9.8
CVE-2026-31946 - OpenOLAT: Authentication bypass via forged JWT in OIDC implicit flow
OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. From version 10.5.4 to before version 20.2.5, OpenOLAT's OpenID Connect implicit flow implementation does not verify JWT signatures. The JSONWebToken.parse() method silently discards the sβ¦
8.7
CVE-2026-5152 - Tenda CH22 createFileName formCreateFileName stack-based overflow
A vulnerability was detected in Tenda CH22 1.0.0.1. Impacted is the function formCreateFileName of the file /goform/createFileName. Performing a manipulation of the argument fileNameMit results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may bβ¦
9.1
CVE-2026-34558 - CI4MS: Methods Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOMβ¦
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within the Methods Management functionality when creating or manaβ¦
9.1
CVE-2026-34557 - CI4MS: Permissions Management Full Account Takeover for All-Roles & Privilege-Escalation via Storedβ¦
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within group and role management functionality. Multiple input fiβ¦
4.7
CVE-2026-27599 - CI4MS: System Settings (Mail Settings) Full Platform Compromise & Full Account Takeover for All-Rolβ¦
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within System Settings β Mail Settings. Several configuration fieβ¦
7.8
CVE-2026-27018 - Gotenberg: Chromium deny-list bypass via case-insensitive URL scheme
Gotenberg is an API for converting document formats. Prior to version 8.29.0, the fix introduced for CVE-2024-21527 can be bypassed using mixed-case or uppercase URL schemes. This issue has been patched in version 8.29.0.
3.1
CVE-2026-32696 - NanoMQ HTTP Auth: Missing username/password can trigger a NULL-pointer strlen() in auth_http.c:set_β¦
NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In NanoMQ version 0.24.6, after enabling auth.http_auth (HTTP authentication), when a client connects to the broker using MQTT CONNECT without providing username/password, and the configuration params uses the placeholders %u / %β¦
6.5
CVE-2026-25627 - nanomq: OOB Read / Crash (DoS) via Malformed MQTT Remaining Length over WebSocket
NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Prior to version 0.24.8, NanoMQβs MQTT-over-WebSocket transport can be crashed by sending an MQTT packet with a deliberately large Remaining Length in the fixed header while providing a much shorter actual payload. The code path β¦
6.9
CVE-2026-5150 - code-projects Accounting System Parameter viewin_costumer.php sql injection
A security vulnerability has been detected in code-projects Accounting System 1.0. This issue affects some unknown processing of the file /viewin_costumer.php of the component Parameter Handler. Such manipulation of the argument cos_id leads to sql injection. The attack can be launched remotely. Thβ¦
5.1
CVE-2026-5148 - YunaiV yudao-cloud page sql injection
A weakness has been identified in YunaiV yudao-cloud up to 2026.01. This vulnerability affects unknown code of the file /admin-api/system/mail-log/page. This manipulation of the argument toMail causes sql injection. The attack can be initiated remotely. The exploit has been made available to the puβ¦