5.1

CVSS4.0

CVE-2026-4239 - Lagom WHMCS Template Datatables prototype pollution

A vulnerability was found in Lagom WHMCS Template up to 2.3.7. Impacted is an unknown function of the component Datatables. The manipulation results in improperly controlled modification of object prototype attributes. It is possible to launch the attack remotely. The exploit has been made public a…

πŸ“… Published: March 16, 2026, 1:02 p.m. πŸ”„ Last Modified: March 16, 2026, 1:02 p.m.

4.3

CVSS3.1

CVE-2026-25780 - Memory Exhaustion via Malformed DOC File Upload

Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to bound memory allocation when processing DOC files which allows an authenticated attacker to cause server memory exhaustion and denial of service via uploading a specially crafted DOC file.. Mattermost Advisory ID: M…

πŸ“… Published: March 16, 2026, 12:59 p.m. πŸ”„ Last Modified: March 16, 2026, 12:59 p.m.

4.8

CVSS3.1

CVE-2025-52648 -

HCL AION is affected by a vulnerability where offering images are not digitally signed. Lack of image signing may allow the use of unverified or tampered images, potentially leading to security risks such as integrity compromise or unintended behavior in the system

πŸ“… Published: March 16, 2026, 12:53 p.m. πŸ”„ Last Modified: March 16, 2026, 12:53 p.m.

5.6

CVSS3.1

CVE-2025-52638 - Multiple security vulnerabilities affect HCL AION

HCL AION is affected by a vulnerability where container base images are not properly authenticated. This may expose the system to potential security risks such as usage of untrusted container images, which could lead to unintended behaviour or security impact.

πŸ“… Published: March 16, 2026, 12:35 p.m. πŸ”„ Last Modified: March 16, 2026, 12:35 p.m.

5.1

CVSS4.0

CVE-2026-4238 - itsourcecode College Management System courses.php sql injection

A vulnerability has been found in itsourcecode College Management System 1.0. This issue affects some unknown processing of the file /admin/courses.php. The manipulation of the argument course_code leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclose…

πŸ“… Published: March 16, 2026, 12:32 p.m. πŸ”„ Last Modified: March 16, 2026, 12:32 p.m.

2.2

CVSS3.1

CVE-2025-52637 - Multiple security vulnerabilities affect HCL AION

HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions on query execution could expose the system to unintended database interactions or limited information exposure under specific co…

πŸ“… Published: March 16, 2026, 12:27 p.m. πŸ”„ Last Modified: March 16, 2026, 12:27 p.m.

4.3

CVSS3.1

CVE-2026-4265 - Guest user can upload files without permission across teams

Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to validate team-specific upload_file permissions which allows a guest user to post files in channels where they lack upload_file permission via uploading files in a team where they have permission and reusing the file…

πŸ“… Published: March 16, 2026, 12:07 p.m. πŸ”„ Last Modified: March 16, 2026, 12:07 p.m.

4.3

CVSS3.1

CVE-2026-25783 - Denial of service via malformed User-Agent header in getBrowserVersion

Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to properly validate User-Agent header tokens which allows an authenticated attacker to cause a request panic via a specially crafted User-Agent header. Mattermost Advisory ID: MMSA-2026-00586

πŸ“… Published: March 16, 2026, 12:04 p.m. πŸ”„ Last Modified: March 16, 2026, 12:04 p.m.

7.5

CVSS3.1

CVE-2026-24458 - DoS attack via login attempts with multi-megabyte passwords

Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to properly handle very long passwords, which allows an attacker to overload the server CPU and memory via executing login attempts with multi-megabyte passwords. Mattermost Advisory ID: MMSA-2026-00587

πŸ“… Published: March 16, 2026, 12:02 p.m. πŸ”„ Last Modified: March 16, 2026, 12:02 p.m.

6.9

CVSS4.0

CVE-2026-4237 - itsourcecode Free Hotel Reservation System index.php sql injection

A flaw has been found in itsourcecode Free Hotel Reservation System 1.0. This vulnerability affects unknown code of the file /hotel/admin/mod_reports/index.php. Executing a manipulation of the argument Home can lead to sql injection. The attack may be performed from remote. The exploit has been pub…

πŸ“… Published: March 16, 2026, 12:02 p.m. πŸ”„ Last Modified: March 16, 2026, 12:02 p.m.
Total resulsts: 338180
Page 2 of 33,818
Β« previous page Β» next page
Filters