7.1
CVE-2026-2103 - Use of Hard-Coded Cryptographic Key for Password Storage
Infor SyteLine ERP uses hard-coded static cryptographic keys to encrypt stored credentials, including user passwords, database connection strings, and API keys. The encryption keys are identical across all installations. An attacker with access to the application binary and database can decrypt allβ¦
5.9
CVE-2026-25556 - MuPDF <= 1.27.0 Barcode Decoding Double Free
MuPDF versions 1.23.0 through 1.27.0 contain a double-free vulnerability in fz_fill_pixmap_from_display_list() when an exception occurs during display list rendering. The function accepts a caller-owned fz_pixmap pointer but incorrectly drops the pixmap in its error handling path before rethrowing β¦
7.7
CVE-2025-13523 - Cross-Site Scripting (XSS) via Unescaped Display Names in Mattermost Confluence Plugin OAuth2 Flow
Mattermost Confluence plugin version <1.7.0 fails to properly escape user-controlled display names in HTML template rendering which allows authenticated Confluence users with malicious display names to execute arbitrary JavaScript in victim browsers via sending a specially crafted OAuth2 connectionβ¦
6.9
CVE-2026-2057 - SourceCodester Medical Center Portal Management System login.php sql injection
A vulnerability was detected in SourceCodester Medical Center Portal Management System 1.0. This affects an unknown function of the file /login.php. The manipulation of the argument User results in sql injection. The attack can be executed remotely. The exploit is now public and may be used.
6.9
CVE-2026-2056 - D-Link DIR-605L/DIR-619L DHCP Connection Status wan_connection_status.asp information disclosure
A security vulnerability has been detected in D-Link DIR-605L and DIR-619L 2.06B01/2.13B01. The impacted element is an unknown function of the file /wan_connection_status.asp of the component DHCP Connection Status Handler. The manipulation leads to information disclosure. Remote exploitation of thβ¦
8.3
CVE-2025-13818 - Local privilege escalation in ESET Management Agent for Windows
Local privilege escalation vulnerability via insecure temporary batch file execution in ESET Management Agent
1.1
CVE-2026-1337 - Insufficient escaping of unicode characters in query log
Insufficient escaping of unicode characters in query log in Neo4j Enterprise and Community editions prior to 2026.01 can lead to XSS if the user opens the logs in a tool that treats them as HTML. There is no security impact on Neo4j products, but this advisory is released as a precaution to treat tβ¦
6.9
CVE-2026-2055 - D-Link DIR-605L/DIR-619L DHCP Client Information information disclosure
A weakness has been identified in D-Link DIR-605L and DIR-619L 2.06B01/2.13B01. The affected element is an unknown function of the component DHCP Client Information Handler. Executing a manipulation can lead to information disclosure. The attack may be launched remotely. The exploit has been made aβ¦
6.9
CVE-2026-2054 - D-Link DIR-605L/DIR-619L Wifi Setting information disclosure
A security flaw has been discovered in D-Link DIR-605L and DIR-619L 2.06B01/2.13B01. Impacted is an unknown function of the component Wifi Setting Handler. Performing a manipulation results in information disclosure. The attack may be initiated remotely. The exploit has been released to the public β¦
6.9
CVE-2026-2018 - itsourcecode School Management System controller.php sql injection
A flaw has been found in itsourcecode School Management System 1.0. This affects an unknown part of the file /ramonsys/settings/controller.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used.