5.5
CVE-2026-26104 - Udisks: missing authorization check allows unprivileged users to back up luks headers via udisks d-β¦
A flaw was found in the udisks storage management daemon that allows unprivileged users to back up LUKS encryption headers without authorization. The issue occurs because a privileged D-Bus method responsible for exporting encryption metadata does not perform a policy check. As a result, sensitive β¦
7.1
CVE-2026-26103 - Udisks: missing authorization check allows unprivileged users to restore luks headers via udisks d-β¦
A flaw was found in the udisks storage management daemon that exposes a privileged D-Bus API for restoring LUKS encryption headers without proper authorization checks. The issue allows a local unprivileged user to instruct the root-owned udisks daemon to overwrite encryption metadata on block devicβ¦
9.2
CVE-2026-3179 - A path traversal vulnerability was found in the FTP Backup on the ADM.
The FTP Backup on the ADM does not properly sanitize filenames received from the FTP server when parsing directory listings. A malicious server or MITM attacker can craft filenames containing path traversal sequences, causing the client to write files outside the intended backup directory. A path tβ¦
8.3
CVE-2026-3100 - An improper certificate validation vulnerability was found in the FTP Backup on the ADM.
The FTP Backup on the ADM will not properly strictly enforce TLS certificate verification while connecting to an FTP server using FTPES/FTPS. An improper validated TLS/SSL certificates allows a remote attacker can intercept network traffic to perform a Man-in-the-Middle (MitM) attack, which may intβ¦
5.3
CVE-2026-3163 - SourceCodester Website Link Extractor URL file_get_contents server-side request forgery
A vulnerability has been found in SourceCodester Website Link Extractor 1.0. This vulnerability affects the function file_get_contents of the component URL Handler. The manipulation leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed β¦
6.9
CVE-2026-3153 - itsourcecode Document Management System register.php sql injection
A vulnerability has been found in itsourcecode Document Management System 1.0. Impacted is an unknown function of the file /register.php. Such manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public andβ¦
6.9
CVE-2026-3152 - itsourcecode College Management System teacher-salary.php sql injection
A flaw has been found in itsourcecode College Management System 1.0. This issue affects some unknown processing of the file /admin/teacher-salary.php. This manipulation of the argument teacher_id causes sql injection. It is possible to initiate the attack remotely. The exploit has been published anβ¦
6.9
CVE-2026-3151 - itsourcecode College Management System login.php sql injection
A vulnerability was detected in itsourcecode College Management System 1.0. This vulnerability affects unknown code of the file /login/login.php. The manipulation of the argument email results in sql injection. The attack may be performed from remote. The exploit is now public and may be used.
5.3
CVE-2026-3150 - itsourcecode College Management System display-teacher.php sql injection
A security vulnerability has been detected in itsourcecode College Management System 1.0. This affects an unknown part of the file /admin/display-teacher.php. The manipulation of the argument teacher_id leads to sql injection. The attack is possible to be carried out remotely. The exploit has been β¦
4.7
CVE-2025-0976 - Information Exposure Vulnerability in Hitachi Configuration Manager, Hitachi Ops Center API Configuβ¦
Information Exposure Vulnerability inΒ Hitachi Ops Center API Configuration Manager, Hitachi Configuration Manager.This issue affects Hitachi Ops Center API Configuration Manager: from 10.0.0-00 before 11.0.4-00; Hitachi Configuration Manager: from 8.6.1-00 before 11.0.5-00.