CVE-2024-33421

CVE-2024-33421 is linked to a concrete vulnerability in the PacketStorm report for Computer Laboratory Management System (CLMS) v1.0. The issue is a Stored Cross-Site Scripting (XSS) vulnerability in CLMS v1.0, affecting the user profile functionality where input in the First Name and Last Name f...

CVE-2026-34194

Technical details are not publicly available in the provided documents. Monitor for updates.

CVE-2026-22164

Technical details are not publicly available in the provided documents. Monitor for future updates.

CVE-2026-46656

Bludit CMS versions prior to 3.22.0 are affected by a Broken Access Control issue where active sessions remain valid after the corresponding user account is deleted (the “Ghost Session”). This allows revoked users to maintain full unauthorized access. The issue is fixed in version 3.22.0. Affecte...

CVE-2026-11523

The vulnerability CVE-2026-11523 affects Tenda W20E firmware version 15.11.0.6, in the Web Management Interface function formPortalAuth (file /goform/PortalAuth). Manipulating the argument gotoUrl can trigger a stack-based buffer overflow. Exploitation can be performed remotely, and a public expl...

CVE-2026-46275

CVE-2026-46275 affects the Linux kernel Bluetooth hci_uart subsystem, with Use-After-Free and race conditions in lifecycle teardown (init/close paths) that can trigger UAFs and NPDs when workqueues and protocol paths are torn down. The documented fix involves reordering ttys close handling (clear...

CVE-2026-46274

CVE-2026-46274 (Linux kernel, io_wq) has concrete details: a bug in io_wq_remove_pending() allowed a non-hashed predecessor to be treated as hashed, causing a stale pointer in wq->hash_tail[] to persist and be dereferenced by future hashed bucket-0 enqueues. The root cause is that io_get_work_...

CVE-2025-71315

The CVE-2025-71315 entry describes a Linux kernel fix: the vkms vblank timer is replaced by the DRM vblank timer implementation, removing vkms’ hrtimer and routing through vkms’ handle_vblank_timeout via drm_crtc_helper_funcs. This clarifies the affected component as the vkms driver in the DRM su...

CVE-2026-11522

CVE-2026-11522 describes a stack-based buffer overflow in the Tenda W20E firmware version 15.11.0.6, specifically in the formSetPortMirror function exposed via /goform/setPortMirror. By manipulating the portMirrorMirroredPorts argument, an attacker can trigger the overflow remotely. This vulnerab...

CVE-2026-11521

Mohammed-eid35 bank-management-system-springboot (Transaction Endpoint) has a vulnerability in TransactionController.java leading to improper authorization. A remote attacker could exploit it, and public PoCs exist per the CVE metrics. Affected version details are not provided due to rolling rele...

CVE-2026-43973

CVE-2026-43973 concerns the Erlang/Elixir library gun_http in the Gun framework. The vulnerability is an uncontrolled resource consumption: three code paths in gun_http:handle/5 accumulate TCP data into a connection buffer using binary concatenation with no upper bound. If a malicious server send...

CVE-2026-43972

CVE-2026-43972 (gun_http2) : In gun_http2:push_promise_frame/7, the incoming PUSH_PROMISE :authority header is stored without validating it against the connection origin. Later, gun_http2:headers_frame/9 uses this unvalidated value when calling gun_cookies:set_cookie_header/7, before status handl...

CVE-2026-43974

The CVE concerns the gun_http module of the Erlang-based Gun library (gun_http) in the Gun HTTP client. Affected versions: Gun 2.0.0 up to but not including 2.4.0. Root cause: when a 101 Switching Protocols response arrives over HTTP/1.1, Gun only validates the Upgrade header syntax and the strea...

CVE-2026-25558

CVE-2026-25558 affects QloApps up to version 1.7.0. The issue is a stored cross-site scripting flaw in the admin file manager, permitting an authenticated administrator to inject malicious JavaScript by uploading crafted SVG files. Attackers can embed event handlers (e.g., onload) in SVGs uploade...

CVE-2026-11520

Summary: CVE-2026-11520 affects SourceCodester Inventory System 1.0, with the vulnerability in the header.php file enabling cross-site scripting. The issue can be triggered remotely and multiple parameters may be affected. Public exploit material exists. The connected records confirm the vulnerab...

CVE-2026-11519

The CVE concerns SourceCodester Inventory System 1.0, affecting /Product_Inventory/api/users_handler.php in the Account Creation Handler. The ROLE parameter manipulation causes improper authorization, enabling remote exploitation. Public exploit exists. Technical details specify network attack ve...

