0.0
CVE-2026-31418 - netfilter: ipset: drop logically empty buckets in mtype_del
In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: drop logically empty buckets in mtype_del mtype_del() counts empty slots below n->pos in k, but it only drops the bucket when both n->pos and k are zero. This misses buckets whose live entries have all been remoβ¦
5.5
CVE-2026-31428 - netfilter: nfnetlink_log: fix uninitialized padding leak in NFULA_PAYLOAD
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_log: fix uninitialized padding leak in NFULA_PAYLOAD __build_packet_message() manually constructs the NFULA_PAYLOAD netlink attribute using skb_put() and skb_copy_bits(), bypassing the standard nla_reserve()/β¦
5.5
CVE-2026-31421 - net/sched: cls_fw: fix NULL pointer dereference on shared blocks
In the Linux kernel, the following vulnerability has been resolved: net/sched: cls_fw: fix NULL pointer dereference on shared blocks The old-method path in fw_classify() calls tcf_block_q() and dereferences q->handle. Shared blocks leave block->q NULL, causing a NULL deref when an empty cls_fw fβ¦
5.4
CVE-2025-63743 - Authenticated XSS in SnipeβIT via Name and Surname Fields
Cross-Site Scripting vulnerability in the Snipe-IT web-based asset management system v8.3.0 to up and including v8.3.1 allows authenticated attacker with lowest privileges sufficient only to log in, to inject arbitrary JavaScript code via "Name" and "Surname" fields. The JavaScript code is executedβ¦
7.8
CVE-2026-31419 - net: bonding: fix use-after-free in bond_xmit_broadcast()
In the Linux kernel, the following vulnerability has been resolved: net: bonding: fix use-after-free in bond_xmit_broadcast() bond_xmit_broadcast() reuses the original skb for the last slave (determined by bond_is_last_slave()) and clones it for others. Concurrent slave enslave/release can mutateβ¦
5.8
CVE-2026-31427 - netfilter: nf_conntrack_sip: fix use of uninitialized rtp_addr in process_sdp
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_sip: fix use of uninitialized rtp_addr in process_sdp process_sdp() declares union nf_inet_addr rtp_addr on the stack and passes it to the nf_nat_sip sdp_session hook after walking the SDP media descriptioβ¦
7.5
CVE-2026-30999 - FFmpeg: FFmpeg: Denial of Service via heap buffer overflow in av_bprint_finalize()
A heap buffer overflow in the av_bprint_finalize() function of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input.
2.7
CVE-2026-36946 -
Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/inquiries/view_details.php.
2.7
CVE-2026-36937 - SQL Injection in Sourcecodester Online Resort Management System Admin Reservations View
Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injection in /orms/admin/reservations/view_details.php.
2.7
CVE-2026-36872 - SQL Injection Vulnerability in Basic Library System Load Book Endpoint
Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load_book.php.