4.8
CVE-2026-4012 - rxi fe fe.c read_ out-of-bounds
A vulnerability was determined in rxi fe up to ed4cda96bd582cbb08520964ba627efb40f3dd91. The impacted element is the function read_ of the file src/fe.c. This manipulation with the input 1 causes out-of-bounds read. The attack requires local access. The exploit has been publicly disclosed and may bβ¦
4.8
CVE-2026-4010 - ThakeeNathees pocketlang pkByteBufferAddString memory corruption
A vulnerability was found in ThakeeNathees pocketlang up to cc73ca61b113d48ee130d837a7a8b145e41de5ce. The affected element is the function pkByteBufferAddString. The manipulation of the argument length with the input 4294967290 results in memory corruption. The attack requires a local approach. Theβ¦
4.8
CVE-2026-4009 - jarikomppa soloud WAV File dr_wav.h drwav_read_pcm_frames_s16__msadpcm out-of-bounds
A vulnerability has been found in jarikomppa soloud up to 20200207. Impacted is the function drwav_read_pcm_frames_s16__msadpcm in the library src/audiosource/wav/dr_wav.h of the component WAV File Parser. The manipulation leads to out-of-bounds read. The attack needs to be performed locally. The eβ¦
8.7
CVE-2026-4008 - Tenda W3 POST Parameter wifiSSIDset stack-based overflow
A flaw has been found in Tenda W3 1.0.0.3(2204). This issue affects some unknown processing of the file /goform/wifiSSIDset of the component POST Parameter Handler. Executing a manipulation of the argument index/GO can lead to stack-based buffer overflow. It is possible to launch the attack remotelβ¦
8.7
CVE-2026-4007 - Tenda W3 POST Parameter wifiSSIDget stack-based overflow
A vulnerability was detected in Tenda W3 1.0.0.3(2204). This vulnerability affects unknown code of the file /goform/wifiSSIDget of the component POST Parameter Handler. Performing a manipulation of the argument index results in stack-based buffer overflow. It is possible to initiate the attack remoβ¦
4.8
CVE-2026-3994 - rui314 mold Object File input-files.cc initialize_sections heap-based overflow
A vulnerability was detected in rui314 mold up to 2.40.4. This issue affects the function mold::ObjectFilemold::X86_64::initialize_sections of the file src/input-files.cc of the component Object File Handler. Performing a manipulation results in heap-based buffer overflow. Attacking locally is a reβ¦
5.3
CVE-2026-3993 - itsourcecode Payroll Management System manage_employee_deductions.php cross site scripting
A security vulnerability has been detected in itsourcecode Payroll Management System 1.0. This vulnerability affects unknown code of the file /manage_employee_deductions.php. Such manipulation of the argument ID leads to cross site scripting. The attack may be launched remotely. The exploit has beeβ¦
0.0
CVE-2026-2687 - Reading progressbar < 1.3.1 - Admin+ Stored XSS
The Reading progressbar WordPress plugin before 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
0.0
CVE-2025-15473 - Timetics < 1.0.52 - Unauthenticated Payment/Booking Status Update
The Timetics WordPress plugin before 1.0.52 does not have authorization in a REST endpoint, allowing unauthenticated users to arbitrarily change a booking's payment status and post status for the "timetics-booking" custom post type.
5.3
CVE-2026-3992 - CodeGenieApp serverless-express Users Endpoint dynamodb.ts injection
A weakness has been identified in CodeGenieApp serverless-express up to 4.17.1. This affects an unknown part of the file utils/dynamodb.ts of the component Users Endpoint. This manipulation of the argument filter causes injection. The attack may be initiated remotely. The exploit has been made avaiβ¦