7.5
CVE-2025-66769 - Null Pointer Dereference in Nitro PDF Pro Leads to DoS via XFA Packet
A NULL pointer dereference in Nitro PDF Pro for Windows v14.41.1.4 allows attackers to cause a Denial of Service (DoS) via a crafted XFA packet.
2.7
CVE-2026-36950 -
Sourcecodester Online Thesis Archiving System v1.0 is vulnerable to SQL injection in /otas/projects_per_department.php.
7.5
CVE-2025-69624 - Null Pointer Dereference in Nitro PDF Pro JavaScript Leading to Crash
Nitro PDF Pro for Windows 14.41.1.4 contains a NULL pointer dereference vulnerability in the JavaScript implementation of app.alert(). When app.alert() is called with more than one argument and the first argument evaluates to null (for example, app.alert(app.activeDocs, true) when app.activeDocs isβ¦
5
CVE-2026-6845 - Binutils: binutils: denial of service via crafted elf file
A flaw was found in binutils, specifically within the `readelf` utility. This vulnerability allows a local attacker to cause a Denial of Service (DoS) by tricking a user into processing a specially crafted Executable and Linkable Format (ELF) file. The exploitation of this flaw can lead to the systβ¦
2.7
CVE-2026-36874 - SQL Injection in Basic Library System Load Student Script
Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load_student.php.
2.7
CVE-2026-36920 - SQL Injection Vulnerability in Sourcecodester Online Reviewer System
Sourcecodester Online Reviewer System v1.0 is vulnerable to SQL Injection in the file /system/system/admins/assessments/examproper/questions-view.php.
5.5
CVE-2026-31421 - net/sched: cls_fw: fix NULL pointer dereference on shared blocks
In the Linux kernel, the following vulnerability has been resolved: net/sched: cls_fw: fix NULL pointer dereference on shared blocks The old-method path in fw_classify() calls tcf_block_q() and dereferences q->handle. Shared blocks leave block->q NULL, causing a NULL deref when an empty cls_fw fβ¦
8.8
CVE-2026-29955 - KubePlus 4.14 Command Injection via /registercrd Endpoint
The `/registercrd` endpoint in KubePlus 4.14 in the kubeconfiggenerator component is vulnerable to command injection. The component uses `subprocess.Popen()` with `shell=True` parameter to execute shell commands, and the user-supplied `chartName` parameter is directly concatenated into the command β¦
5.4
CVE-2025-63743 - Authenticated XSS in SnipeβIT via Name and Surname Fields
Cross-Site Scripting vulnerability in the Snipe-IT web-based asset management system v8.3.0 to up and including v8.3.1 allows authenticated attacker with lowest privileges sufficient only to log in, to inject arbitrary JavaScript code via "Name" and "Surname" fields. The JavaScript code is executedβ¦
5.5
CVE-2026-31416 - netfilter: nfnetlink_log: account for netlink header size
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_log: account for netlink header size This is a followup to an old bug fix: NLMSG_DONE needs to account for the netlink header size, not just the attribute size. This can result in a WARN splat + drop of the β¦