6.9
CVE-2026-3817 - SourceCodester Patients Waiting Area Queue Management System patient-search.php improper authorizatโฆ
A vulnerability was detected in SourceCodester Patients Waiting Area Queue Management System 1.0. This issue affects some unknown processing of the file /patient-search.php. The manipulation results in improper authorization. The attack can be launched remotely. The exploit is now public and may beโฆ
0.0
CVE-2025-14558 - Remote code execution via ND6 Router Advertisements
The rtsol(8) and rtsold(8) programs do not validate the domain search list options provided in router advertisement messages; the option body is passed to resolvconf(8) unmodified. resolvconf(8) is a shell script which does not validate its input. A lack of quoting meant that shell commands pass โฆ
5.3
CVE-2026-3816 - OWASP DefectDojo SonarQubeParser/MSDefenderParser parser.py input_zip.read denial of service
A security vulnerability has been detected in OWASP DefectDojo up to 2.55.4. This vulnerability affects the function input_zip.read of the file parser.py of the component SonarQubeParser/MSDefenderParser. The manipulation leads to denial of service. The attack can be initiated remotely. The exploitโฆ
0.0
CVE-2026-25604 - Apache Airflow AWS Auth Manager - Host Header Injection Leading to SAML Authentication Bypass
In AWS Auth manager, the origin of the SAML authentication has been used as provided by the client and not verified against the actual instance URL.ย This allowed to gain access to different instances with potentially different access controls by reusing SAML response from other instances. You shoโฆ
8.7
CVE-2026-3815 - UTT HiPER 810G formApMail strcpy buffer overflow
A weakness has been identified in UTT HiPER 810G up to 1.7.7-1711. This affects the function strcpy of the file /goform/formApMail. Executing a manipulation can lead to buffer overflow. It is possible to launch the attack remotely. The exploit has been made available to the public and could be usedโฆ
0.0
CVE-2025-69219 - Apache Airflow Providers Http: Unsafe Pickle Deserialization in apache-airflow-providers-http leadiโฆ
A user with access to the DB could craft a database entry that would result in executing code on Triggerer - which gives anyone who have access to DB the same permissions as Dag Author. Since direct DB access is not usual and recommended for Airflow, the likelihood of it making any damage is low. โฆ
8.7
CVE-2026-3814 - UTT HiPER 810G getOneApConfTempEntry strcpy buffer overflow
A security flaw has been discovered in UTT HiPER 810G up to 1.7.7-1711. Affected by this issue is the function strcpy of the file /goform/getOneApConfTempEntry. Performing a manipulation results in buffer overflow. It is possible to initiate the attack remotely. The exploit has been released to theโฆ
5.3
CVE-2026-3813 - opencc JFlow WF_CCForm.java Calculate injection
A vulnerability was identified in opencc JFlow up to 5badc00db382d7cb82dad231e6a866b18e0addfe. Affected by this vulnerability is the function Calculate of the file src/main/java/bp/wf/httphandler/WF_CCForm.java. Such manipulation leads to injection. The attack may be performed from remote. The explโฆ
8.7
CVE-2025-40639 - SQL injection in Eventobot
A SQL injection vulnerability has been found in Eventobot. This vulnerability allows an attacker to retrieve, create, update and delete databases through the 'promo_send' parameter in the '/assets/php/calculate_discount.php'.
5.1
CVE-2025-40638 - Reflected Cross-Site Scripting (XSS) in Eventobot
A reflected Cross-Site Scripting (XSS) vulnerability has been found in Eventobot. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malicious URL using the 'name' parameter in '/search-results'. This vulnerability can be exploited to sโฆ