0.0

CVE-2025-60889 -

Insecure deserialization of untrusted input in StellarGroup HPX 1.11.0 under certain conditions may allow attackers to execute arbitrary code or other unspecified impacts.

πŸ“… Published: April 28, 2026, midnight πŸ”„ Last Modified: April 28, 2026, 3:16 p.m.

5.3

CVSS3.1

CVE-2025-60887 -

An issue was discovered in Cista v0.15 and below. Insecure deserialization of untrusted input under certain conditions may lead to leaking of stack/heap addresses which may be used to bypass ASLR. Classes with pointer-like mechanics under the cista::raw namespace are prone to reference tampering, w…

πŸ“… Published: April 28, 2026, midnight πŸ”„ Last Modified: April 28, 2026, 3:09 p.m.

0.0

CVE-2026-38651 -

Authentication Bypass vulnerability exists in Netmaker versions prior to 1.5.0. The VerifyHostToken function in logic/jwts.go fails to validate the JWT signature when verifying host tokens. An attacker can forge a JWT signed with any arbitrary key and use it to impersonate any host in the network, …

πŸ“… Published: April 28, 2026, midnight πŸ”„ Last Modified: April 28, 2026, 3:44 p.m.

0.0

CVE-2026-37750 -

A reflected Cross-Site Scripting (XSS) vulnerability in School Management System by mahmoudai1 allows unauthenticated remote attackers to execute arbitrary JavaScript in victim's browsers via the unsanitized type parameter in register.php.

πŸ“… Published: April 28, 2026, midnight πŸ”„ Last Modified: April 28, 2026, 7:49 p.m.

0.0

CVE-2026-38948 -

Cross-Site Scripting (XSS) vulnerability exists in FUEL CMS v1.5.2 and before within the asset upload functionality. The application fails to properly sanitize uploaded SVG files, allowing a low-privileged authenticated user to upload a crafted SVG file containing malicious code.

πŸ“… Published: April 28, 2026, midnight πŸ”„ Last Modified: April 28, 2026, 3:55 p.m.

8.1

CVSS3.1

CVE-2026-42167 -

mod_sql in ProFTPD before 1.3.10rc1 allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER requests with an expansion such as %U, and the SQL backend allows commands (e.g., COPY TO PROGRAM).

πŸ“… Published: April 28, 2026, midnight πŸ”„ Last Modified: April 28, 2026, 10:09 p.m.

9.8

CVSS3.1

CVE-2026-42208 - LiteLLM: LiteLLM: Unauthorized data access and modification via SQL injection

A flaw was found in LiteLLM. A database query used for proxy API key checks incorrectly incorporated caller-supplied key values directly into the query. This vulnerability allows an unauthenticated attacker to send a specially crafted Authorization header to any Large Language Model (LLM) API route…

πŸ“… Published: April 28, 2026, midnight πŸ”„ Last Modified: April 28, 2026, midnight

8.6

CVSS4.0

CVE-2026-20766 - Milesight Cameras Heap-based Buffer Overflow

An out-of-bounds memory access vulnerability exists in specific firmware versions of Milesight AIOT cameras.

πŸ“… Published: April 27, 2026, 11:45 p.m. πŸ”„ Last Modified: April 28, 2026, 2:39 p.m.

9.3

CVSS4.0

CVE-2026-7202 - Totolink A8000RU CGI cstecgi.cgi setWiFiWpsStart os command injection

A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setWiFiWpsStart of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument wscDisabled leads to os command injection. The attack can be initiated remotely. The expl…

πŸ“… Published: April 27, 2026, 11:45 p.m. πŸ”„ Last Modified: April 29, 2026, 2:13 p.m.

7.3

CVSS4.0

CVE-2026-32649 - Milesight Cameras OS Command Injection

A command injection vulnerability exists in the web server of specific firmware versions of Milesight cameras.

πŸ“… Published: April 27, 2026, 11:42 p.m. πŸ”„ Last Modified: April 28, 2026, 2:42 p.m.
Total resulsts: 347814
Page 97 of 34,782
Β« previous page Β» next page
Filters