6.9
CVE-2026-4319 - code-projects Simple Food Order System add-item.php sql injection
A vulnerability was identified in code-projects Simple Food Order System 1.0. Affected by this vulnerability is an unknown functionality of the file /routers/add-item.php. Such manipulation of the argument price leads to sql injection. The attack can be launched remotely. The exploit is publicly avβ¦
8.7
CVE-2026-4148 - ExpressionContext use-after-free in classic engine $lookup and $graphLookup aggregation operators
A use-after-free vulnerability can be triggered in sharded clusters by an authenticated user with the read role who issues a specially crafted $lookup or $graphLookup aggregation pipeline.
7.1
CVE-2026-4147 - Stack memory disclosure in filemd5 command
An authenticated user with the read role may read limited amounts of uninitialized stack memory via specially-crafted issuances of the filemd5 command.
4.3
CVE-2026-28506 - Outline's Information Disclosure in Activity Logs allows User Enumeration of Private Drafts
Outline is a service that allows for collaborative documentation. Prior to 1.5.0, the events.list API endpoint, used for retrieving activity logs, contains a logic flaw in its filtering mechanism. It allows any authenticated user to retrieve activity events associated with documents that have no coβ¦
8.1
CVE-2026-24901 - Outline's IDOR allows unauthorized viewing and seizing of private deleted drafts
Outline is a service that allows for collaborative documentation. Prior to 1.4.0, an Insecure Direct Object Reference (IDOR) vulnerability in the document restoration logic allows any team member to unauthorizedly restore, view, and seize ownership of deleted drafts belonging to other users, includβ¦
6.5
CVE-2026-21886 - OpenCTI's GraphQL Mutations Allow Deletion of Unrelated Entities
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.9.1, the GraphQL mutations "IndividualDeletionDeleteMutation" is intended to allow users to delete individual entity objects respectively. However, it was observed that this mutatβ¦
8.6
CVE-2026-23759 - Perle IOLAN STS/SCS Authenticated Command Injection via 'shell ps'
Perle IOLAN STS/SCS terminal server models with firmware versions prior to 6.0 allow authenticated OS command injection via the restricted shell accessed over Telnet or SSH. The shell 'ps' command does not perform proper argument sanitization and passes user-supplied parameters into an 'sh -c' invoβ¦
8.7
CVE-2026-4318 - UTT HiPER 810G formApLbConfig strcpy buffer overflow
A vulnerability was determined in UTT HiPER 810G up to 1.7.7-171114. Affected is the function strcpy of the file /goform/formApLbConfig. This manipulation of the argument loadBalanceNameOld causes buffer overflow. The attack can be initiated remotely. The exploit has been publicly disclosed and mayβ¦
9
CVE-2026-3564 - ScreenConnect Instance Level Cryptographic Material Exposure
A condition in ScreenConnect may allow an actor with access to server-level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scenarios.
6.8
CVE-2025-13406 - Scanning for higher HART revision device leads into NULL pointer dereference in live list
NULL Pointer Dereference vulnerability in Softing Industrial Automation GmbH smartLink SW-HT (Webserver modules) allows HTTP DoS.This issue affects smartLink SW-HT: 1.43.