CVE-2026-11518

SourceCodester Inventory System 1.0 is affected by a cross-site scripting vulnerability in the User Management page (file /users.php). The issue arises from manipulation of the fullname/username arguments, enabling remote, user-initiated XSS. Public exploit is referenced. The available documents ...

CVE-2026-48041

Technical details for CVE-2026-48041 are not publicly available in the provided documents. No affected products, impact, or remediation are listed. Monitor for updates.

CVE-2026-11517

UTT HiPER 2610G (up to 3.0.0‑171107) is affected by a buffer overflow in the strcpy handling of the GroupName argument within /goform/formConfigDnsFilterGlobal. The root cause is an overflow in strcpy usage, enabling remote, unauthenticated manipulation to potentially overwrite memory. Public exp...

CVE-2026-11516

The CVE-2026-11516 entry applies to UTT HiPER 2610G (up to 3.0.0-171107). The vulnerability arises in the strcpy usage within /goform/formNatStaticMap; crafted input to the NatBinds argument can trigger a buffer overflow. Public exploitation has been noted, indicating the issue is reachable with ...

CVE-2026-49235

CVE-2026-49235 affects Routinator. According to the connected CVE entry, processing an RRDP file with a specifically crafted Document Type Definition (DTD) causes Routinator to crash. The CVSSv4.0 vector indicates high impact on availability (V AV:N/AC:L/VI:N/VA:H) with no confidentiality or inte...

CVE-2026-49234

Routinator is affected by CVE-2026-49234 where sending a specifically crafted non-UTF-8 string as the select-asn parameter to the /api/v1/origins endpoint causes the application to crash. Affected component: the API handling for origins; root cause: non-UTF-8 string processing leads to a crash. I...

CVE-2026-49233

CVE-2026-49233 affects Routinator. The issue is improper validation of the module component in rsync URIs used to construct cache filesystem paths, enabling path traversal through a module name containing ‘..’. This could grant an attacker access to the entire Routinator rsync cache. The connecte...

CVE-2026-49232

CVE-2026-49232—Routinator exits on any error when accepting incoming HTTP or RTR connections, including recoverable ones like running out of file descriptors. An attacker could trigger this by opening a large number of connections to the HTTP/RTR server, affecting availability for untrusted netwo...

CVE-2026-11515

CVE-2026-11515 affects SourceCodester Barangay Resident Profiling and Information Management System 1.0. The vulnerability is in an unknown function of passsword_reset.php within the Password Reset Handler, where altering the new_password argument with the value password123 leads to use of a hard...

CVE-2026-11514

Technical details are not publicly available in the provided documents for CVE-2026-11514. The description mentions an SQL injection in addpatient.php, but no confirmed affected versions, remediation, or exploit status is present here. Monitor for updates.

CVE-2026-50571

Technical details for CVE-2026-50571 are not publicly available in the provided documents. Monitor for updates; the Connected document references a CERT.at advisory but does not provide CVE-specific information, affected products, or remediation.

CVE-2026-11513

The vulnerability CVE-2026-11513 affects itsourcecode Hospital Management System 1.0. The issue is an SQL injection in an unknown function of /adminaccount.php triggered by manipulating the Date argument. It can be exploited remotely and an exploit is public. CVSS data is provided (v3.1/3.0/2.0 v...

CVE-2026-9549

Technical details are not publicly available in the provided documents. Monitor for updates.

CVE-2026-8833

CVE-2026-8833 affects Checkmk versions <2.5.0p5, <2.4.0p31,

CVE-2026-8078

CVE-2026-8078 is a stored cross-site scripting vulnerability in Checkmk’s global settings change log. It affects Checkmk versions <2.5.0p5, <2.4.0p31,

CVE-2026-7765

Checkmk

CVE-2026-7186

CVE-2026-7186 describes a stored cross-site scripting flaw in the Dashboard URL widget of Checkmk for versions <2.5.0p5, <2.4.0p31,

CVE-2026-11512

CVE-2026-11512 affects itsourcecode Hospital Management System 1.0. The vulnerability arises from handling of the patientid argument in /billing.php, enabling cross-site scripting (XSS). The issue is exploitable remotely, and the exploit has been publicly disclosed. CVSS metrics indicate a networ...

CVE-2026-11511

The CVE-2026-11511 affects Bolt CMS up to version 3.7.5, specifically a weakness in the file src/Storage/Field/Type/TextType.php within the HTML Attribute Handler. The issue enables remote HTML injection when an attacker manipulates the argument style. It is exploitable remotely and an exploit ha...

