CVE-2026-5670

Cyber-III Student-Management-System (up to commit 1a938fa61e9f735078e9b291d2e6215b4942af3f) contains a vulnerability in move_uploaded_file within /AssignmentSection/submission/upload.php. Manipulating the File argument permits unrestricted file upload, with remote initiation and public exploitati...

CVE-2026-5534

CVE-2026-5534 affects the itsourcecode Online Enrollment System 1.0. The vulnerability is in an unknown function of the component Parameter Handler, specifically the file /sms/user/index.php?view=edit&id=10, where manipulation of the USERID parameter leads to SQL injection. It can be exploited re...

PT-2026-30409

A vulnerability was detected in QingdaoU OnlineJudge up to 1.6.1. Affected by this issue is the function service url of the file JudgeServer.service url of the component judge server heartbeat Endpoint. The manipulation results in server-side request forgery. It is possible to launch the attack...

PT-2026-28746

Name of the Vulnerable Software and Affected Versions code-projects Accounting System version 1.0 Description A flaw exists in the Parameter Handler component of the software, specifically within the /view work.php file. Manipulation of the en id argument can lead to a SQL injection. This issue i...

OESA-2026-1741 freeipmi security update

The package provides "Remote-Console" and "System Management software" based on intelligent platform management interface specification. Security Fixes: ipmi-oem in FreeIPMI before 1.16.17 has exploitable buffer overflows on response messages. The Intelligent Platform Management Interface IPMI...

CVE-2026-3229

An integer overflow vulnerability existed in the static function wolfssladdtochain, that caused heap corruption when certificate data was written out of bounds of an insufficiently sized certificate buffer. wolfssladdtochain is called by these API: wolfSSLCTXaddextrachaincert,...

CVE-2026-4849

A vulnerability was identified in code-projects Simple Laundry System 1.0. This impacts an unknown function of the file /modify.php of the component Parameter Handler. The manipulation of the argument firstName leads to cross site scripting. The attack may be initiated remotely. The exploit is...

PT-2026-28663

Name of the Vulnerable Software and Affected Versions code-projects Online Food Ordering System version 1.0 Description A security issue exists in code-projects Online Food Ordering System 1.0, specifically within an unknown functionality of the /dbfood/food.php file. Manipulation of the cuisines...

PT-2026-28150

A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This vulnerability affects unknown code of the file /update stock.php of the component HTTP GET Parameter Handler. This manipulation of the argument sid causes sql injection. Remote exploitation of the attack is...

EUVD-2026-13208

An integer overflow vulnerability existed in the static function wolfssladdtochain, that caused heap corruption when certificate data was written out of bounds of an insufficiently sized certificate buffer. wolfssladdtochain is called by these API: wolfSSLCTXaddextrachaincert,...

UBUNTU-CVE-2026-3229

An integer overflow vulnerability existed in the static function wolfssladdtochain, that caused heap corruption when certificate data was written out of bounds of an insufficiently sized certificate buffer. wolfssladdtochain is called by these API: wolfSSLCTXaddextrachaincert,...

CVE-2026-3229 Integer Overflow in Certificate Chain Allocation

An integer overflow vulnerability existed in the static function wolfssladdtochain, that caused heap corruption when certificate data was written out of bounds of an insufficiently sized certificate buffer. wolfssladdtochain is called by these API: wolfSSLCTXaddextrachaincert,...

CVE-2026-3229 Integer Overflow in Certificate Chain Allocation

An integer overflow vulnerability existed in the static function wolfssladdtochain, that caused heap corruption when certificate data was written out of bounds of an insufficiently sized certificate buffer. wolfssladdtochain is called by these API: wolfSSLCTXaddextrachaincert,...

CVE-2026-3229

An integer overflow vulnerability existed in the static function wolfssladdtochain, that caused heap corruption when certificate data was written out of bounds of an insufficiently sized certificate buffer. wolfssladdtochain is called by these API: wolfSSLCTXaddextrachaincert,...

CVE-2026-31963

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. As one method of removing redundant data, CRAM uses reference-based compression so that instead of storing the full sequence for each alignment record it...

EUVD-2026-12427

A vulnerability has been found in itsourcecode College Management System 1.0. This issue affects some unknown processing of the file /admin/courses.php. The manipulation of the argument coursecode leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclos...

EUVD-2026-12376

A vulnerability was found in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is the function updatesql/runsql of the file src/vanna/legacy/flask/init.py of the component Endpoint. Performing a manipulation results in server-side request forgery. The attack may be initiated remotely. Th...

The 5 Stages of a CTEM Cybersecurity Program

To beat an attacker, you have to think like one. An adversary doesn't care about your compliance reports or internal severity ratings. They care about one thing: finding an exploitable path to your critical assets. So why are we still prioritizing based on theoretical scores? A modern security...

A Guide to Threat Exposure Management for Enterprises

For years, security has been an inside-out job. We scan our own systems, find our own flaws, and create our own to-do lists. But what if we flipped the script and looked at our organization from the outside-in? This is the core idea behind Threat Exposure Management. It’s a continuous process tha...

CVE-2026-32617

AnythingLLM prior to 1.11.1 on default installations with no credentials exposes unauthenticated HTTP endpoints and WebSocket, with CORS accepting any origin. The server binds to 127.0.0.1 by default, and browser Private Network Access blocks public-to-private requests, so exploitation is feasibl...