control (CVE-2026-21945, CVE-2026-21932, CVE-2026-21933, CVE-2026-21925 )

Summary Vulnerability in the IBM® Runtime Environment Java™ Version 8 used by IBM Integration Designer. IBM Integration Designer has addressed the following CVEs. Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is vulnerable to a denial of service, caused by an easily exploitable...

CVE-2025-57713

A weak authentication vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to gain sensitive information. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5166 and later...

ROS-20260209-73-0023

A vulnerability in the Zlib protocol implementation of the MongoDB database management system is related to improper handling of a length parameter mismatch. Exploitation of the vulnerability could allow a remote attacker to disclose protected information...

CVE-2020-37163 QuickDate 1.3.2 - SQL Injection

QuickDate 1.3.2 contains a SQL injection vulnerability that allows remote attackers to manipulate database queries through the 'located' parameter in the findmatches endpoint. Attackers can inject UNION-based SQL statements to extract database information including user credentials, database name...