CVE-2026-11577

Technical details beyond the provided description are not publicly available in the supplied documents. Monitor for updates.

CVE-2026-11510

CVE-2026-11510 affects CodeAstro Leave Management System 1.0. The vulnerability resides in an unknown area of the file /admin/add_leave.php, where manipulating the argument type_of_leave leads to an SQL injection. The issue can be exploited remotely, and public exploit activity is noted. The CVSS...

CVE-2026-3011

CVE-2026-3011 - Recipe Card Blocks Lite (WordPress) Vulnerability: Stored Cross-Site Scripting in the Recipe Card Blocks Lite plugin for WordPress, affecting all versions up to 3.4.13. Affected component: WPZOOM Recipe Card Blocks Lite plugin for WordPress (block-based recipe card feature). Root ...

CVE-2026-11509

CodeAstro Leave Management System 1.0 is affected by a SQL injection in /admin/search_staff_for_updation.php triggered by manipulation of the Name parameter. The issue can be exploited remotely; CVE-2026-11509 is identified with multiple CVSS vectors (e.g., 3.1 and 3.0) indicating network access,...

CVE-2026-50751

CVE-2026-50751 is a logic-flow weakness in certificate validation during the deprecated IKEv1 key exchange used by Check Point Remote Access VPN, Mobile Access, and Spark Firewall. The flaw allows an unauthenticated attacker to bypass user authentication and establish a VPN session without a vali...

CVE-2026-50752

The CVE-2026-50752 entry describes a weakness in the certificate validation logic of the deprecated IKEv1 key exchange used in VPN site‑to‑site connections with certificate‑based authentication. An unauthenticated attacker positioned as a man‑in‑the‑middle could bypass certificate validation, pot...

CVE-2026-11508

CodeAstro Leave Management System 1.0 contains a SQL injection in /admin/search_staff_to_assign_pc.php via manipulation of the Name parameter. The vulnerability is exploitable remotely, with exploit information publicly disclosed and proof-of-concept activity indicated by CVSS/ExploitMaturity dat...

CVE-2026-11569

CVE-2026-11569 affects Quay: the filedrop endpoint accepts any mime type without validation, allowing an authenticated user with repository write access to upload a malicious SVG containing JavaScript. The file is stored and served inline via the CDN, enabling stored XSS when a victim visits the ...

CVE-2026-11507

CodeAstro Leave Management System 1.0 is affected by a SQL injection in /admin/delete_leave_type.php via manipulation of the leave_type parameter. The vulnerability is remote, with a public exploit, enabling an attacker to influence the database from network view. The exact vulnerable function is...

CVE-2026-11506

CVE-2026-11506 affects CodeAstro Leave Management System 1.0. The vulnerability is an SQL injection in the file /admin/search_staff_for_deletion.php caused by manipulation of the Name parameter, enabling remote exploitation. Public exploit disclosure is noted. The connected records indicate this ...

CVE-2026-47430

CVE-2026-47430 affects the iOS implementation of Cordova Plugin InAppBrowser. The issue arises when the WKScriptMessage id field is passed to commandDelegate sendPluginResult:callbackId: without format validation (CDVWKInAppBrowser.m:560–574), allowing a web content loaded in the InAppBrowser to ...

CVE-2026-11505

CVE-2026-11505 affects GL.iNet devices (A1300, AX1800, AXT1800, MT2500, MT3000, MT6000, X3000, XE3000) running 4.8.x, due to a flaw in the glnassys component. The issue involves use of a hard-coded cryptographic key introduced or exposed via a manipulation, enabling a remote attack with high comp...

CVE-2026-11504

The CVE-2026-11504 entry concerns Tenda CX12L firmware 16.03.53.12. The vulnerability exists in the Wi‑Fi Schedule Configuration Endpoint, specifically the setSchedWifi function in /goform/openSchedWifi. Crafting the schedStartTime or schedEndTime argument causes a stack‑based buffer overflow, en...

CVE-2026-11503

Affected product/version: Tenda CX12L 16.03.53.12. Vulnerable component: function form_fast_setting_wifi_set in the file /goform/fast_setting_wifi_set (Wi-Fi Configuration Endpoint). Root cause / vulnerability: manipulation of the argument ssid leads to a stack-based buffer overflow; vulnerabilit...

CVE-2026-11502

CVE-2026-11502 affects JeecgBoot up to 3.9.2. The vulnerability is in the function HttpServletResponse.sendRedirect used by the Third-Party Login flow, specifically in ThirdLoginController.java, where manipulation of the argument state enables an open redirect. The issue can be triggered remotely...