8.8
CVE-2026-38934 -
Cross Site Request Forgery vulnerability in diskoverdata diskover-community v.2.3.5. and before allows a remote attacker to escalate privileges and obtain sensitive information via the public/settings_process.php
7.5
CVE-2025-69428 - Unauthenticated Directory Exposure in Pro-Bit Prior to v1.77.4
An issue in Pro-Bit before v1.77.4 allows unauthenticated attackers to directly access sensitive directory and its subdirectories.
6.1
CVE-2026-38935 - Reflected XSS Vulnerability in diskoverβcommunity Public View Page
A reflected cross-site scripting (XSS) vulnerability exists in diskover-community <= 2.3.5 in public/view.php via the doctype parameter
7.5
CVE-2026-30351 - Path Traversal Allows Read of Arbitrary Files in Autocoder UI Static Component
A path traversal vulnerability in the UI/static component of leonvanzyl autocoder commit 79d02a allows attackers to read arbitrary files via sending crafted URL path containing traversal sequences.
7.8
CVE-2026-31688 - driver core: enforce device_lock for driver_match_device()
In the Linux kernel, the following vulnerability has been resolved: driver core: enforce device_lock for driver_match_device() Currently, driver_match_device() is called from three sites. One site (__device_attach_driver) holds device_lock(dev), but the other two (bind_store and __driver_attach) β¦
7.8
CVE-2026-31686 - mm/kasan: fix double free for kasan pXds
In the Linux kernel, the following vulnerability has been resolved: mm/kasan: fix double free for kasan pXds kasan_free_pxd() assumes the page table is always struct page aligned. But that's not always the case for all architectures. E.g. In case of powerpc with 64K pagesize, PUD table (of sizβ¦
5.5
CVE-2026-31691 - igb: remove napi_synchronize() in igb_down()
In the Linux kernel, the following vulnerability has been resolved: igb: remove napi_synchronize() in igb_down() When an AF_XDP zero-copy application terminates abruptly (e.g., kill -9), the XSK buffer pool is destroyed but NAPI polling continues. igb_clean_rx_irq_zc() repeatedly returns the fullβ¦
9.4
CVE-2024-46636 -
NASA Earth Observing System Data and Information System (EOSDIS) MODAPS v8.1 was discovered to contain a SQL injection vulnerability in the category parameter
4.3
CVE-2026-30462 - Directory Traversal in Daylight Studio FuelCMS Blocks Module 1.5.2
A path traversal vulnerability in the Blocks module of Daylight Studio FuelCMS v1.5.2 allows attackers to execute a directory traversal.
5.4
CVE-2026-31255 - Command Injection in Tenda AC18 Firmware Allowing System Command Execution
A command injection vulnerability exists in Tenda AC18 V15.03.05.05_multi. The vulnerability is located in the /goform/SetSambaCfg interface, where improper handling of the guestuser parameter allows attackers to execute arbitrary system commands.