SUSE CVE-2026-3150

A security vulnerability has been detected in itsourcecode College Management System 1.0. This affects an unknown part of the file /admin/display-teacher.php. The manipulation of the argument teacherid leads to sql injection. The attack is possible to be carried out remotely. The exploit has been...

SUSE CVE-2026-28904

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash...

SUSE CVE-2026-28958

This issue was addressed with improved data protection. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5. An app may be able to access sensitive user data...

EUVD-2026-34186

A vulnerability was identified in ealpha072 Student-Management-System up to 01451bd7a2f58cdda07bd0b86e3967582e3ecd08. Affected by this issue is some unknown functionality of the file admin/config.php of the component Administrative Backend. Such manipulation leads to improper authentication. The...

CVE-2026-10777

A vulnerability was identified in ealpha072 Student-Management-System up to 01451bd7a2f58cdda07bd0b86e3967582e3ecd08. Affected by this issue is some unknown functionality of the file admin/config.php of the component Administrative Backend. Such manipulation leads to improper authentication. The...

CVE-2026-10777

A vulnerability was identified in ealpha072 Student-Management-System up to 01451bd7a2f58cdda07bd0b86e3967582e3ecd08. Affected by this issue is some unknown functionality of the file admin/config.php of the component Administrative Backend. Such manipulation leads to improper authentication. The...

CVE-2026-10777

The CVE-2026-10777 entry concerns ealpha072 Student-Management-System (Administrative Backend). Affects the file admin/config.php where manipulation of the component’s functionality can lead to improper authentication. The issue is described as triggerable remotely, with a publicly available expl...

CVE-2026-10252

A security vulnerability has been detected in itsourcecode Online House Rental System 1.0. This affects an unknown function of the file /managetenant.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed...

CVE-2026-10209

A vulnerability has been found in code-projects Online Hospital Management System 1.0. Affected is an unknown function of the file appointmentdetail.php of the component Appointment Handler. The manipulation of the argument editid leads to sql injection. The attack is possible to be carried out...

Froxlor: BIND Zone File Injection via TXT Record Content

Summary The DomainZones.add API endpoint does not sanitize newline characters in TXT record content. An authenticated customer with DNS editing enabled can inject newlines into TXT record values, which break out of the record line in the generated BIND zone file. This enables injection of arbitra...

CVE-2026-46256

A flaw was found in the Linux kernel, specifically within the NFS Network File System LOCALIO optimization. This vulnerability allows for a recursion deadlock to occur during direct reclaim operations. When LOCALIO attempts to write pages back into NFS via nfswritepages, it can lead to a system...

CVE-2026-46252

A flaw was found in the Linux kernel's regulator core. Incorrect handling of locking in the regulatorresolvesupply function's error path can trigger a lockdep warning. This issue may allow for concurrent access problems, potentially leading to system instability or a denial of service DoS conditi...

CVE-2026-46267

A flaw was found in the Linux kernel's Near Field Communication NFC Host Controller Interface HCI Synchronous High-level Data Link Control SHDLC subsystem. This vulnerability arises because timers and work items can remain active and access freed SHDLC state and data queues during the...

CVE-2026-6475

A flaw was found in PostgreSQL. This vulnerability, related to symlink following in pgbasebackup plain format and pgrewind, allows an origin superuser to overwrite local files. By exploiting this, an attacker could potentially hijack the operating system account. This attack has practical...

CVE-2026-7888

Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize calls in the Workflow, Form block, and File/Set components that lack the allowedclasses restriction. An unauthenticated attacker may trigger arbitrary PHP object instantiation if a malicious serialized payload has been...

golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the Root.Chmod function is replaced with a symbolic link during execution, specifically after Root.Chmod checks the target but before acting, the chmod operation will be performed on the file the...

CVE-2026-46259

A flaw was found in the Linux kernel's procfs component. When reading /proc/pid/stat, the dotaskstat function accesses task-realparent without proper Read-Copy-Update RCU protection. This missing protection creates a race condition, which can lead to a Use-After-Free UAF vulnerability. A local...

CVE-2026-36618

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 responds to version.bind CHAOS TXT queries, disclosing the DNS resolver software version unbound 1.22.0, aiding targeted attacks against known vulnerabilities...

CVE-2026-45702

OP-TEE OS contains a type confusion in the SPMC tmem path when processing an FFA_MEM_SHARE request, affecting 4.3.0 through prior to 4.11.0 for systems configured with CFG_CORE_SEL1_SPMC=y and CFG_SECURE_PARTITION=y. This can impact availability (kernel/OP-TEE stability) with no reported confiden...

Malicious code in nodemon-webpatch (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b105e115122e719d986bfb11b73b58a67decc47f5a6b609b9f5e3ea496eb43ad Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...