5.3
CVE-2026-6982 - star7th ShowDoc API Page Sort Endpoint PageController.class.PHP sql injection
A vulnerability was determined in star7th ShowDoc up to 2.10.10/3.6.2/3.8.0. Affected by this vulnerability is an unknown functionality of the file server/Application/Api/Controller/PageController.class.PHP of the component API Page Sort Endpoint. Executing a manipulation of the argument pages can β¦
5.3
CVE-2026-6981 - IhateCreatingUserNames2 AiraHub2 Endpoint AiraHub.py sync_agents server-side request forgery
A vulnerability was found in IhateCreatingUserNames2 AiraHub2 up to 3e4b77fd7d48ed811ffe5b8d222068c17c76495e. Affected is the function connect_stream_endpoint/sync_agents of the file AiraHub.py of the component Endpoint. Performing a manipulation results in server-side request forgery. The attack mβ¦
6.9
CVE-2026-6980 - Divyanshu-hash GitPilot-MCP main.py repo_path command injection
A vulnerability has been found in Divyanshu-hash GitPilot-MCP up to 9ed9f153ba4158a2ad230ee4871b25130da29ffd. This impacts the function repo_path of the file main.py. Such manipulation of the argument command leads to command injection. The attack can be launched remotely. The exploit has been discβ¦
5.3
CVE-2026-6979 - devlikeapro WAHA API Request media.controller.ts server-side request forgery
A flaw has been found in devlikeapro WAHA up to 2026.3.4. This affects an unknown function of the file src/api/media.controller.ts of the component API Request Handler. This manipulation causes server-side request forgery. The attack can be initiated remotely. The exploit has been published and mayβ¦
5.1
CVE-2026-6978 - JiZhiCMS addcache.html htmlspecialchars_decode sql injection
A vulnerability was detected in JiZhiCMS up to 2.5.6. The impacted element is the function htmlspecialchars_decode of the file /index.php/admins/Sys/addcache.html. The manipulation of the argument sqls results in sql injection. It is possible to launch the attack remotely. The exploit is now publicβ¦
6.9
CVE-2026-6977 - vanna-ai vanna Legacy Flask API improper authorization
A security vulnerability has been detected in vanna-ai vanna up to 2.0.2. The affected element is an unknown function of the component Legacy Flask API. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may β¦
0.0
CVE-2026-31685 - netfilter: ip6t_eui64: reject invalid MAC header for all packets
In the Linux kernel, the following vulnerability has been resolved: netfilter: ip6t_eui64: reject invalid MAC header for all packets `eui64_mt6()` derives a modified EUI-64 from the Ethernet source address and compares it with the low 64 bits of the IPv6 source address. The existing guard only rβ¦
0.0
CVE-2026-31684 - net: sched: act_csum: validate nested VLAN headers
In the Linux kernel, the following vulnerability has been resolved: net: sched: act_csum: validate nested VLAN headers tcf_csum_act() walks nested VLAN headers directly from skb->data when an skb still carries in-payload VLAN tags. The current code reads vlan->h_vlan_encapsulated_proto and then pβ¦
0.0
CVE-2026-31683 - batman-adv: avoid OGM aggregation when skb tailroom is insufficient
In the Linux kernel, the following vulnerability has been resolved: batman-adv: avoid OGM aggregation when skb tailroom is insufficient When OGM aggregation state is toggled at runtime, an existing forwarded packet may have been allocated with only packet_len bytes, while a later packet can stillβ¦
0.0
CVE-2026-31682 - bridge: br_nd_send: linearize skb before parsing ND options
In the Linux kernel, the following vulnerability has been resolved: bridge: br_nd_send: linearize skb before parsing ND options br_nd_send() parses neighbour discovery options from ns->opt[] and assumes that these options are in the linear part of request. Its callers only guarantee that the ICMβ¦