6.5
CVE-2021-47960 - Local HTTP Server Exposes Sensitive Files in Synology SSL VPN Client
A files or directories accessible to external parties vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access files within the installation directory via a local HTTP server bound to the loopback interface. By leveraging user interaction with a crafted web page,β¦
9.8
CVE-2026-6057 - Unauthenticated Path Traversal in FalkorDB Browser Leads to Remote Code Execution
FalkorDB Browser 1.9.3 contains an unauthenticated path traversal vulnerability in the file upload API that allows remote attackers to write arbitrary files and achieve remote code execution.
4.8
CVE-2026-6042 - musl libc GB18030 4-byte Decoder iconv.c iconv algorithmic complexity
A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the file src/locale/iconv.c of the component GB18030 4-byte Decoder. Performing a manipulation results in inefficient algorithmic complexity. The attack must be initiated from a local position. To fix thβ¦
6.9
CVE-2026-6038 - code-projects Vehicle Showroom Management System RegisterCustomerFunction.php sql injection
A vulnerability was identified in code-projects Vehicle Showroom Management System 1.0. This impacts an unknown function of the file /util/RegisterCustomerFunction.php. Such manipulation of the argument BRANCH_ID leads to sql injection. The attack may be performed from remote. The exploit is publicβ¦
5.3
CVE-2026-33457 - Potential livestatus injection in prediction graph page
Livestatus injection in the prediction graph page in Checkmk <2.5.0b4, <2.4.0p26, and <2.3.0p47 allows an authenticated user to inject arbitrary Livestatus commands via a crafted service name parameter due to insufficient sanitization of the service description value.
5.1
CVE-2026-33456 - Potential livestatus injection in notification test
Livestatus injection in the notification test mode in Checkmk <2.5.0b4 and <2.4.0p26 allows an authenticated user with access to the notification test page to inject arbitrary Livestatus commands via a crafted service description.
5.3
CVE-2026-33455 - Livestatus injection in monitoring quicksearch
Livestatus injection in the monitoring quicksearch in Checkmk <2.5.0b4 allows an authenticated attacker to inject livestatus commands via the search query due to insufficient input sanitization in search filter plugins.
6.9
CVE-2026-6037 - code-projects Vehicle Showroom Management System AddVehicleFunction.php sql injection
A vulnerability was determined in code-projects Vehicle Showroom Management System 1.0. This affects an unknown function of the file /util/AddVehicleFunction.php. This manipulation of the argument BRANCH_ID causes sql injection. The attack is possible to be carried out remotely. The exploit has beeβ¦
6.9
CVE-2026-6036 - code-projects Vehicle Showroom Management System VehicleDetailsFunction.php sql injection
A vulnerability was found in code-projects Vehicle Showroom Management System 1.0. The impacted element is an unknown function of the file /util/VehicleDetailsFunction.php. The manipulation of the argument VEHICLE_ID results in sql injection. The attack can be executed remotely. The exploit has beeβ¦
5.3
CVE-2026-6035 - code-projects Vehicle Showroom Management System ServiceAndSalesReport.php cross site scripting
A vulnerability has been found in code-projects Vehicle Showroom Management System 1.0. The affected element is an unknown function of the file /BranchManagement/ServiceAndSalesReport.php. The manipulation of the argument BRANCH_ID leads to cross site scripting. Remote exploitation of the attack isβ¦