Common Vulnerabilities and Exposures (CVE)
CVE-2026-5121
A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a...
CVE-2026-4424
A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacke...
CVE-2026-37338
SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/view_user.php.
CVE-2026-37346
SourceCodester Payroll Management and Information System v1.0 is vulnerable to SQL Injection in the file /payroll/view_account.php?emp_id=.
CVE-2026-37345
SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/manage_park.php.
CVE-2026-37347
SourceCodester Payroll Management and Information System v1.0 is vulnerable to SQL Injection in the file /payroll/view_employee.php.
CVE-2026-6409
A Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untrusted input. Maliciously structured messages—specifically those containing negative varints or deep recursion—can be used to crash the appl...
CVE-2026-5426
Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to February 24, 2026 allows adversaries to circumvent ViewState validation mechanisms and achieve remote code execution via malicious ViewState ...
CVE-2026-3324
Zohocorp ManageEngine Log360 versions 13000 through 13013 are vulnerable to authentication bypass on certain actions due to improper filter configuration.
CVE-2026-30459
An issue in the Forgot Password feature of Daylight Studio FuelCMS v1.5.2 allows unauthenticated attackers to obtain the password reset token of a victim user via a crafted link placed in a valid e-mail message.
CVE-2026-33793
An Execution with Unnecessary Privileges vulnerability in the User Interface (UI) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to gain root privileges, thus compromising the system. When a confi...
CVE-2025-11252
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Signum Technology Promotion and Training Inc. Windesk.Fm allows SQL Injection.This issue affects windesk.Fm: before v2.3.4. NOTE: The ve...
CVE-2026-37100
An issue in the Bluetooth Low Energy (BLE) control interface of the Yamaha SR-B30A sound bar firmware 2.40 (Mobile App: Sound Bar Remote / version: 2.40) allows remote attackers within BLE radio range to connect without authentication via t...
CVE-2026-40729
Missing Authorization vulnerability in bPlugins 3D viewer – Embed 3D Models 3d-viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 3D viewer – Embed 3D Models: from n/a through <= 1.8.5.
CVE-2026-40734
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zahlan Categories Images categories-images allows DOM-Based XSS.This issue affects Categories Images: from n/a through <= 3.3.1.