6.5
CVE-2026-6238 - Buffer overread in ns_printrrf with corrupted RDATA field
The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA length in a DNS response when processing LOC, CERT, TKEY or TSIG records, which may allow an attacker to craft a DNS response, causing a tarβ¦
5.3
CVE-2026-7290 - JeecgBoot loadDict Endpoint SqlInjectionUtil.java SqlInjectionUtil sql injection
A vulnerability was determined in JeecgBoot up to 3.9.1. Impacted is the function SqlInjectionUtil of the file jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/SqlInjectionUtil.java of the component loadDict Endpoint. This manipulation of the argument keyword causes sql injectionβ¦
9.8
CVE-2026-41873 - Pony Mail: Admin account takeover via request smuggling
** UNSUPPORTED WHEN ASSIGNED ** Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in Pony Mail leading to admin account takeover. This issue affects all versions of the Lua implementation of Pony Mail. There is a Python implementation under development β¦
8.7
CVE-2026-7289 - D-Link DIR-825M formWanConfigSetup sub_414BA8 buffer overflow
A vulnerability was found in D-Link DIR-825M 1.1.12. This issue affects the function sub_414BA8 of the file /boafrm/formWanConfigSetup. The manipulation of the argument submit-url results in buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used.
3.7
CVE-2026-40969 - Spring gRPC AuthenticationException message reflected to remote client
The raw message of every server-side AuthenticationException is returned to the unauthenticated remote caller in the gRPC status description. This allows an attacker to obtain information about the authentication failure, which may be useful for further attacks. Affected versions: Spring gRPC: 1.0β¦
8.7
CVE-2026-7288 - D-Link DIR-825M formVpnConfigSetup sub_4151FC buffer overflow
A vulnerability has been found in D-Link DIR-825M 1.1.12. This vulnerability affects the function sub_4151FC of the file /boafrm/formVpnConfigSetup. The manipulation of the argument submit-url leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed toβ¦
5.1
CVE-2026-7283 - SourceCodester Pharmacy Sales and Inventory System ajax.php save_expired sql injection
A security flaw has been discovered in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts the function save_expired of the file /ajax.php?action=save_expired. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit haβ¦
2.1
CVE-2026-40556 - Insecure Directory Permissions in GNU nano Leading to Privilege Abuse
GNU nano creates the userβs ~/.local directory with overly permissive permissions when the directory does not exist yet. On first use of features requiring Cross-Desktop Group (XDG) data storage, nano explicitly requests directory mode 0777, making the directory worldβwritable in environments whereβ¦
9.6
CVE-2026-7321 - Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component
Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox 150, Thunderbird 150, Firefox ESR 140.10.1, and Thunderbird 140.10.1.
7.3
CVE-2026-7324 - Memory safety bugs fixed in Thunderbird 150.0.1
Memory safety bugs present in Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1 and Thunderbird 150.0.1.