CVE-2026-5274

CVE-2026-5274 is a Chrome/Chromium vulnerability: an integer overflow in Codecs allows a remote attacker to perform arbitrary read/write through a crafted HTML page. Affected software includes Google Chrome prior to version 146.0.7680.178 (with references to Chromium fixes). The issue is describe...

Astra Linux – Vulnerability in Chromium

Integer overflow in Skia in Google Chrome prior to version 145.0.7632.159 allowed a remote attacker to potentially perform out-of-bounds memory access through a crafted HTML page. Chromium security severity: Critical...

Astra Linux – Vulnerability in Chromium

Before version 146.0.7680.75, using Skia in Google Chrome allowed a remote attacker to perform out-of-bounds memory access through a crafted HTML page. Chromium security severity: High...

CVE-2026-5248

Summary : CVE-2026-5248 affects gougucms 4.08.18, specifically the function reg_submit in gougucms-master\app\home\controller\Login.php (User Registration Handler). The issue involves manipulation of the argument level that leads to dynamically-determined object attributes, enabling a potential r...

CVE-2026-5248 gougucms User Registration Login.php reg_submit dynamically-determined object attributes

A vulnerability has been found in gougucms 4.08.18. This affects the function regsubmit of the file gougucms-master\app\home\controller\Login.php of the component User Registration Handler. Such manipulation of the argument level leads to dynamically-determined object attributes. The attack may b...

EUVD-2026-17731

A security flaw has been discovered in itsourcecode Payroll Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /manageuser.php of the component Parameter Handler. Performing a manipulation of the argument ID results in sql injection. The attack is possib...

PT-2026-29551

A vulnerability in the web-based management interface of Cisco IMC could allow an unauthenticated, remote attacker to conduct a reflected XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by...

PT-2026-29638

A vulnerability has been found in Nothings stb up to 2.30. This issue affects the function stbi gif load next in the library stb image.h of the component GIF Decoder. Such manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public an...

PT-2026-29618

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow a remote attacker to conduct phishing attacks, caused by an...

PT-2026-29553

A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with administrative privileges to conduct a stored XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker could...

Cisco IOS XE Software Secure Channel for Meraki Information Disclosure (cisco-sa-iosxe_infodis-6J847uEB)

According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability. - A vulnerability in Cisco IOS XE Software for Cisco Meraki could allow a remote, unauthenticated attacker to view confidential device information. This vulnerability is due to a device configuration...

ROS-20260401-73-0032

Vulnerability in libpng15 related to buffer copying without checking input size. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20260401-73-0043

Vulnerability in pdns-recursor related to unrestricted resource allocation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20260401-73-0028

Vulnerability in libpng12 related to buffer copying without checking input size. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20260401-73-0030

Vulnerability in libpng related to buffer copying without checking input size. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

CVE-2026-5240

CVE-2026-5240 affects code-projects BloodBank Managing System 1.0. The issue arises in an unknown part of /admin_state.php where manipulating the statename argument causes a cross-site scripting (XSS) vulnerability. The description notes remote initiation and that the exploit has been publicly di...

CVE-2026-5240

A security vulnerability has been detected in code-projects BloodBank Managing System 1.0. This affects an unknown part of the file /adminstate.php. The manipulation of the argument statename leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been...

CVE-2026-5238

Affects itsourcecode Payroll Management System 1.0. The vulnerability exists in the Parameter Handler’s view_employee.php, where manipulating the ID parameter leads to SQL injection. This is a remote exploit with public proof-of-concept; CVSS metrics indicate high impact (network access, no authe...

CVE-2026-5147

A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This affects an unknown part of the file /admin-api/system/tenant/get-by-website. The manipulation of the argument Website results in sql injection. It is possible to launch the attack remotely. The exploit has been released...

CVE-2026-5123

A flaw was found in osrg GoBGP. A remote attacker could exploit an off-by-one error in the DecodeFromBytes function by manipulating specific input data. This vulnerability may lead to a denial of service, making the affected system unavailable. Mitigation Mitigation for this issue is either not...