CVE-2026-1588

A vulnerability was found in jishenghua jshERP up to 3.6. The impacted element is the function install of the file /jshERP-boot/plugin/installByPath of the component com.gitee.starblues.integration.operator.DefaultPluginOperator. The manipulation of the argument path results in path traversal. It...

CVE-2026-1586

Open5GS SGWC is affected up to version 2.7.5 by a denial-of-service flaw in the ogs_gtp2_f_teid_to_ip function in sgwc/s11-handler.c. The issue can be exploited remotely; an exploit has been published. A patch is available and Open5GS 2.7.6+ is expected to contain the fix. If you are running Open...

EUVD-2026-4997

A flaw has been found in Open5GS up to 2.7.5. Impacted is the function ogsgtp2fteidtoip of the file /sgwc/s11-handler.c of the component SGWC. Executing a manipulation can lead to denial of service. The attack may be performed from remote. The exploit has been published and may be used. It is...

PT-2026-5325

Name of the Vulnerable Software and Affected Versions Bdtask Bhojon All-In-One Restaurant Management System versions prior to 20260117 Description A business logic error exists in the Add-to-Cart Submission Endpoint. The backend accepts user-controlled pricing values without validating them again...

ROS-20260129-73-0032

A vulnerability in the CREATE STATISTICS function of the PostgreSQL database management system is related to access control flaws. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20260129-73-0037

A vulnerability in the libpq library of the PostgreSQL database management system is related to integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20260129-73-0030

A vulnerability in the CREATE STATISTICS function of the PostgreSQL database management system is related to access control flaws. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20260129-73-0036

A vulnerability in the libpq library of the PostgreSQL database management system is related to integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20260129-73-0040

A vulnerability in the libpq library of the PostgreSQL database management system is related to integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20260129-73-0052

A vulnerability in the Canvas and WebGL interfaces of Mozilla Firefox, Firefox ESR and Thunderbird email client is related to insufficient checking for unusual or exceptional states. Exploitation of the vulnerability could allow an attacker acting remotely to bypass the sandbox protection mechani...

CVE-2026-1546 jishenghua jshERP com.jsh.erp.datasource.mappers.DepotItemMapperEx importItemExcel getBillItemByParam sql injection

A security vulnerability has been detected in jishenghua jshERP up to 3.6. The impacted element is the function getBillItemByParam of the file /jshERP-boot/depotItem/importItemExcel of the component com.jsh.erp.datasource.mappers.DepotItemMapperEx. The manipulation of the argument barCodes leads ...

CVE-2026-1545 itsourcecode School Management System index.php sql injection

A weakness has been identified in itsourcecode School Management System 1.0. The affected element is an unknown function of the file /course/index.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been made availab...

CVE-2026-1535 code-projects Online Music Site AdminReply.php sql injection

A security vulnerability has been detected in code-projects Online Music Site 1.0. This impacts an unknown function of the file /Administrator/PHP/AdminReply.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

CVE-2026-1522

A weakness has been identified in Open5GS up to 2.7.6. This vulnerability affects the function sgwcs5chandlemodifybearerresponse of the file src/sgwc/s5c-handler.c of the component SGWC. Executing a manipulation can lead to denial of service. The attack can be launched remotely. The exploit has...

CVE-2026-1521 Open5GS SGWC s5c-handler.c denial of service

A security flaw has been discovered in Open5GS up to 2.7.6. This affects the function sgwcs5chandlebearerresourcefailureindication of the file src/sgwc/s5c-handler.c of the component SGWC. Performing a manipulation results in denial of service. The attack can be initiated remotely. The exploit ha...

CVE-2026-1520 rethinkdb Secondary Index cross site scripting

A vulnerability was identified in rethinkdb up to 2.4.3. Affected by this issue is some unknown functionality of the component Secondary Index Handler. Such manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit is publicly available and might be use...

openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing

A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service DoS by providing a specially crafted, malformed PKCS12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12itemdecryptd2iex function when...

PT-2026-5228

Name of the Vulnerable Software and Affected Versions itsourcecode School Management System version 1.0 Description A weakness exists in itsourcecode School Management System 1.0. The issue involves a SQL injection that can be triggered by manipulating the ID argument in the /course/index.php fil...

CVE-2025-69517

CVE-2025-69517 involves Amidaware Inc Tactical RMM v1.3.1 and earlier. A remote HTML injection occurs when creating a new agent via POST /api/v3/newagent/; the agent_id field (max 255 chars) is sanitized with DOMPurify.sanitize() with html: true, which does not filter HTML adequately. The injecte...

EUVD-2025-206495

An issue in Amidaware Inc Tactical RMM v1.3.1 and before allows a remote attacker to execute arbitrary code via the /api/tacticalrmm/apiv3/views.py component...