7.2
CVE-2026-0234 - Cortex XSOAR: Improper Verification of Cryptographic Signature in Microsoft Teams integration
An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR and Cortex XSIAM platforms during integration of Microsoft Teams that enables an unauthenticated user to access and modify protected resources.
8.5
CVE-2026-5936 - Server-Side Request Forgery (SSRF) via URL Parameter in Foxit PDF Services API
An attacker can control a server-side HTTP request by supplying a crafted URL, causing the server to initiate requests to arbitrary destinations. This behavior may be exploited to probe internal network services, access otherwise unreachable endpoints (e.g., cloud metadata services), or bypass netwβ¦
9.1
CVE-2026-5085 - Solstice::Session versions through 1440 for Perl generates session ids insecurely
Solstice::Session versions through 1440 for Perl generates session ids insecurely. The _generateSessionID method returns an MD5 digest seeded by the epoch time, a random hash reference, a call to the built-in rand() function and the process id. The same method is used in the _generateID method inβ¦
7.1
CVE-2026-40436 - ZTE ZXEDM iEMS product has a password reset vulnerability
The ZTE ZXEDM iEMS product has a password reset vulnerability for any user.Because the management of the cloud EMS portal does not properly control access to the user list acquisition function, attackers can read all user list information through the user list interface. Attackers can reset the pasβ¦
8.7
CVE-2026-6168 - TOTOLINK A7000R cstecgi.cgi setWiFiEasyGuestCfg stack-based overflow
A flaw has been found in TOTOLINK A7000R up to 9.1.0u.6115. The affected element is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument ssid5g causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been pubβ¦
6.9
CVE-2026-6167 - code-projects Faculty Management System subject-print.php sql injection
A vulnerability was detected in code-projects Faculty Management System 1.0. Impacted is an unknown function of the file /subject-print.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit is now public and may be used.
5.1
CVE-2026-34866 - OutβofβBounds Write in HarmonyOS WEB Module Leads to Availability and Confidentiality Impact
Out-of-bounds write vulnerability in the WEB module.Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.
10
CVE-2026-34865 - HarmonyOS Web Module Out-of-Bounds Write Vulnerability
Out-of-bounds write vulnerability in the WEB module.Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.
6.9
CVE-2026-6166 - code-projects Vehicle Showroom Management System UpdateVehicleFunction.php sql injection
A security vulnerability has been detected in code-projects Vehicle Showroom Management System 1.0. This issue affects some unknown processing of the file /util/UpdateVehicleFunction.php. The manipulation of the argument VEHICLE_ID leads to sql injection. The attack may be initiated remotely. The eβ¦
8.6
CVE-2026-3830 - Product Filter for WooCommerce by WBW < 3.1.3 - Unauthenticated SQLi
The Product Filter for WooCommerce by WBW WordPress plugin before 3.1.3 does not sanitize and escape a parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks