5.5
CVE-2026-6844 - Binutils: binutils: denial of service vulnerabilities in readelf via crafted elf files
A flaw was found in the `readelf` utility of the binutils package. A local attacker could exploit two Denial of Service (DoS) vulnerabilities by providing a specially crafted Executable and Linkable Format (ELF) file. One vulnerability, a resource exhaustion (CWE-400), can lead to an out-of-memory β¦
7.5
CVE-2026-30997 - FFmpeg: FFmpeg: Denial of Service via out-of-bounds read
An out-of-bounds read in the read_global_param() function (libavcodec/av1dec.c) of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input.
9.8
CVE-2026-31283 -
In Totara LMS v19.1.5 and before, the forgot password API does not implement rate limiting for the target email address. which can be used for an Email Bombing attack.
7.5
CVE-2025-66769 - Null Pointer Dereference in Nitro PDF Pro Leads to DoS via XFA Packet
A NULL pointer dereference in Nitro PDF Pro for Windows v14.41.1.4 allows attackers to cause a Denial of Service (DoS) via a crafted XFA packet.
2.7
CVE-2026-36950 -
Sourcecodester Online Thesis Archiving System v1.0 is vulnerable to SQL injection in /otas/projects_per_department.php.
7.5
CVE-2025-69624 - Null Pointer Dereference in Nitro PDF Pro JavaScript Leading to Crash
Nitro PDF Pro for Windows 14.41.1.4 contains a NULL pointer dereference vulnerability in the JavaScript implementation of app.alert(). When app.alert() is called with more than one argument and the first argument evaluates to null (for example, app.alert(app.activeDocs, true) when app.activeDocs isβ¦
5
CVE-2026-6845 - Binutils: binutils: denial of service via crafted elf file
A flaw was found in binutils, specifically within the `readelf` utility. This vulnerability allows a local attacker to cause a Denial of Service (DoS) by tricking a user into processing a specially crafted Executable and Linkable Format (ELF) file. The exploitation of this flaw can lead to the systβ¦
2.7
CVE-2026-36874 - SQL Injection in Basic Library System Load Student Script
Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load_student.php.
2.7
CVE-2026-36920 - SQL Injection Vulnerability in Sourcecodester Online Reviewer System
Sourcecodester Online Reviewer System v1.0 is vulnerable to SQL Injection in the file /system/system/admins/assessments/examproper/questions-view.php.
5.5
CVE-2026-31421 - net/sched: cls_fw: fix NULL pointer dereference on shared blocks
In the Linux kernel, the following vulnerability has been resolved: net/sched: cls_fw: fix NULL pointer dereference on shared blocks The old-method path in fw_classify() calls tcf_block_q() and dereferences q->handle. Shared blocks leave block->q NULL, causing a NULL deref when an empty cls_fw fβ¦