CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added yesterday•3 views

CVE-2026-10227

A vulnerability has been found in raisulislamg4 studentmanagementsystembyphp up to 310d950e09013d5133c6b9210aff9444382d16d1. The affected element is an unknown function of the file addusercheck.php of the component User Creation Handler. The manipulation of the argument role leads to sql injectio...

7.5CVSS5.4AI score0.00033EPSS

IBM Security Bulletins•added yesterday•1 views

Security Bulletin: CockroachDB PostgreSQL for IBM VPC is vulnerable to privilege escalation when using RESTORE SYSTEM USERS functionality (CVE-2026-9839)

Summary CockroachDB PostgreSQL for IBM VPC is vulnerable to privilege escalation when using RESTORE SYSTEM USERS functionality CVE-2026-9839 Vulnerability Details CVEID:CVE-2026-9839 DESCRIPTION: CockroachDB PostgreSQL for IBM VPC is vulnerable to privilege escalation when using RESTORE SYSTEM...

Exploits0Affected Software1

CVE•added yesterday•5 views

CVE-2026-46256

Summary: The CVE-2026-46256 issue affects the Linux kernel’s NFS LOCALIO loopback optimization, where a recursion deadlock can occur during direct reclaim. The root cause is that LOCALIO page cache allocations could occur outside GFP_NOFS context, enabling unsafe recursion from NFS to the filesys...

Cvelist•added yesterday•8 views

Exploits0References3

CVE-2026-46256 NFS/localio: prevent direct reclaim recursion into NFS via nfs_writepages

In the Linux kernel, the following vulnerability has been resolved: NFS/localio: prevent direct reclaim recursion into NFS via nfswritepages LOCALIO is an NFS loopback mount optimization that avoids using the network for READ, WRITE and COMMIT if the NFS client and server are determined to be on...

Exploits0References3

NVD•added yesterday•4 views

CVE-2026-47324

ProjectsAndPrograms school-management-system is vulnerable to Stored Cross‑Site Scripting XSS in multiple attributes of students and teachers objects. An authorized attacker e.g., a teacher or administrator can inject malicious JavaScript that is subsequently executed in other users’ browsers...

5.1CVSS

OSSF Malicious Packages•added yesterday•4 views

Malicious code in webpack-json (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware abd3559fc62e362d5e4d5068126317096f7e2e483d97bba9f59e192a9d49a363 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSV•added yesterday•1 views

MAL-2026-5175 Malicious code in webpack-json (npm)

EUVD•added yesterday•5 views

EUVD-2026-34094

ProjectsAndPrograms school-management-system uses predictable credentials by generating student's and teacher's passwords solely from the user’s date of birth e.g., 12072000 for 12 July 2000. The application does not require or prompt users to change the password upon first login. This behavior...

6.9CVSS5.8AI score

Cvelist•added yesterday•19 views

CVE-2026-47325 Weak password policy in ProjectsAndPrograms school-management-system

6.9CVSS

CVE•added yesterday•4 views

CVE-2026-47324

ProjectsAndPrograms school-management-system is vulnerable to Stored XSS in multiple attributes of student and teacher objects. An authorized attacker (e.g., a teacher or administrator) can inject malicious JavaScript that executes in other users’ browsers. When chained with CVE-2025-11661 (unaut...

EUVD•added yesterday•5 views

EUVD-2026-34093

Vulnrichment•added yesterday•3 views

CVE-2026-47324 Stored XSS in Multiple Points in ProjectsAndPrograms school-management-system

ATTACKERKB•added yesterday•2 views

CVE-2026-47324

Exploits0References3Affected Software1

Securelist•added yesterday•2 views

Argamal: Malware hidden in hentai games

In April 2026, we discovered a new malware campaign targeting players of "hentai" games. Once launched, the infected games install a previously unknown malicious implant on the user's machine. After a few days, the implant downloads and executes a Trojan, resulting in full system compromise and...

5.9AI score

Wolfi•added yesterday•5 views

CVE-2026-44843 vulnerabilities

Vulnerabilities for packages: py3-langchain, py3-langchain-core...

8.2CVSS5.8AI score0.00045EPSS

RedHat Linux•added yesterday•3 views

vim: zip.vim: Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass

A flaw was found in Vim's zip.vim plugin. A local user could be tricked into opening a specially crafted zip archive, which would allow a path traversal bypass. This vulnerability enables an attacker to overwrite arbitrary files on the system, potentially leading to data integrity issues or furth...

7.1CVSS5.9AI score0.00016EPSS

Exploits0References5

OSV•added yesterday•3 views

ROOT-OS-UBUNTU-2404-CVE-2025-38730 CVE-2025-38730 in rootio-linux - Patched by Root

Root has patched CVE-2025-38730 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

7.8CVSS5.4AI score0.00024EPSS

OSV•added yesterday•3 views

ROOT-OS-UBUNTU-2404-CVE-2025-40104 CVE-2025-40104 in rootio-linux - Patched by Root

Root has patched CVE-2025-40104 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

5.4AI score0.00064EPSS

OSV•added yesterday•5 views

ROOT-OS-UBUNTU-2404-CVE-2025-38073 CVE-2025-38073 in rootio-linux - Patched by Root

Root has patched CVE-2025-38073 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

5.5AI score0.00011EPSS