6.9
CVE-2026-5320 - vanna-ai vanna Chat API Endpoint v2 missing authentication
A vulnerability was detected in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is an unknown functionality of the file /api/vanna/v2/ of the component Chat API Endpoint. Performing a manipulation results in missing authentication. The attack can be initiated remotely. The exploit is now…
5.3
CVE-2026-5319 - itsourcecode Payroll Management System navbar.php cross site scripting
A security vulnerability has been detected in itsourcecode Payroll Management System up to 1.0. Affected is an unknown function of the file /navbar.php. Such manipulation of the argument page leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed…
5.3
CVE-2026-5318 - LibRaw JPEG DHT losslessjpeg.cpp initval out-of-bounds write
A weakness has been identified in LibRaw up to 0.22.0. This impacts the function HuffTable::initval of the file src/decompressors/losslessjpeg.cpp of the component JPEG DHT Parser. This manipulation of the argument bits[] causes out-of-bounds write. It is possible to initiate the attack remotely. T…
5.3
CVE-2026-5317 - Nothings stb stb_vorbis.c start_decoder out-of-bounds write
A security flaw has been discovered in Nothings stb up to 1.22. This affects the function start_decoder of the file stb_vorbis.c. The manipulation results in out-of-bounds write. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The ve…
5.4
CVE-2026-1243 - IBM Content Navigator is affected by , a Cross-Site Scripting (XSS) vulnerability
IBM Content Navigator 3.0.15, 3.1.0, and 3.2.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
5.3
CVE-2026-5316 - Nothings stb stb_vorbis.c setup_free allocation of resources
A vulnerability was identified in Nothings stb up to 1.22. The impacted element is the function setup_free of the file stb_vorbis.c. The manipulation leads to allocation of resources. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The vendor …
4
CVE-2026-21767 - HCL BigFix Platform is affected by insufficient authentication
HCL BigFix Platform is affected by insufficient authentication. The application might allow users to access sensitive areas of the application without proper authentication.
8.8
CVE-2026-21765 - HCL BigFix Platform is affected by insecure permissions on private cryptographic keys
HCL BigFix Platform is affected by insecure permissions on private cryptographic keys. The private cryptographic keys located on a Windows host machine might be subject to overly permissive file system permissions.
5.3
CVE-2026-5315 - Nothings stb TTF File stb_truetype.h stbtt__buf_get8 out-of-bounds
A vulnerability was determined in Nothings stb up to 1.26. The affected element is the function stbtt__buf_get8 in the library stb_truetype.h of the component TTF File Handler. Executing a manipulation can lead to out-of-bounds read. The attack can be executed remotely. The exploit has been publicl…
2.7
CVE-2025-66487 - Multiple vulnerabilities have been addressed in IBM Aspera Shares
IBM Aspera Shares 1.9.9 through 1.11.0 does not properly rate limit the frequency that an authenticated user can send emails, which could result in email flooding or a denial of service.