241458 matches found
CVE-2026-11636
Use after free in Autofill in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...
Insufficient Verification of Data Authenticity
Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the DnsResolveContext.AuthoritativeNameServerListadd function. An attacker can inject malicious NS and A records into the DNS cache by controlling an authoritative name server for a...
GHSA-676X-F7GG-47VC Netty Vulnerable to DNS Cache Poisoning via Missing Bailiwick Checks in CNAME Records
Summary Netty's DnsResolveContext fails to validate the origin bailiwick of CNAME records in DNS responses. Details In io.netty.resolver.dns.DnsResolveContextbuildAliasMap, the resolver processes the ANSWER section of a DNS response and blindly caches all CNAME records it finds. According to...
Insufficient Verification of Data Authenticity
Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity due to missing validation of the origin of CNAME records in DNS responses within the DnsResolveContext function. An attacker can inject unauthorized DNS records by supplying malicious DNS...
Netty Vulnerable to DNS Cache Poisoning via Missing Bailiwick Checks in CNAME Records
Summary Netty's DnsResolveContext fails to validate the origin bailiwick of CNAME records in DNS responses. Details In io.netty.resolver.dns.DnsResolveContextbuildAliasMap, the resolver processes the ANSWER section of a DNS response and blindly caches all CNAME records it finds. According to...
Generation of Predictable Numbers or Identifiers
Overview Affected versions of this package are vulnerable to Generation of Predictable Numbers or Identifiers due to the use of a predictable pseudo-random number generator for DNS transaction IDs and a default static UDP source port in the DNS resolution process. An attacker can redirect network...
CVE-2026-9669 bz2.BZ2Decompressor reuse after error can cause a stack buffer overflow
bz2.BZ2Decompressor objects could be reused after a decompression error. If an application caught the resulting OSError and retried with the same decompressor, crafted input could cause the decompressor to resume from an invalid internal state and perform out-of-bounds writes to a stack buffer...
CVE-2026-11585
A vulnerability was determined in CodeAstro Student Attendance Management System 1.0. Affected is an unknown function of the file /attendance-php/Admin/createClassArms.php. This manipulation of the argument classId causes sql injection. The attack can be initiated remotely. The exploit has been...
CVE-2026-11584
A vulnerability was found in CodeAstro Student Attendance Management System 1.0. This impacts an unknown function of the file /attendance-php/Admin/createClass.php?action=edit. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit...
CVE-2026-11583
A vulnerability has been found in CodeAstro Student Attendance Management System 1.0. This affects an unknown function of the file /attendance-php/Admin/createClass.php. The manipulation of the argument className leads to sql injection. It is possible to initiate the attack remotely. The exploit...
GHSA-H9RH-5FFH-H669 vulnerabilities
Vulnerabilities for packages: gdal...
GHSA-J3F5-RW74-G4RV vulnerabilities
Vulnerabilities for packages: gdal...
CVE-2026-11585 CodeAstro Student Attendance Management System createClassArms.php sql injection
A vulnerability was determined in CodeAstro Student Attendance Management System 1.0. Affected is an unknown function of the file /attendance-php/Admin/createClassArms.php. This manipulation of the argument classId causes sql injection. The attack can be initiated remotely. The exploit has been...
CVE-2026-11585
CVE-2026-11585 involves CodeAstro Student Attendance Management System 1.0. The vulnerability is in an unknown function of the file /attendance-php/Admin/createClassArms.php , where manipulating the argument classId triggers an SQL injection. The issue can be exploited remotely, and the exploit h...
EUVD-2026-35199
A vulnerability was determined in CodeAstro Student Attendance Management System 1.0. Affected is an unknown function of the file /attendance-php/Admin/createClassArms.php. This manipulation of the argument classId causes sql injection. The attack can be initiated remotely. The exploit has been...
CVE-2026-11585 CodeAstro Student Attendance Management System createClassArms.php sql injection
A vulnerability was determined in CodeAstro Student Attendance Management System 1.0. Affected is an unknown function of the file /attendance-php/Admin/createClassArms.php. This manipulation of the argument classId causes sql injection. The attack can be initiated remotely. The exploit has been...
CVE-2026-11585
A vulnerability was determined in CodeAstro Student Attendance Management System 1.0. Affected is an unknown function of the file /attendance-php/Admin/createClassArms.php. This manipulation of the argument classId causes sql injection. The attack can be initiated remotely. The exploit has been...
CVE-2026-11584
CodeAstro Student Attendance Management System 1.0 contains an SQL injection in /attendance-php/Admin/createClass.php?action=edit caused by unsafely manipulated ID parameter. The vulnerability is exploitable remotely and, per sources, an exploit has been publicized. No remediation details are pro...
CVE-2026-11584 CodeAstro Student Attendance Management System createClass.php edit sql injection
A vulnerability was found in CodeAstro Student Attendance Management System 1.0. This impacts an unknown function of the file /attendance-php/Admin/createClass.php?action=edit. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit...
CVE-2026-11584 CodeAstro Student Attendance Management System createClass.php edit sql injection
A vulnerability was found in CodeAstro Student Attendance Management System 1.0. This impacts an unknown function of the file /attendance-php/Admin/createClass.php?action=edit. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit...