5.3
CVE-2026-1134 - itsourcecode Society Management System expenses.php cross site scripting
A vulnerability was identified in itsourcecode Society Management System 1.0. This affects an unknown function of the file /admin/expenses.php. The manipulation of the argument detail leads to cross site scripting. The attack may be initiated remotely. The exploit is publicly available and might beβ¦
6.9
CVE-2026-1133 - Yonyou KSOA HTTP GET Parameter folder.jsp sql injection
A vulnerability was determined in Yonyou KSOA 9.0. The impacted element is an unknown function of the file /kmf/folder.jsp of the component HTTP GET Parameter Handler. Executing a manipulation of the argument folderid can lead to sql injection. The attack can be launched remotely. The exploit has bβ¦
6.9
CVE-2026-1132 - Yonyou KSOA HTTP GET Parameter edit_folder.jsp sql injection
A vulnerability was found in Yonyou KSOA 9.0. The affected element is an unknown function of the file /kmf/edit_folder.jsp of the component HTTP GET Parameter Handler. Performing a manipulation of the argument folderid results in sql injection. The attack can be initiated remotely. The exploit has β¦
6.9
CVE-2026-1131 - Yonyou KSOA HTTP GET Parameter save_catalog.jsp sql injection
A vulnerability has been found in Yonyou KSOA 9.0. Impacted is an unknown function of the file /kmc/save_catalog.jsp of the component HTTP GET Parameter Handler. Such manipulation of the argument catalogid leads to sql injection. It is possible to launch the attack remotely. The exploit has been diβ¦
6.9
CVE-2026-1130 - Yonyou KSOA HTTP GET Parameter worksadd_plan.jsp sql injection
A flaw has been found in Yonyou KSOA 9.0. This issue affects some unknown processing of the file /worksheet/worksadd_plan.jsp of the component HTTP GET Parameter Handler. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been β¦
6.9
CVE-2026-1129 - Yonyou KSOA HTTP GET Parameter worksadd.jsp sql injection
A vulnerability was detected in Yonyou KSOA 9.0. This vulnerability affects unknown code of the file /worksheet/worksadd.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit is now public β¦
5.8
CVE-2026-1180 - Org.keycloak.protocol.oidc: blind server-side request forgery (ssrf) in keycloak oidc dynamic clienβ¦
A flaw was identified in Keycloakβs OpenID Connect Dynamic Client Registration feature when clients authenticate using private_key_jwt. The issue allows a client to specify an arbitrary jwks_uri, which Keycloak then retrieves without validating the destination. This enables attackers to coerce the β¦
9.9
CVE-2026-22797 - keystonemiddleware: From CVEorg collector
An issue was discovered in OpenStack keystonemiddleware 10.5 through 10.7 before 10.7.2, 10.8 and 10.9 before 10.9.1, and 10.10 through 10.12 before 10.12.1. The external_oauth2_token middleware fails to sanitize incoming authentication headers before processing OAuth 2.0 tokens. By sending forged β¦
6.9
CVE-2025-15539 - Open5GS sgwc s11-handler.c sgwc_s11_handle_downlink_data_notification_ack denial of service
A vulnerability was determined in Open5GS up to 2.7.6. Impacted is the function sgwc_s11_handle_downlink_data_notification_ack of the file src/sgwc/s11-handler.c of the component sgwc. This manipulation causes denial of service. The attack can be initiated remotely. The exploit has been publicly diβ¦
5.3
CVE-2026-23829 - Mailpit has SMTP Header Injection via Regex Bypass
Mailpit is an email testing tool and API for developers. Prior to version 1.28.3, Mailpit's SMTP server is vulnerable to Header Injection due to an insufficient Regular Expression used to validate `RCPT TO` and `MAIL FROM` addresses. An attacker can inject arbitrary SMTP headers (or corrupt existinβ¦