6.9
CVE-2026-4624 - SourceCodester Online Library Management System Parameter home.php sql injection
A vulnerability was detected in SourceCodester Online Library Management System 1.0. The impacted element is an unknown function of the file /home.php of the component Parameter Handler. Performing a manipulation of the argument searchField results in sql injection. The attack can be initiated remoβ¦
6.9
CVE-2026-4623 - DefaultFuction Jeson-Customer-Relationship-Management-System API Module System.php server-side requβ¦
A security vulnerability has been detected in DefaultFuction Jeson-Customer-Relationship-Management-System up to 1b4679c4d06b90d31dd521c2b000bfdec5a36e00. This affects an unknown function of the file /api/System.php of the component API Module. The manipulation of the argument url leads to server-sβ¦
6.8
CVE-2026-33308 - mod_gnutls missing key purpose check in client certificate verification
Mod_gnutls is a TLS module for Apache HTTPD based on GnuTLS. Prior to version 0.13.0, code for client certificate verification did not check the key purpose as set in the Extended Key Usage extension. An attacker with access to the private key for a valid certificate issued by a CA trusted for TLS β¦
7.5
CVE-2026-33307 - mod_gnutils has stack-based buffer overflow caused by a long client certificate chain
Mod_gnutls is a TLS module for Apache HTTPD based on GnuTLS. In versions prior to 0.12.3 and 0.13.0, code for client certificate verification imported the certificate chain sent by the client into a fixed size `gnutls_x509_crt_t x509[]` array without checking the number of certificates is less thanβ¦
6.5
CVE-2026-3079 - LearnDash LMS <= 5.0.3 - Authenticated (Contributor+) SQL Injection via 'filters[orderby_order]' Paβ¦
The LearnDash LMS plugin for WordPress is vulnerable to blind time-based SQL Injection via the 'filters[orderby_order]' parameter in the 'learndash_propanel_template' AJAX action in all versions up to, and including, 5.0.3. This is due to insufficient escaping on the user supplied parameter and lacβ¦
6.9
CVE-2026-4617 - SourceCodester Patients Waiting Area Queue Management System Patient Check-In api_patient_checkin.pβ¦
A weakness has been identified in SourceCodester Patients Waiting Area Queue Management System 1.0. The impacted element is the function ValidateToken of the file /php/api_patient_checkin.php of the component Patient Check-In Module. Executing a manipulation can lead to improper authorization. It iβ¦
8.6
CVE-2026-22739 - Spring Cloud Config Profile Substitution Can Allow Unintended Access To Files And Enable SSRF Attacβ¦
Vulnerability in Spring Cloud when substituting the profile parameter from a request made to the Spring Cloud Config Server configured to the native file system as a backend, because it was possible to access files outside of the configured search directories.This issue affects Spring Cloud: from 3β¦
4.8
CVE-2026-4616 - bolo-blog Article Title article cross site scripting
A security flaw has been discovered in bolo-blog κΉμ§ 2.6.4. The affected element is an unknown function of the file /console/article/ of the component Article Title Handler. Performing a manipulation of the argument articleTitle results in cross site scripting. It is possible to initiate the attack β¦
4.5
CVE-2026-33306 - bcrypt-ruby has an Integer Overflow that Causes Zero Key-Strengthening Iterations at Cost=31 on JRuβ¦
bcrypt-ruby is a Ruby binding for the OpenBSD bcrypt() password hashing algorithm. Prior to version 3.1.22, an integer overflow in the Java BCrypt implementation for JRuby can cause zero iterations in the strengthening loop. Impacted applications must be setting the cost to 31 to see this happen. β¦
6.2
CVE-2026-33320 - Dasel has unbounded YAML alias expansion in dasel leads to CPU/memory denial of service
Dasel is a command-line tool and library for querying, modifying, and transforming data structures. Starting in version 3.0.0 and prior to version 3.3.1, Dasel's YAML reader allows an attacker who can supply YAML for processing to trigger extreme CPU and memory consumption. The issue is in the librβ¦