8.8
CVE-2019-25431 - delpino73 Blue-Smiley-Organizer 1.32 SQL Injection via datetime
delpino73 Blue-Smiley-Organizer 1.32 contains an SQL injection vulnerability in the datetime parameter that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL code through POST requests to extract sensitive data using boolean-based blind and time-based blind tβ¦
8.7
CVE-2018-25158 - Chamilo LMS 1.11.8 Arbitrary File Upload via elfinder
Chamilo LMS 1.11.8 contains an arbitrary file upload vulnerability that allows authenticated users to upload and execute PHP files through the elfinder filemanager module. Attackers can upload files with image headers in the social myfiles section, rename them to PHP extensions, and execute arbitraβ¦
5.9
CVE-2026-27133 - Strimzi All CAs from CA chain will be trusted in Kafka Connect and Kafka MirrorMaker 2 target clustβ¦
Strimzi provides a way to run an Apache Kafka cluster on Kubernetes or OpenShift in various deployment configurations. From 0.47.0 to before 0.50.1, when a chain consisting of multiple CA (Certificate Authority) certificates is used in the trusted certificates configuration of a Kafka Connect operaβ¦
5.3
CVE-2026-27125 - Svelte SSR attribute spreading includes inherited properties from prototype chain
svelte performance oriented web framework. Prior to 5.51.5, in server-side rendering, attribute spreading on elements (e.g. <div {...attrs}>) enumerates inherited properties from the object's prototype chain rather than only own properties. In environments where Object.prototype has already been poβ¦
5.1
CVE-2026-27122 - Svelte SSR does not validate dynamic element tag names in `<svelte:element>`
svelte performance oriented web framework. Prior to 5.51.5, when using <svelte:element this={tag}> in server-side rendering, the provided tag name is not validated or sanitized before being emitted into the HTML output. If the tag string contains unexpected characters, it can result in HTML injectiβ¦
5.1
CVE-2026-27121 - Svelte affected by cross-site scripting via spread attributes in Svelte SSR
svelte performance oriented web framework. Versions of svelte prior to 5.51.5 are vulnerable to cross-site scripting (XSS) during server-side rendering. When using spread syntax to render attributes from untrusted data, event handler properties are included in the rendered HTML output. If an applicβ¦
5.1
CVE-2026-27119 - Svelte affected by XSS in SSR `<option>` element
svelte performance oriented web framework. From 5.39.3, <=5.51.4, in certain circumstances, the server-side rendering output of an <option> element does not properly escape its content, potentially allowing HTML injection in the SSR output. Client-side rendering is not affected. This vulnerability β¦
9.8
CVE-2026-2635 - MLflow Use of Default Password Authentication Bypass Vulnerability
MLflow Use of Default Password Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of MLflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the basic_auth.ini file. The fiβ¦
5.5
CVE-2026-2490 - RustDesk Client for Windows Transfer File Link Following Information Disclosure Vulnerability
RustDesk Client for Windows Transfer File Link Following Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of RustDesk Client for Windows. An attacker must first obtain the ability to execute low-privileged coβ¦
7.8
CVE-2026-2048 - GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a β¦