7.2
CVE-2026-37344 -
SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/manage_location.php.
7.5
CVE-2026-30656 - fio: fio: Denial of Service via NULL pointer dereference when parsing job files
A NULL pointer dereference vulnerability exists in fio (Flexible I/O Tester) v3.41 when parsing job files containing the fdp_pli option. The callback function str_fdp_pli_cb() does not validate the input pointer and calls strdup() on a NULL value when the option is specified without an argument. Thβ¦
7.2
CVE-2026-37343 -
SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/manage_user.php.
6.5
CVE-2026-6732 - Libxml2: libxml2: denial of service via crafted xsd-validated document
A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD) validated document that includes an internal entity reference. An attacker could exploit this by providing a malicious document, leading to a type confusion error that cβ¦
5.4
CVE-2026-5363 - Use of weak cryptographic key in TP-Link Archer C7
Inadequate Encryption Strength vulnerability in TP-Link Archer C7 v5 and v5.8 (uhttpd modules) allows Password Recovery Exploitation.Β The web interface encrypts the admin password client-side using RSA-1024 before sending it to the router during login.Β An adjacent attacker with the ability to inteβ¦
9.8
CVE-2026-4880 - Barcode Scanner (+Mobile App) <= 1.11.0 - Unauthenticated Privilege Escalation via Insecure Token Aβ¦
The Barcode Scanner (+Mobile App) β Inventory manager, Order fulfillment system, POS (Point of Sale) plugin for WordPress is vulnerable to privilege escalation via insecure token-based authentication in all versions up to, and including, 1.11.0. This is due to the plugin trusting a user-supplied Baβ¦
7.5
CVE-2026-40245 - Free5GC: UDR nudr-dr influenceData/subs-to-notify leaks SUPI in error response body without authentβ¦
Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. Versions 4.2.1 and below contain an information disclosure vulnerability in the UDR (Unified Data Repository) service. The handler for GET /nudr-dr/v2/application-data/influenceData/subs-to-notify sendsβ¦
8.2
CVE-2026-40193 - Maddy Mail Server: LDAP Filter Injection via Unsanitized Username
maddy is a composable, all-in-one mail server. Versions prior to 0.9.3 contain an LDAP injection vulnerability in the auth.ldap module where user-supplied usernames are interpolated into LDAP search filters and DN strings via strings.ReplaceAll() without any LDAP filter escaping, despite the go-ldaβ¦
2.9
CVE-2026-40947 - Unintended DLL Search Path in Yubico Authentication Libraries
Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before 5.9.1 have an unintended DLL search path.
8.7
CVE-2026-40192 - Pillow is vulnerable to a FITS GZIP decompression bomb
Pillow is a Python imaging library. Versions 10.3.0 through 12.1.1 did not limit the amount of GZIP-compressed data read when decoding a FITS image, making them vulnerable to decompression bomb attacks. A specially crafted FITS file could cause unbounded memory consumption, leading to denial of serβ¦