CVE-2026-10296 itsourcecode Fees Management System ajax.php sql injection

A vulnerability was determined in itsourcecode Fees Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php. Executing a manipulation of the argument Username can lead to sql injection. The attack may be performed from remote. The exploit has been publicl...

CVE-2026-10287

A vulnerability was determined in SourceCodester SEO Meta Tag Extractor 1.0. This vulnerability affects the function getheaders of the file /index.php. This manipulation of the argument url causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been...

CVE-2018-25435

CVE-2018-25435 describes a cross-site request forgery (CSRF) in ZeusCart 4.0 that allows an attacker to perform unauthorized admin actions on behalf of a victim. Specifically, by convincing a logged-in admin to visit attacker-controlled pages, requests to the regstatus endpoint with action=deny c...

CVE-2026-10287

A vulnerability was determined in SourceCodester SEO Meta Tag Extractor 1.0. This vulnerability affects the function getheaders of the file /index.php. This manipulation of the argument url causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been...

WordPress Google Plus One Bottom plugin <= 0.0.2 - Cross-Site Request Forgery to Plugin Settings Update vulnerability

Cross-Site Request Forgery to Plugin Settings Update vulnerability discovered by swat in WordPress Plugin Google Plus One Bottom versions = 0.0.2...

CVE-2026-49138 Nanobot < 0.2.1 SSRF via web_fetch Tool Redirect Following

Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the webfetch tool that allows remote attackers to reach internal or private network hosts by supplying a URL that redirects to a loopback or private address via a 3xx Location header. Attackers can exploit the...

CVE-2026-43958

A flaw was found in rrdcached, a component of rrdtool. A local attacker with access to a rrdcached socket can exploit a stack-based buffer overflow by sending an oversized CREATE request. This vulnerability can lead to a denial of service by crashing the daemon or potentially allow for arbitrary...

CVE-2026-37226

FlexRIC v2.0.0 crashes when the iApp receives an E42RICSUBSCRIPTIONREQUEST referencing a non-existent E2 Node. The lookup function returns NULL, which is enforced by assert in Debug builds SIGABRT and dereferenced in Release builds SIGSEGV. A remote unauthenticated attacker can crash the iApp...

UBUNTU-CVE-2026-43958

A flaw was found in rrdcached, a component of rrdtool. A local attacker with access to a rrdcached socket can exploit a stack-based buffer overflow by sending an oversized CREATE request. This vulnerability can lead to a denial of service by crashing the daemon or potentially allow for arbitrary...

EUVD-2026-33699

FlexRIC v2.0.0 crashes when the iApp receives an E42RICSUBSCRIPTIONREQUEST with an empty ricEventTriggerDefinition field. The E42 layer decoder accepts this as valid, but the E2AP encoder asserts a non-empty constraint when forwarding the request. A remote unauthenticated attacker can crash the...

EUVD-2026-33740

IBM WebSphere Application Server 9.0, and 8.5 is affected by an improper validation of user-supplied data during deserialization using the SAML Web Single Sign-On component. This could result in remote code execution via a crafted HTTP request when combined with a suitable gadget chain...

EUVD-2026-33726

A flaw was found in rrdcached, a component of rrdtool. A local attacker with access to a rrdcached socket can exploit a stack-based buffer overflow by sending an oversized CREATE request. This vulnerability can lead to a denial of service by crashing the daemon or potentially allow for arbitrary...

CVE-2026-43958

A flaw was found in rrdcached, a component of rrdtool. A local attacker with access to a rrdcached socket can exploit a stack-based buffer overflow by sending an oversized CREATE request. This vulnerability can lead to a denial of service by crashing the daemon or potentially allow for arbitrary...

CVE-2026-43958 Rrdtool: rrdtool: stack buffer overflow allows local code execution or denial of service

A flaw was found in rrdcached, a component of rrdtool. A local attacker with access to a rrdcached socket can exploit a stack-based buffer overflow by sending an oversized CREATE request. This vulnerability can lead to a denial of service by crashing the daemon or potentially allow for arbitrary...

CVE-2026-43958

The CVE-2026-43958 vulnerability affects rrdcached (part of rrdtool). A local attacker with access to the rrdcached socket can trigger a stack-based buffer overflow by sending an oversized CREATE request, leading to denial of service or potential arbitrary code execution, compromising data integr...

CVE-2026-43958

A flaw was found in rrdcached, a component of rrdtool. A local attacker with access to a rrdcached socket can exploit a stack-based buffer overflow by sending an oversized CREATE request. This vulnerability can lead to a denial of service by crashing the daemon or potentially allow for arbitrary...

CVE-2026-46243

In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions cifs.spnego key descriptions contain authority-bearing fields such as pid, uid, creduid, and upcalltarget that cifs.upcall treats as kernel-originating inputs. However,...

CVE-2026-37225

FlexRIC v2.0.0 crashes when the iApp receives an E42RICSUBSCRIPTIONREQUEST with an empty ricEventTriggerDefinition field. The E42 layer decoder accepts this as valid, but the E2AP encoder asserts a non-empty constraint when forwarding the request. A remote unauthenticated attacker can crash the...

CVE-2026-10274

A vulnerability was determined in indrasishbanerjee aem-mcp-server up to b5f833aef9b5dfd17a5991b3b18a8a11edbdc583. This impacts the function getAssetMetadata of the file src/mcp-server.ts of the component Axios Request Flow. Executing a manipulation of the argument assetPath can lead to server-si...

EUVD-2026-33670

A vulnerability was determined in indrasishbanerjee aem-mcp-server up to b5f833aef9b5dfd17a5991b3b18a8a11edbdc583. This impacts the function getAssetMetadata of the file src/mcp-server.ts of the component Axios Request Flow. Executing a manipulation of the argument assetPath can lead to server-si...