9.8
CVE-2026-29649 -
NEMU contains an implementation flaw in its RISC-V Hypervisor CSR handling where henvcfg[7:4] (CBIE/CBCFE/CBZE-related fields) is incorrectly masked/updated based on menvcfg[7:4], so a machine-mode write to menvcfg can implicitly modify the hypervisor's environment configuration. This can lead to iβ¦
9.9
CVE-2026-30269 - Doorman Improper Access Control Allows Privilege Escalation
Improper access control in Doorman v0.1.0 and v1.0.2 allows any authenticated user to update their own account role to a non-admin privileged role via /platform/user/{username}. The `role` field is accepted by the update model without a manage_users permission check for self-updates, enabling priviβ¦
8.8
CVE-2026-29648 - Privilege Escalation via Improper CSRs Access in OpenXiangShan NEMU
In OpenXiangShan NEMU, when Smstateen is enabled, clearing mstateen0.ENVCFG does not correctly restrict access to henvcfg and senvcfg. As a result, less-privileged code may read or write these CSRs without the required exception, potentially bypassing intended state-enable based isolation controls β¦
5.3
CVE-2026-26399 - StackβUseβAfterβReturn in Arduino_Core_STM32 Causes Memory Corruption
A stack-use-after-return issue exists in the Arduino_Core_STM32 library prior to version 1.7.0. The pwm_start() function allocates a TIM_HandleTypeDef structure on the stack and passes its address to HAL initialization routines, where it is stored in a global timer handle registry. After the functiβ¦
7.5
CVE-2026-39111 - SQL Injection Vulnerability in Apartment Visitors Management System Forgot Password Page
SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 in the email parameter of the forgot password page (forgot-password.php). This allows an unauthenticated attacker to manipulate backend SQL queries and retrieve sensitive user data.
9.4
CVE-2026-39109 -
SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 within the username parameter of the login page (index.php). This allows an unauthenticated attacker to manipulate backend SQL queries during authentication and retrieve sensitive database β¦
8.2
CVE-2026-39110 - Unauthenticated SQL Injection in Forgot Password Page of Apartment Visitors Management System
SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 in the contactno parameter of the forgot password page (forgot-password.php). This allows an unauthenticated attacker to manipulate backend SQL queries during authentication and retrieve seβ¦
6.6
CVE-2026-31430 - X.509: Fix out-of-bounds access when parsing extensions
In the Linux kernel, the following vulnerability has been resolved: X.509: Fix out-of-bounds access when parsing extensions Leo reports an out-of-bounds access when parsing a certificate with empty Basic Constraints or Key Usage extension because the first byte of the extension is read before cheβ¦
6.6
CVE-2026-31429 - net: skb: fix cross-cache free of KFENCE-allocated skb head
In the Linux kernel, the following vulnerability has been resolved: net: skb: fix cross-cache free of KFENCE-allocated skb head SKB_SMALL_HEAD_CACHE_SIZE is intentionally set to a non-power-of-2 value (e.g. 704 on x86_64) to avoid collisions with generic kmalloc bucket sizes. This ensures that skβ¦
7.8
CVE-2026-30266 - Local Arbitrary Code Execution via Insecure Permissions in DeepCool DeepCreative
Insecure Permissions vulnerability in DeepCool DeepCreative v.1.2.12 and before allows a local attacker to execute arbitrary code via a crafted file