4
CVE-2026-33555 - haproxy: HAProxy: Request smuggling via HTTP/3 parser desynchronization
An issue was discovered in HAProxy before 3.3.6. The HTTP/3 parser does not check that the received body length matches a previously announced content-length when the stream is closed via a frame with an empty payload. This can cause desynchronization issues with the backend server and could be useβ¦
5.5
CVE-2026-31425 - rds: ib: reject FRMR registration before IB connection is established
In the Linux kernel, the following vulnerability has been resolved: rds: ib: reject FRMR registration before IB connection is established rds_ib_get_mr() extracts the rds_ib_connection from conn->c_transport_data and passes it to rds_ib_reg_frmr() for FRWR memory registration. On a fresh outgoingβ¦
0.0
CVE-2026-31280 - Bluetooth RFCOMM Denial of Service in Parani M10 Intercom
An issue in the Bluetooth RFCOMM service of Parani M10 Motorcycle Intercom v2.1.3 allows unauthorized attackers to cause a Denial of Service (DoS) via supplying crafted RFCOMM frames.
9.8
CVE-2026-31282 - Brute-Force Login via Incorrect Access Control in Totara LMS
Totara LMS v19.1.5 and before is vulnerable to Incorrect Access Control. The login page code can be manipulated to reveal the login form. An attacker can chain that with missing rate-limit on the login form to launch a brute force attack. NOTE: this is disputed by the Supplier because (1) local logβ¦
2.7
CVE-2026-36944 - SQL Injection in Sourcecodester Computer and Mobile Repair Shop Management System v1.0
Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerale to SQL injection in the file/rsms/admin/repairs/view_details.php.
8.8
CVE-2026-29955 - KubePlus 4.14 Command Injection via /registercrd Endpoint
The `/registercrd` endpoint in KubePlus 4.14 in the kubeconfiggenerator component is vulnerable to command injection. The component uses `subprocess.Popen()` with `shell=True` parameter to execute shell commands, and the user-supplied `chartName` parameter is directly concatenated into the command β¦
3.1
CVE-2026-6856 - keycloak: keycloak: acceptable AAGUID policy bypass via packed self-attestation in WebAuthn registrβ¦
No description is available for this CVE.
7.5
CVE-2026-30998 - FFmpeg: FFmpeg: Denial of Service vulnerability in zmqsend.c via crafted input
An improper resource deallocation and closure vulnerability in the tools/zmqsend.c component of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted input file.
5.5
CVE-2026-31423 - net/sched: sch_hfsc: fix divide-by-zero in rtsc_min()
In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_hfsc: fix divide-by-zero in rtsc_min() m2sm() converts a u32 slope to a u64 scaled value. For large inputs (e.g. m1=4000000000), the result can reach 2^32. rtsc_min() stores the difference of two such u64 values β¦
5.5
CVE-2026-31416 - netfilter: nfnetlink_log: account for netlink header size
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_log: account for netlink header size This is a followup to an old bug fix: NLMSG_DONE needs to account for the netlink header size, not just the attribute size. This can result in a WARN splat + drop of the β¦