7.5
CVE-2026-3496 - JetBooking <= 4.0.3 - Unauthenticated SQL Injection via 'check_in_date' Parameter
The JetBooking plugin for WordPress is vulnerable to SQL Injection via the 'check_in_date' parameter in all versions up to, and including, 4.0.3. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible β¦
6.2
CVE-2026-3904 - glibc: nscd client crash on x86_64 under high nscd load
Calling NSS-backed functions that support caching via nscd may call the nscd client side code and in the GNU C Library version 2.36 under high load on x86_64 systems, the client may call memcmp on inputs that are concurrently modified by other processes or threads and crash. The nscd client β¦
6.9
CVE-2026-3944 - itsourcecode University Management System att_add.php sql injection
A vulnerability was determined in itsourcecode University Management System 1.0. This vulnerability affects unknown code of the file /att_add.php. This manipulation of the argument Name causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utβ¦
6.9
CVE-2026-3943 - H3C ACG1000-AK230 aaa_portal_auth_local_submit command injection
A vulnerability was found in H3C ACG1000-AK230 up to 20260227. This affects an unknown part of the file /webui/?aaa_portal_auth_local_submit. The manipulation of the argument suffix results in command injection. The attack can be launched remotely. The exploit has been made public and could be usedβ¦
0.0
CVE-2026-3948 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
7.2
CVE-2026-3178 - Name Directory <= 1.32.1 - Unauthenticated Stored Cross-Site Scripting via 'name_directory_name'
The Name Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name_directory_name' parameter in all versions up to, and including, 1.32.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrβ¦
7.5
CVE-2026-3805 - use after free in SMB connection reuse
When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory.
6.5
CVE-2026-3784 - wrong proxy connection reuse with credentials
curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection.
5.3
CVE-2026-3783 - token leak with redirect and netrc
When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances. If the hostname that the first request is redirected to has information in the used .netrc file, with eithβ¦
6.5
CVE-2026-1965 - bad reuse of HTTP Negotiate connection
libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criterβ¦