CVE-2026-40830

CVE-2026-40830 describes an unauthenticated SQL Injection in the admin.mbnetj.php file’s UpdateParam function, enabling a high-privilege remote attacker to read the entire database and alter values in a non-critical table. Impact includes total confidentiality loss and some integrity loss; no ava...

EUVD-2026-31859

A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker-controlled compressed data within .solv files due to insufficient input validation. An attacker can provide a specially crafted .solv file, which, when processed by a vulnerable application, can lea...

Astra Linux - уязвимость в firefox

If an attacker were able to alter specific about:config values for example, malware running on the user’s computer, the Devtools remote debugging feature might be enabled in a way that is unnoticed by the user. This would allow a remote attacker who can establish a direct network connection to th...

Microsoft .NET 安全漏洞

Microsoft .NET is a software framework developed by Microsoft Corporation in the United States. It focuses on agile software development, rapid application development, platform independence, and network transparency. There are security vulnerabilities in Microsoft .NET. Attackers can exploit the...

CVE-2024-46508

CVE-2024-46508 affects yeti-platform yeti before 2.1.12. The issue allows an attacker to generate valid JWT tokens if YETI_AUTH_SECRET_KEY remains at the default SECRET. CVSS v3.1 base score 7.5 (High) with Network attack vector and no privileges required. Root cause: secret key used for JWT sign...

Linux Distros Unpatched Vulnerability : CVE-2026-42501

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A malicious module proxy can exploit a flaw in the go command's validation of module checksums to bypass checksum database validation. This vulnerability affect...

EUVD-2026-28345

An improper input validation, together with an overly permissive default CORS configuration in Open Notebook v1.8.1 allows remote attacker to trick a legitimate user to alter or delete arbitrary database entries via specially crafted malicious URL. Depending on the deployment, data exfiltration i...

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

🚨 CVE-2026-31431: Copy Fail Un fallo crítico de 9 años en...

GHSA-QC4J-QJQX-VR58 Spring AI has a VectorStore FilterExpression Converter injection

In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query languages. In several cases, keys and values are not properly escaped, leading to the ability to alter the query. Affected versions: Spring AI: 1.0.0...

CVE-2026-40967

In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query languages. In several cases, keys and values are not properly escaped, leading to the ability to alter the query. Affected versions: Spring AI: 1.0.0...

CVE-2026-33566

There is a cypher injection issue in LogonTracer prior to v2.0.0. If specially crafted Windows event log data is loaded, the contents of the database may be altered...

CVE-2026-33566

There is a cypher injection issue in LogonTracer prior to v2.0.0. If specially crafted Windows event log data is loaded, the contents of the database may be altered...

CVE-2026-33566

CVE-2026-33566 is a cypher injection issue in LogonTracer prior to v2.0.0. When specially crafted Windows event log data is loaded, the contents of the database may be altered. The issue is documented across multiple sources (NVD, CVE List, JVN) and is addressed by updating to LogonTracer v2.0.0....

PT-2026-35276

There is a cypher injection issue in LogonTracer prior to v2.0.0. If specially crafted Windows event log data is loaded, the contents of the database may be altered...

EUVD-2026-22851

The MetForm Pro plugin for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 3.9.7 This is due to the payment integrations Stripe/PayPal trusting a user-submitted calculation field value without recomputing or validating it against the configured form pric...

CVE-2026-40434

Anviz CrossChex Standard lacks source verification in the client/server channel, enabling TCP packet injection by an attacker on the same network to alter or disrupt application traffic...

CVE-2026-2399

CWE-22 Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists that could cause critical files overwritten with text data when a Web Admin user alters the POST /REST/upssleep request payload...

CVE-2026-39415

Frappe Learning Management System LMS is a learning system that helps users structure their content. Prior to 2.46.0, a vulnerability has been identified in Frappe Learning where quiz scores can be modified by students before submission. The application currently relies on client-side calculated...

EUVD-2026-20603

Frappe Learning Management System LMS is a learning system that helps users structure their content. Prior to 2.46.0, a vulnerability has been identified in Frappe Learning where quiz scores can be modified by students before submission. The application currently relies on client-side calculated...

EUVD-2016-10873

Nodcms contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious forms. Attackers can trick authenticated administrators into submitting requests to admin/usermanipulate and admin/settings/generall endpoints to...