CVE-2026-39983

A flaw was found in basic-ftp, an FTP client for Node.js. A remote attacker can exploit this vulnerability by injecting Carriage Return Line Feed CRLF sequences into file path parameters used by high-level APIs. This allows the attacker to split a single intended FTP command into multiple command...

CVE-2026-35206

A flaw was found in Helm, a package manager for Kubernetes. A remote attacker could exploit this vulnerability by providing a specially crafted Chart to the helm pull --untar command. This would cause the Chart's contents to be written to an unintended directory, potentially overwriting existing...

OPENSUSE-SU-2026:10526-1 helm-4.1.4-1.1 on GA media

These are all security issues fixed in the helm-4.1.4-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10529-1 tekton-cli-0.44.1-1.1 on GA media

These are all security issues fixed in the tekton-cli-0.44.1-1.1 package on the GA media of openSUSE Tumbleweed...

go1.25-1.25.9-1.1 on GA media (moderate)

go1.25-1.25.9-1.1 on GA media Announcement ID: openSUSE-SU-2026:10514-1 Rating: moderate Cross-References: CVE-2026-27140 CVE-2026-27143 CVE-2026-27144 CVE-2026-32280 CVE-2026-32281 CVE-2026-32282 CVE-2026-32283 CVE-2026-32288 CVE-2026-32289 CVSS scores: CVE-2026-27143 SUSE : 7.4...

OPENSUSE-SU-2026:10523-1 clusterctl-1.12.5-1.1 on GA media

These are all security issues fixed in the clusterctl-1.12.5-1.1 package on the GA media of openSUSE Tumbleweed...

brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion

A flaw was found in the brace-expansion component. This denial of service DoS vulnerability allows a remote attacker to provide specially crafted input containing repeated numeric brace ranges. This input causes the library to attempt an unbounded expansion, consuming excessive CPU and memory...

Kea: Kea: Denial of Service via maliciously crafted message

A flaw was found in Kea. A remote attacker can send a maliciously crafted message to the kea-ctrl-agent, kea-dhcp-ddns, kea-dhcp4, or kea-dhcp6 daemons over any configured API socket or HA listener. This can cause a stack overflow error, leading to the daemon exiting and resulting in a Denial of...

CVE-2026-5840

A security flaw has been discovered in PHPGurukul News Portal Project 4.1. Impacted is an unknown function of the file /admin/checkavailability.php. Performing a manipulation of the argument Username results in sql injection. Remote exploitation of the attack is possible. The exploit has been...

CVE-2026-5840

The CVE-2026-5840 entry concerns PHPGurukul News Portal Project 4.1. It specifies a SQL injection in an unknown function of /admin/check_availability.php arising from manipulation of the Username parameter, with remote exploitation possible. Public exploit is noted. No additional remediation step...

CVE-2026-5840 PHPGurukul News Portal Project check_availability.php sql injection

A security flaw has been discovered in PHPGurukul News Portal Project 4.1. Impacted is an unknown function of the file /admin/checkavailability.php. Performing a manipulation of the argument Username results in sql injection. Remote exploitation of the attack is possible. The exploit has been...

CVE-2026-5840 PHPGurukul News Portal Project check_availability.php sql injection

A security flaw has been discovered in PHPGurukul News Portal Project 4.1. Impacted is an unknown function of the file /admin/checkavailability.php. Performing a manipulation of the argument Username results in sql injection. Remote exploitation of the attack is possible. The exploit has been...

EUVD-2026-20805

A weakness has been identified in PHPGurukul Online Course Registration 3.1. This vulnerability affects unknown code of the file /checkavailability.php. Executing a manipulation of the argument cid can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made...

EUVD-2026-20807

A security vulnerability has been detected in PHPGurukul Online Course Registration 3.1. This issue affects some unknown processing of the file /admin/checkavailability.php. The manipulation of the argument regno leads to sql injection. The attack can be initiated remotely. The exploit has been...

CVE-2026-5814

A security vulnerability has been detected in PHPGurukul Online Course Registration 3.1. This issue affects some unknown processing of the file /admin/checkavailability.php. The manipulation of the argument regno leads to sql injection. The attack can be initiated remotely. The exploit has been...

OPENSUSE-SU-2026:10516-1 python311-Django4-4.2.30-1.1 on GA media

These are all security issues fixed in the python311-Django4-4.2.30-1.1 package on the GA media of openSUSE Tumbleweed...

PHPGurukul News Portal Project SQL注入漏洞

PHPGurukul News Portal Project is a news portal project of PHPGurukul Corporation. Version 4.1 of the PHPGurukul News Portal Project has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter Username in the file admin/checkavailability.php, which may le...

OPENSUSE-SU-2026:10512-1 aws-c-event-stream-devel-0.7.0-1.1 on GA media

These are all security issues fixed in the aws-c-event-stream-devel-0.7.0-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10520-1 python310-3.10.20-4.1 on GA media

These are all security issues fixed in the python310-3.10.20-4.1 package on the GA media of openSUSE Tumbleweed...

PHPGurukul Online Course Registration SQL注入漏洞

PHPGurukul Online Course Registration is an online course registration system provided by PHPGurukul Inc. Version 3.1 of PHPGurukul Online Course Registration has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter regno in the file...