0.0
CVE-2026-21709 -
A vulnerability allowing a local attacker with administrator privileges to bypass Windows Driver Signature Enforcement.
5.3
CVE-2026-6497 - prasathmani TinyFileManager File Upload filemanager.php server-side request forgery
A vulnerability was determined in prasathmani TinyFileManager up to 2.6. Affected by this vulnerability is an unknown functionality of the file /filemanager.php?p= ajax=true&type=upload of the component File Upload Handler. This manipulation of the argument uploadurl causes server-side request forgβ¦
9.3
CVE-2026-6284 - Horner Automation Cscape and XL4, XL7 PLC Weak password requirements
An attacker with network access to the PLC is able to brute force discover passwords to gain unauthorized access to systems and services. The limited password complexity and no password input limiters makes brute force password enumeration possible.
5.3
CVE-2026-6496 - prasathmani TinyFileManager POST Parameter filemanager.php path traversal
A vulnerability was found in prasathmani TinyFileManager up to 2.6. Affected is an unknown function of the file /filemanager.php of the component POST Parameter Handler. The manipulation of the argument file[] results in path traversal. The attack may be performed from remote. The exploit has been β¦
5.8
CVE-2026-41153 -
In JetBrains Junie before 252.549.29 command execution was possible via malicious project file
5.1
CVE-2026-6493 - lukevella rallly Reset Password reset-password-form.tsx cross site scripting
A flaw has been found in lukevella rallly up to 4.7.4. This affects an unknown function of the file apps/web/src/app/[locale]/(auth)/reset-password/components/reset-password-form.tsx of the component Reset Password Handler. Executing a manipulation of the argument redirectTo can lead to cross site β¦
6.9
CVE-2026-6492 - arnobt78 Hotel Booking Management System Health Check Endpoint detailed information disclosure
A vulnerability was detected in arnobt78 Hotel Booking Management System up to f8922d0e0f6ac1cc761974c7616f44c2bbc04bea. The impacted element is an unknown function of the file /api/health/detailed of the component Health Check Endpoint. Performing a manipulation results in information disclosure. β¦
4.8
CVE-2026-6491 - libvips nip2 vips7compat.c im_minpos_vec heap-based overflow
A security vulnerability has been detected in libvips up to 8.18.2. The affected element is the function im_minpos_vec of the file libvips/deprecated/vips7compat.c of the component nip2 Handler. Such manipulation of the argument n leads to heap-based buffer overflow. An attack has to be approached β¦
8.7
CVE-2026-40459 - LDAP Injection in PAC4J
PAC4J is vulnerable to LDAP Injection in multiple methods. A low-privileged remote attacker can inject crafted LDAP syntax into ID-based search parameters, potentially resulting in unauthorized LDAP queries and arbitrary directory operations. This issue was fixed in PAC4J versions 4.5.10, 5.7.10 aβ¦
7
CVE-2026-40458 - Cross-Site Request Forgery in PAC4J
PAC4J is vulnerable to Cross-Site Request Forgery (CSRF). A malicious attacker can craft a specially designed website which, when visited by a user, will automatically submit a forged cross-site request with a token whose hash collides with the victim's legitimate CSRF token. Importantly, the attacβ¦