CVE-2026-8762

After analysis, the originally reported behaviour was determined not to constitute a security vulnerability. The findings were parser-strictness defects without an exploitable framing-disagreement path in any tested deployment configuration...

CVE-2026-47325

ProjectsAndPrograms school-management-system uses predictable credentials by generating student's and teacher's passwords solely from the user’s date of birth e.g., 12072000 for 12 July 2000. The application does not require or prompt users to change the password upon first login. This behavior...

EUVD-2026-34094

ProjectsAndPrograms school-management-system uses predictable credentials by generating student's and teacher's passwords solely from the user’s date of birth e.g., 12072000 for 12 July 2000. The application does not require or prompt users to change the password upon first login. This behavior...

CVE-2026-47325 Weak password policy in ProjectsAndPrograms school-management-system

ProjectsAndPrograms school-management-system uses predictable credentials by generating student's and teacher's passwords solely from the user’s date of birth e.g., 12072000 for 12 July 2000. The application does not require or prompt users to change the password upon first login. This behavior...

CVE-2026-47324 Stored XSS in Multiple Points in ProjectsAndPrograms school-management-system

ProjectsAndPrograms school-management-system is vulnerable to Stored Cross‑Site Scripting XSS in multiple attributes of students and teachers objects. An authorized attacker e.g., a teacher or administrator can inject malicious JavaScript that is subsequently executed in other users’ browsers...

Restricted page for a user is getting displayed in "Recently Updated" macro.

h3. Issue Summary Restricted page for a user is getting displayed in "Recently Updated" macro. h3. Steps to Reproduce In confluence 10.2.x create 3 normal users user01, user02, user03. Create a sample space using admin user. Create a page using admin user and add "Recently Updated" macro. Switch ...

📄 D-Link DSL2600U Password Disclosure

D-Link DSL2600U suffers from an administrative password disclosure vulnerability. Exploit Title: D-Link DSL2600U - 'rom-0' Admin Password Disclosure Date: 2026-05-02 Exploit Author: Amir Hossein Jamshidi Vendor Homepage: https://www.dlink.com Version: DSL-2600U Tested on: ubuntu CVE : N/A Firmwar...

UBUNTU-CVE-2026-45947

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix memory leak in amdgpuacpienumeratexcc In amdgpuacpienumeratexcc, if amdgpuacpidevinit returns -ENOMEM, the function returns directly without releasing the allocated xccinfo, resulting in a memory leak. Fix this by...

CVE-2026-45947

In the Linux kernel DRM/AMDGPU code, a memory leak was fixed in amdgpu_acpi_enumerate_xcc(). If amdgpu_acpi_dev_init() returns -ENOMEM, xcc_info could be leaked because it wasn’t freed in the error path. The fix ensures that xcc_info is properly freed on error paths, preventing the leak. This ana...

PT-2026-42661

Publisher note Fixed in v1.7.17. Operators running v1.7.17 should upgrade. Contract delete and upgrade host-core paths now reject execution when runtime.ReadOnly is true. The invariant is regression-tested for delete, upgrade, storage writes, value transfers, and any VM output field that can late...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: Wifi: wilc1000 – fixed a potential memory leak in wilcmacxmit The wilcmacxmit function returns NETDEVTXOK without freeing the skb buffer; this issue was addressed by using devkfreeskb to free the buffer. This fix has been tested...

CVE-2026-42098 Authorization Bypass in Sparx Enterprise Architect

Sparx Enterprise Architect software has a security feature that limits user's actions to those specified in the role. An authenticated attacker can modify the Enterprise Architect client behavior e.g. using a debugger and log in as any other user or administrator - then it is possible to do every...

CVE-2026-6909

ATutor is vulnerable to Reflected XSS in /install/upgrade.php endpoint. An attacker can provide a specially crafted URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. Product is no longer actively supported. Maintainers of this project were notified early...

CVE-2026-6909 Reflected XSS in ATutor

ATutor is vulnerable to Reflected XSS in /install/upgrade.php endpoint. An attacker can provide a specially crafted URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. Product is no longer actively supported. Maintainers of this project were notified early...

Unity Linux 20.1060e / 20.1070e Security Update: ImageMagick (UTSA-2026-017513)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017513 advisory. A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined...

📄 Frigate NVR 0.16.3 Remote Code Execution

Frigate NVR version 0.16.3 proof of concept remote code execution exploit written in Python. Exploit Title: Frigate NVR 0.16.3 - Remote Code Execution Date: 2026-02-05 Exploit Author: jduardo2704 Vendor Homepage: https://frigate.video/ Software Link: https://github.com/blakeblackshear/frigate...

RHCOS 4 : OpenShift Container Platform 4.15.z (RHSA-2023:7200)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7200 advisory. - golang: net/http, x/net/http2: rapid stream resets can cause excessive work CVE-2023-44487 CVE-2023-39325 - golang:...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: Platform/x86: think-lmi: Fixed reference leak If a duplicate attribute is found using ksetfindobj, a reference to that attribute is returned, and that reference needs to be disposed of using kobjectput. The validation of the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: clk: qcom: camcc-sc8280xp: fix terminating of frequency table arrays The frequency table arrays are supposed to be terminated with an empty element. Add such entry to the end of the arrays where it is missing in order to avoid...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Forcibly leave SMM mode on SHUTDOWN interception Previously, commit ed129ec9057f "KVM: x86: forcibly leave nested mode on vCPU reset" addressed an issue where a triple fault occurring in nested mode could lead to...