Common Vulnerabilities and Exposures (CVE)

CVE-2026-14638

Jul 6, 2026 17:13:53 UTC

A flaw has been found in itsourcecode Hospital Management System 1.0. This affects an unknown function of the file /patient.php. This manipulation of the argument editid causes sql injection. The attack may be initiated remotely. The exploi...

CVE-2026-14632

Jul 6, 2026 17:12:57 UTC

A vulnerability was found in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 95dfa8cebbb87ab46ae450643a07241274a74dce. Affected by this issue is the function setReferrer of the file application/core/MY_Controller.php of the component Trus...

CVE-2026-14625

Jul 6, 2026 17:12:17 UTC

A security flaw has been discovered in NousResearch hermes-agent up to 0.15.2. The affected element is the function shell.exec of the file tui_gateway/server.py. The manipulation results in protection mechanism failure. It is possible to la...

CVE-2026-14618

Jul 6, 2026 17:11:44 UTC

A vulnerability was detected in Open5GS up to 2.7.7. Affected by this vulnerability is the function amf_nnrf_handle_nf_discover of the file src/amf/nnrf-handler.c of the component AMF. The manipulation results in denial of service. The atta...

CVE-2026-11564

Jul 6, 2026 17:10:33 UTC

libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. An easy handle that first uses default native CA trust can continue trusting the native platform store after...

CVE-2025-71362

Jul 6, 2026 17:10:32 UTC

picklescan before 0.0.33 fails to detect unsafe deserialization when numpy.f2py.crackfortran functions call eval on arbitrary strings. Attackers can embed malicious code in pickle files that executes when loaded from untrusted sources.

CVE-2026-38971

Jul 6, 2026 17:09:07 UTC

ardupilot through Plane-4.6.3 was found to contain an out-of-bounds read issue in libraries/GCS_MAVLink/GCS_serial_control.cpp in GCS_MAVLINK::handle_serial_control().

CVE-2025-71345

Jul 6, 2026 17:08:32 UTC

picklescan before 0.0.30 fails to detect malicious pickle files that invoke torch.utils.bottleneck.__main__.run_autograd_prof function. Attackers can embed undetected code in pickle files that executes during deserialization, enabling remot...

CVE-2026-8925

Jul 6, 2026 17:04:15 UTC

The curl logic that works with SASL authentication could end up cleaning up the GSASL context *twice* without clearing the pointer in between, making it `free()` the same pointer twice.

CVE-2026-8926

Jul 6, 2026 17:02:33 UTC

When asking curl to use a `.netrc` file to find credentials and at the same time specifying a URL with a username(without a password), like `https://user@example.com/`, curl could wrongly get and use the password for *another* user set in t...

CVE-2026-8927

Jul 6, 2026 17:01:06 UTC

When reusing a libcurl handle for sequential transfers driven by environment-variable proxy configuration, libcurl fails to clear the proxy authentication state between requests. Specifically, if the initial transfer authenticates against `...

CVE-2026-45489

Jul 6, 2026 16:59:59 UTC

Microsoft Edge (Chromium-based) Spoofing Vulnerability

CVE-2026-8932

Jul 6, 2026 16:59:07 UTC

libcurl would reuse a previously created connection even when some mTLS config related option had been changed that should have prohibited reuse. libcurl keeps previously used connections in a connection pool for subsequent transfers to re...

CVE-2026-8924

Jul 6, 2026 16:57:16 UTC

A flaw in curl’s cookie parsing logic allows a malicious HTTP server to set 'super cookies' that bypass the Public Suffix List check. This enables an attacker-controlled origin to inject cookies that curl subsequently scopes and transmits t...

CVE-2026-9080

Jul 6, 2026 16:55:16 UTC

Calling `curl_easy_pause()` within the event-based `CURLMOPT_SOCKETFUNCTION` callback triggers a use-after-free vulnerability, where libcurl attempts to store a flag using a dangling struct pointer immediately after that pointer's memory ha...