CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added yesterday•5 views

CVE-2026-11583 CodeAstro Student Attendance Management System createClass.php sql injection

A vulnerability has been found in CodeAstro Student Attendance Management System 1.0. This affects an unknown function of the file /attendance-php/Admin/createClass.php. The manipulation of the argument className leads to sql injection. It is possible to initiate the attack remotely. The exploit...

6.5CVSS

EUVD•added yesterday•4 views

EUVD-2026-35195

6.5CVSS6.4AI score

RedhatCVE•added yesterday•4 views

CVE-2026-46297

A flaw was found in the Linux kernel's libwx network driver. Incorrect handling of virtual function VF miscellaneous interrupts, specifically using requestthreadedirq with a null threaded handler and the IRQFONESHOT flag, can trigger a kernel warning. This issue may lead to system instability or...

5.5AI score

CVE-2026-46299

A flaw was found in the hfsplus filesystem component of the Linux kernel. An issue exists in the hfsplusfillsuper function where a lock is not properly released during an error handling path. This can occur when certain conditions cause hfspluscatbuildkey to fail during filesystem initialization....

5.5CVSS5.5AI score

CVE•added yesterday•9 views

CVE-2026-11582

The CVE-2026-11582 entry affects CodeAstro Student Attendance Management System 1.0. The vulnerability is an SQL injection in an unknown function of /attendance-php/index.php triggered by manipulating the Username argument. Remote exploitation is possible, and an exploit has been published. Affec...

7.5CVSS5.4AI score

ATTACKERKB•added yesterday•2 views

CVE-2026-11582

A flaw has been found in CodeAstro Student Attendance Management System 1.0. The impacted element is an unknown function of the file /attendance-php/index.php. Executing a manipulation of the argument Username can lead to sql injection. The attack may be performed from remote. The exploit has bee...

7.5CVSS7AI score

Exploits0References6Affected Software1

Cvelist•added yesterday•4 views

CVE-2026-11582 CodeAstro Student Attendance Management System index.php sql injection

7.5CVSS

EUVD•added yesterday•4 views

EUVD-2026-35190

7.5CVSS7AI score

CVE-2026-46305

A flaw was found in the Linux kernel, specifically within the rtl8723bs staging driver's osdep module. The rtwcbufalloc function does not properly validate the return value of a memory allocation, leading to an unconditional dereference of a potentially NULL pointer. This vulnerability could allo...

5.4AI score

ATTACKERKB•added yesterday•2 views

CVE-2026-11559

A vulnerability was detected in CodeAstro Payroll System 1.0. This affects an unknown function of the file /viewaccount.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit is now public and may be used...

6.5CVSS6.5AI score

Exploits0References6Affected Software1

Cvelist•added yesterday•4 views

CVE-2026-11559 CodeAstro Payroll System view_account.php sql injection

6.5CVSS

CVE•added yesterday•6 views

CVE-2026-11559

CVE-2026-11559 affects CodeAstro Payroll System 1.0. The vulnerability exists in an (unnamed) function of the file /view_account.php, where manipulation of the argument ID enables an SQL injection. It is exploitable remotely and the exploit is public. CVSS metrics in the entry show a MEDIUM sever...

6.5CVSS5.4AI score

EUVD•added yesterday•4 views

EUVD-2026-35189

6.5CVSS5.4AI score

5.3CVSS5.8AI score0.00178EPSS

CVE-2026-11487

A flaw was found in Neovim. A local user could exploit this vulnerability by manipulating the argument path in the M.read function within the runtime/lua/vim/secure.lua file. This can lead to command injection, allowing the attacker to execute arbitrary commands on the local system...

Exploits0References2

RedHat Linux•added yesterday•3 views

libyang: libyang: Denial of Service or arbitrary code execution via maliciously crafted LYB binary blob

A flaw was found in libyang, a YANG data modeling language library. An integer overflow in the lybreadstring function can lead to a heap buffer overflow when parsing a maliciously crafted LYB binary blob. A remote attacker, by supplying this malicious LYB data to any libyang consumer such as a...

7.5CVSS6.4AI score0.00068EPSS

Exploits0References5

IBM Security Bulletins•added yesterday•2 views

Security Bulletin: Langflow OSS affected by vulnerabilies in Lodash versions 4.17.23 and earlier

Summary Langflow OSS affected by vulnerabilies in Lodash versions 4.17.23 and earlier Vulnerability Details CVEID:CVE-2026-2950 DESCRIPTION: Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the .unset and .omit functions. The fix for CVE-2025-13465:...

9.8CVSS5.9AI score0.00046EPSS

Exploits0Affected Software1

IBM Security Bulletins•added yesterday•4 views

Security Bulletin: IBM Langflow Desktop 1.0.0 - 1.9.2 DNS Rebinding Bypasses SSRF Protection Allowing Access to Internal Services

Summary A Time-of-Check to Time-of-Use TOCTOU vulnerability in IBM Langflow Desktop's SSRF protection allows authenticated attackers to bypass internal network access restrictions using DNS rebinding attacks. The validateurlforssrf function validates URLs using socket.getaddrinfo, but...

5.6AI score

Exploits0Affected Software1

CVE-2026-46307

A flaw was found in the Linux kernel's ath5k Wi-Fi driver. This vulnerability allows for an array-index-out-of-bounds write in the ath5ktasklettx function. An attacker could potentially trigger this by manipulating specific index values, leading to a minor data corruption. The immediate impact of...

5.5CVSS5.5AI score