1390 matches found
PT-2026-37566
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Reliable Delivery Service RDS implementation where a shortcut was introduced allowing connections to transition from RDS CONN ERROR directly back to RDS CONN...
PT-2026-37756
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Sound. Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploi...
PT-2026-37769
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u371-perf, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 21.3.6, 22.3.2; Oracle GraalVM for...
PT-2026-37930
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Difficult to exploit vulnerabili...
EUVD-2026-25851
A weakness has been identified in SourceCodester Pharmacy Sales and Inventory System 1.0. This vulnerability affects unknown code of the file /ajax.php?action=deletereceiving. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has...
CVE-2026-31955 Xibo CMS has Authenticated Server-Side Request Forgery (SSRF) in Remote DataSet Functionality
Xibo is an open source digital signage platform with a web content management system and Windows display player software. An authenticated Server-Side Request Forgery SSRF vulnerability in versions prior to 4.4.1 allows users with DataSet permissions to make arbitrary HTTP requests from the CMS...
CVE-2026-39842
OpenRemote is an open-source IoT platform. Versions 1.21.0 and below contain two interrelated expression injection vulnerabilities in the rules engine that allow arbitrary code execution on the server. The JavaScript rules engine executes user-supplied scripts via Nashorn's ScriptEngine.eval...
CVE-2026-31425
In the Linux kernel, the following vulnerability has been resolved: rds: ib: reject FRMR registration before IB connection is established rdsibgetmr extracts the rdsibconnection from conn-ctransportdata and passes it to rdsibregfrmr for FRWR memory registration. On a fresh outgoing connection, ic...
CVE-2026-31262
Cross Site Scripting vulnerability in Altenar Sportsbook Software Platform SB2 v.2.0 allows a remote attacker to obtain sensitive information and execute arbitrary code via the URL parameter...
CVE-2026-31262
CVE-2026-31262 is a Cross Site Scripting vulnerability in Altenar Sportsbook Software Platform (SB2) version 2.0. The entry states that a remote attacker can obtain sensitive information and execute arbitrary code via a URL parameter. Connected documents consistently describe the issue as XSS in ...
CVE-2026-1491
CVE-2026-1491 affects IBM Verify Identity Access Container (11.0–11.0.2) and IBM Security Verify Access Container (10.0–10.0.9.1), plus corresponding Identity Access products, with an information disclosure risk due to inconsistent interpretation of HTTP requests by a reverse proxy (CWE-444). The...
CVE-2026-1491 Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 IBM Security Verify could allow a remote attacker to access sensitive...
CVE-2026-2862
CVE-2026-2862 affects IBM Verify Identity Access Container (11.0–11.0.2) and IBM Security Verify Access Container (10.0–10.0.9.1), plus IBM Verify Identity Access (11.0–11.0.2) and IBM Security Verify Access (10.0–10.0.9.1). Root cause is an inconsistent interpretation of an HTTP request by a rev...
Qnap QTS and QuTS hero Improper Neutralization of CRLF Sequences (CVE-2024-14026)
An improper neutralization of CRLF sequences 'CRLF Injection' vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify application data. We have already fixed the...
Google Chrome 输入验证错误漏洞
Google Chrome is a web browser developed by Google Inc. In versions prior to 146.0.7680.153, there was a vulnerability related to input validation. This vulnerability stemmed from an integer overflow in the Dawn component of the browser’s Mac system, which could allow remote attackers to exploit...
ROS-20260319-73-0011
A vulnerability in the inhttp, insplunk and inelasticsearch plugins of the Fluent Bit log collection and processing tool is related to incorrect input data type validation when processing the tagkey parameter. Exploitation of the vulnerability could allow an attacker acting remotely to disclose a...
CVE-2026-3152
A flaw has been found in itsourcecode College Management System 1.0. This issue affects some unknown processing of the file /admin/teacher-salary.php. This manipulation of the argument teacherid causes sql injection. It is possible to initiate the attack remotely. The exploit has been published a...
Cisco Catalyst SD-WAN Manager(Cisco SD-WAN vManage) 信息泄露漏洞
Cisco Catalyst SD-WAN Manager Cisco SD-WAN vManage is a highly customizable dashboard provided by the American company Cisco. It simplifies and automates the deployment, configuration, management, and operation of Cisco SD-WAN. Cisco Catalyst SD-WAN Manager has a vulnerability related to...
Parse Dashboard 访问控制错误漏洞
Parse Dashboard is an dashboard tool open source by the Parse Platform. Versions of Parse Dashboard from 7.3.0-alpha.42 to 9.0.0-alpha.7 contain access control vulnerability issues. This vulnerability stems from multiple security vulnerabilities in the AI Agent API endpoints, which may allow...
VulnCheck KEV: CVE-2021-39152
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. ...