5.6

CVSS3.1

CVE-2026-5673 - Libtheora: libtheora: denial of service or information disclosure via malformed avi file processing

A flaw was found in libtheora. This heap-based out-of-bounds read vulnerability exists within the AVI (Audio Video Interleave) parser, specifically in the avi_parse_input_file() function. A local attacker could exploit this by tricking a user into opening a specially crafted AVI file containing a t…

πŸ“… Published: April 6, 2026, 9:22 a.m. πŸ”„ Last Modified: April 6, 2026, 10:16 a.m.

5.3

CVSS4.0

CVE-2026-5641 - PHPGurukul Online Shopping Portal Project Parameter update-image1.php sql injection

A vulnerability was found in PHPGurukul Online Shopping Portal Project 2.1. The impacted element is an unknown function of the file /admin/update-image1.php of the component Parameter Handler. The manipulation of the argument filename results in sql injection. The attack may be performed from remot…

πŸ“… Published: April 6, 2026, 9:15 a.m. πŸ”„ Last Modified: April 6, 2026, 10:16 a.m.

5.3

CVSS4.0

CVE-2026-5640 - PHPGurukul Online Shopping Portal Project Parameter update-image2.php sql injection

A vulnerability has been found in PHPGurukul Online Shopping Portal Project 2.1. The affected element is an unknown function of the file /admin/update-image2.php of the component Parameter Handler. The manipulation of the argument filename leads to sql injection. The attack is possible to be carrie…

πŸ“… Published: April 6, 2026, 9 a.m. πŸ”„ Last Modified: April 6, 2026, 9:16 a.m.

5.3

CVSS4.0

CVE-2026-5639 - PHPGurukul Online Shopping Portal Project Parameter update-image3.php sql injection

A flaw has been found in PHPGurukul Online Shopping Portal Project 2.1. Impacted is an unknown function of the file /admin/update-image3.php of the component Parameter Handler. Executing a manipulation of the argument filename can lead to sql injection. The attack can be executed remotely. The expl…

πŸ“… Published: April 6, 2026, 8:45 a.m. πŸ”„ Last Modified: April 6, 2026, 9:16 a.m.

3.7

CVSS3.1

CVE-2026-37977 - Keycloak: org.keycloak.protocol.oidc.grants.ciba: keycloak: information disclosure via cors header …

A flaw was found in Keycloak. A remote attacker can exploit a Cross-Origin Resource Sharing (CORS) header injection vulnerability in Keycloak's User-Managed Access (UMA) token endpoint. This flaw occurs because the `azp` claim from a client-supplied JSON Web Token (JWT) is used to set the `Access-C…

πŸ“… Published: April 6, 2026, 8:38 a.m. πŸ”„ Last Modified: April 6, 2026, 9:16 a.m.

6.9

CVSS4.0

CVE-2026-5638 - HerikLyma CPPWebFramework path traversal

A vulnerability was detected in HerikLyma CPPWebFramework up to 3.1. This issue affects some unknown processing. Performing a manipulation results in path traversal. Remote exploitation of the attack is possible. The exploit is now public and may be used. The project was informed of the problem ear…

πŸ“… Published: April 6, 2026, 8:30 a.m. πŸ”„ Last Modified: April 6, 2026, 9:16 a.m.

6.9

CVSS4.0

CVE-2026-5637 - projectworlds Car Rental System Parameter message_admin.php sql injection

A security vulnerability has been detected in projectworlds Car Rental System 1.0. This vulnerability affects unknown code of the file /message_admin.php of the component Parameter Handler. Such manipulation of the argument Message leads to sql injection. The attack may be launched remotely. The ex…

πŸ“… Published: April 6, 2026, 8:15 a.m. πŸ”„ Last Modified: April 6, 2026, 9:16 a.m.

5.3

CVSS4.0

CVE-2026-5636 - PHPGurukul Online Shopping Portal Project Parameter cancelorder.php sql injection

A weakness has been identified in PHPGurukul Online Shopping Portal Project 2.1. This affects an unknown part of the file /cancelorder.php of the component Parameter Handler. This manipulation of the argument oid causes sql injection. The attack may be initiated remotely. The exploit has been made …

πŸ“… Published: April 6, 2026, 8 a.m. πŸ”„ Last Modified: April 6, 2026, 8:16 a.m.

5.3

CVSS4.0

CVE-2026-5635 - PHPGurukul Online Shopping Portal Project Parameter categorywise-products.php sql injection

A security flaw has been discovered in PHPGurukul Online Shopping Portal Project 2.1. Affected by this issue is some unknown functionality of the file /categorywise-products.php of the component Parameter Handler. The manipulation of the argument cid results in sql injection. The attack can be laun…

πŸ“… Published: April 6, 2026, 7:45 a.m. πŸ”„ Last Modified: April 6, 2026, 8:16 a.m.

0.0

CVE-2026-31410 - ksmbd: use volume UUID in FS_OBJECT_ID_INFORMATION

In the Linux kernel, the following vulnerability has been resolved: ksmbd: use volume UUID in FS_OBJECT_ID_INFORMATION Use sb->s_uuid for a proper volume identifier as the primary choice. For filesystems that do not provide a UUID, fall back to stfs.f_fsid obtained from vfs_statfs().

πŸ“… Published: April 6, 2026, 7:38 a.m. πŸ”„ Last Modified: April 6, 2026, 8:16 a.m.
Total resulsts: 342418
Page 2 of 34,242
Β« previous page Β» next page
Filters