CVE-2026-11530

A vulnerability was identified in imvks786 studentmanagementsystem up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. This affects an unknown function of the file /index.ph of the component Login. Such manipulation of the argument usr/pwd leads to sql injection. The attack can be executed remotely...

CVE-2026-11553

A vulnerability was found in Tenda HG7HG9 and HG10 300001138enxpon. This affects the function formPPPEdit of the file /boaform/formPPPEdit. The manipulation of the argument encodename results in stack-based buffer overflow. The attack can be launched remotely. The exploit has been made public and...

CVE-2026-11524

A vulnerability has been found in Tenda W20E 15.11.0.6. Impacted is the function modifyWifiFilterRules of the file /goform/modifyWifiFilterRules of the component Web Management Interface. The manipulation of the argument wifiFilterListRemark leads to stack-based buffer overflow. The attack may be...

CVE-2026-11528

A vulnerability was found in Tenda AC18 15.03.05.05. The affected element is the function sub45304 of the file /goform/getRebootStatus of the component Web Management Interface. The manipulation of the argument callback results in stack-based buffer overflow. The attack may be launched remotely...

Exploit for Use After Free in Linux Linux_Kernel

No d...

EUVD-2026-35501

Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network...

EUVD-2026-35691

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally...

CVE-2026-44275

Dell/Alienware Purchased Apps (versions before 1.1.32.0) are affected by CVE-2026-44275: an Improper Link Resolution Before File Access (Link Following) vulnerability. A low-privilege local attacker could potentially write arbitrary files due to the underlying link-following flaw. The CVSS 3.1 ba...

CVE-2026-50635 LimeSurvey Password Reset Host Header Injection Discloses Reset Token

LimeSurvey constructs account password-reset links from the client-supplied HTTP Host header without validating it. The optional allowedHosts allowlist that would constrain this is undefined in the default and documented configuration, so LSHttpRequest::checkIsAllowedHost results in no operation....

CVE-2026-44815

Stack-based buffer overflow in Windows DHCP Client allows an unauthorized attacker to execute code over a network...

CVE-2026-42993

CVE-2026-42993 describes a heap-based overflow in the Remote Desktop Client that allows an unauthenticated attacker to execute code over the network. The underlying issue is a heap-based buffer overflow in input handling within the client, leading to remote code execution with high impact (confid...

EUVD-2026-35745

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network...

EUVD-2026-35735

Integer underflow wrap or wraparound in Windows Performance Monitor allows an unauthorized attacker to execute code over a network...

EUVD-2026-35724

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network...

EUVD-2026-35563

Use after free in Universal Plug and Play upnp.dll allows an unauthorized attacker to execute code over a network...

CVE-2026-45635

CVE-2026-45635 affects Windows UPnP Device Host through a use-after-free in upnp.dll, enabling remote code execution over the network. The issue is tied to the Universal Plug and Play component, with impact described as remote, unauthenticated code execution; CVSSv3.1 base score 8.1 (HIGH). Affec...

xssor

No d...

CVE-2026-11521

A security vulnerability has been detected in Mohammed-eid35 bank-management-system-springboot up to 7b9bcc65ad7df3db29af71aed9bb500e5f24d948. This affects an unknown part of the file src/main/java/com/alien/bank/management/system/controller/TransactionController.java of the component Transaction...

CVE-2026-11519

A security flaw has been discovered in SourceCodester Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /ProductInventory/api/usershandler.php of the component Account Creation Handler. The manipulation of the argument ROLE results in improper...

CVE-2026-11520

A weakness has been identified in SourceCodester Inventory System 1.0. Affected by this issue is some unknown functionality of the file header.php. This manipulation causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the public and...