6.1
CVE-2026-31262 - Information Disclosure via XSS in Altenar Sportsbook Platform 2.0 URL Parameter
Cross Site Scripting vulnerability in Altenar Sportsbook Software Platform (SB2) v.2.0 allows a remote attacker to obtain sensitive information and execute arbitrary code via the URL parameter
5.4
CVE-2026-40212 - DOM-based CrossโSite Scripting in OpenStack Skyline Console Logs
OpenStack Skyline before 5.0.1, 6.0.0, and 7.0.0 has a DOM-based Cross-Site Scripting (XSS) vulnerability in the console because document.write is used unsafely, which is relevant in scenarios where administrators use the console web interface to view instance console logs.
8.1
CVE-2026-40200 - musl: musl libc: Arbitrary code execution and denial of service via stack-based memory corruption iโฆ
An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i.e., the 32nd Leonardo number on 32-bit platforms (orโฆ
9.8
CVE-2026-29861 -
PHP-MYSQL-User-Login-System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at login.php.
9.8
CVE-2026-36235 - SQL Injection in Online Student Enrollment System 1.0 Allows Arbitrary Database Access
A SQL injection vulnerability was found in the scheduleSubList.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that the 'subjcode' parameter is directly embedded into the SQL query via string interpolation without any sanitization or validation.
9.8
CVE-2025-44560 - Buffer Overflow in owntoneโServer Due to Missing Recursive Validation
owntone-server 2ca10d9 is vulnerable to Buffer Overflow due to lack of recursive checking.
9.8
CVE-2026-36233 - SQL Injection in Online Student Enrollment System Allowing Arbitrary Database Access
A SQL injection vulnerability was found in the assignInstructorSubjects.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that attackers can inject malicious code via the parameter "subjcode" and use it directly in SQL queries without the need for appropriโฆ
9.8
CVE-2026-36232 - SQL Injection in instructorClasses.php of Online Student Enrollment System v1.0
A SQL injection vulnerability was found in the instructorClasses.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that the 'classId' parameter from $_GET['classId'] is directly concatenated into the SQL query without any sanitization or validation.
5.4
CVE-2026-6848 - Quay: red hat quay: authentication bypass allows privileged actions without valid credentials
A flaw was found in Red Hat Quay. When Red Hat Quay requests password re-verification for sensitive operations, such as token generation or robot account creation, the re-authentication prompt can be bypassed. This allows a user with a timed-out session, or an attacker with access to an idle authenโฆ
0.0
CVE-2026-31412 - usb: gadget: f_mass_storage: Fix potential integer overflow in check_command_size_in_blocks()
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_mass_storage: Fix potential integer overflow in check_command_size_in_blocks() The `check_command_size_in_blocks()` function calculates the data size in bytes by left shifting `common->data_size_from_cmnd` by the bโฆ