6.1
CVE-2025-45806 -
A cross-site scripting (XSS) vulnerability in rrweb-snapshot before v2.0.0-alpha.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
9.1
CVE-2026-30479 - DLL Injection in MapServer Pre-8.0 Enabling Arbitrary Code Execution
A Dynamic-link Library Injection vulnerability in OSGeo Project MapServer before v8.0 allows attackers to execute arbitrary code via a crafted executable.
4.3
CVE-2025-70811 - CSRF in phpBB Icon Management Enables Local Administrative Code Execution
Cross Site Request Forgery vulnerability in Phpbb phbb3 v.3.3.15 allows a local attacker to execute arbitrary code via the Admin Control Panel icon management functionality.
8.8
CVE-2025-70810 - CrossβSite Request Forgery in PhpBB phbb3 Login Enables Local Code Execution
Cross Site Request Forgery vulnerability in Phpbb phbb3 v.3.3.15 allows a local attacker to execute arbitrary code via the login function and the authentication mechanism
8.8
CVE-2025-70364 - Administrative RCE via Arbitrary PHP Execution in Kiamo <8.4
An issue was discovered in Kiamo before 8.4 allowing authenticated administrative attackers to execute arbitrary PHP code on the server. NOTE: the Supplier's position is that this is "a historical and intended administrative feature of the product, accessible only to already authenticated users expβ¦
5.5
CVE-2026-6862 - Efivar: efivar: denial of service due to stack overflow in device path node parsing
A flaw was found in libefiboot, a component of efivar. The device path node parser in libefiboot fails to validate that each node's Length field is at least 4 bytes, which is the minimum size for an EFI (Extensible Firmware Interface) device path node header. A local user could exploit this vulneraβ¦
6.9
CVE-2026-5824 - code-projects Simple Laundry System userchecklogin.php sql injection
A security vulnerability has been detected in code-projects Simple Laundry System 1.0. This affects an unknown part of the file /userchecklogin.php. Such manipulation of the argument userid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publiclyβ¦
5.3
CVE-2026-5823 - itsourcecode Construction Management System borrowed_tool_report.php sql injection
A weakness has been identified in itsourcecode Construction Management System 1.0. Affected by this issue is some unknown functionality of the file /borrowed_tool_report.php. This manipulation of the argument Home causes sql injection. It is possible to initiate the attack remotely. The exploit hasβ¦
8.7
CVE-2026-5815 - D-Link DIR-645 hedwig.cgi hedwigcgi_main stack-based overflow
A vulnerability was detected in D-Link DIR-645 1.01/1.02/1.03. Impacted is the function hedwigcgi_main of the file /cgi-bin/hedwig.cgi. The manipulation results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may be used. This vulnerability only afβ¦
6.9
CVE-2026-5814 - PHPGurukul Online Course Registration check_availability.php sql injection
A security vulnerability has been detected in PHPGurukul Online Course Registration 3.1. This issue affects some unknown processing of the file /admin/check_availability.php. The manipulation of the argument regno leads to sql injection. The attack can be initiated remotely. The exploit has been diβ¦