2.7
CVE-2026-36920 - SQL Injection Vulnerability in Sourcecodester Online Reviewer System
Sourcecodester Online Reviewer System v1.0 is vulnerable to SQL Injection in the file /system/system/admins/assessments/examproper/questions-view.php.
5.5
CVE-2026-31421 - net/sched: cls_fw: fix NULL pointer dereference on shared blocks
In the Linux kernel, the following vulnerability has been resolved: net/sched: cls_fw: fix NULL pointer dereference on shared blocks The old-method path in fw_classify() calls tcf_block_q() and dereferences q->handle. Shared blocks leave block->q NULL, causing a NULL deref when an empty cls_fw fβ¦
8.8
CVE-2026-29955 - KubePlus 4.14 Command Injection via /registercrd Endpoint
The `/registercrd` endpoint in KubePlus 4.14 in the kubeconfiggenerator component is vulnerable to command injection. The component uses `subprocess.Popen()` with `shell=True` parameter to execute shell commands, and the user-supplied `chartName` parameter is directly concatenated into the command β¦
5.4
CVE-2025-63743 - Authenticated XSS in SnipeβIT via Name and Surname Fields
Cross-Site Scripting vulnerability in the Snipe-IT web-based asset management system v8.3.0 to up and including v8.3.1 allows authenticated attacker with lowest privileges sufficient only to log in, to inject arbitrary JavaScript code via "Name" and "Surname" fields. The JavaScript code is executedβ¦
5.5
CVE-2026-31416 - netfilter: nfnetlink_log: account for netlink header size
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_log: account for netlink header size This is a followup to an old bug fix: NLMSG_DONE needs to account for the netlink header size, not just the attribute size. This can result in a WARN splat + drop of the β¦
2.7
CVE-2026-36943 - SQL Injection Vulnerability in Sourcecodester Repair Shop Management System v1.0
Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/repairs/manage_repair.php.
2.7
CVE-2026-36942 - SQL Injection Vulnerability in Sourcecodester Online Resort Management System
Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injection in the file /orms/admin/activities/manage_activity.php.
8.4
CVE-2025-69627 -
Nitro PDF Pro for Windows 14.41.1.4 contains a heap use-after-free vulnerability in the implementation of the JavaScript method this.mailDoc(). During execution, an internal XID object is allocated and then freed prematurely, after which the freed pointer is still passed into UI and logging helper β¦
2.7
CVE-2026-36922 - SQL Injection Vulnerability in Sourcecodester Cab Management System 1.0
Sourcecodester Cab Management System v1.0 is vulnerable to SQL injection in the file /cms/admin/categories/view_category.php.
0.0
CVE-2026-31420 - bridge: mrp: reject zero test interval to avoid OOM panic
In the Linux kernel, the following vulnerability has been resolved: bridge: mrp: reject zero test interval to avoid OOM panic br_mrp_start_test() and br_mrp_start_in_test() accept the user-supplied interval value from netlink without validation. When interval is 0, usecs_to_jiffies(0) yields 0, cβ¦