Common Vulnerabilities and Exposures (CVE)

CVE-2026-31786

May 4, 2026 07:46:40 UTC

In the Linux kernel, the following vulnerability has been resolved: Buffer overflow in drivers/xen/sys-hypervisor.c The build id returned by HYPERVISOR_xen_version(XENVER_build_id) is neither NUL terminated nor a string. The first causes...

CVE-2026-7745

May 4, 2026 07:45:11 UTC

A vulnerability was determined in CodeAstro Online Classroom 1.0. This impacts an unknown function of the file /OnlineClassroom/facultydetails. This manipulation of the argument deleteid causes sql injection. It is possible to initiate the ...

CVE-2025-14320

May 4, 2026 07:41:35 UTC

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Tegsoft Management and Information Services Trade Limited Company Online Support Application allows Reflected XSS. This issue affects Onl...

CVE-2026-7744

May 4, 2026 07:30:13 UTC

A vulnerability was found in CodeAstro Online Classroom 1.0. This affects an unknown function of the file /OnlineClassroom/addnewstudent. The manipulation of the argument fname results in sql injection. The attack may be performed from remo...

CVE-2026-7743

May 4, 2026 07:15:10 UTC

A vulnerability has been found in CodeAstro Online Classroom 1.0. The impacted element is an unknown function of the file /OnlineClassroom/studentdetails. The manipulation of the argument deleteid leads to sql injection. The attack is possi...

CVE-2026-7741

May 4, 2026 06:45:11 UTC

A vulnerability was detected in CodeAstro Online Classroom 1.0. Impacted is an unknown function of the file /OnlineClassroom/studentlogin. Performing a manipulation of the argument sid results in sql injection. Remote exploitation of the at...

CVE-2026-7740

May 4, 2026 06:30:13 UTC

A security vulnerability has been detected in justdan96 tsMuxer up to 2.7.0. This issue affects the function VvcVpsUnit::setFPS of the file tsMuxer/vvc.cpp. Such manipulation of the argument track_id leads to denial of service. An attack ha...

CVE-2026-7739

May 4, 2026 06:15:11 UTC

A weakness has been identified in justdan96 tsMuxer up to 2.7.0. This vulnerability affects the function HevcVpsUnit::setFPS of the file /AFLplusplus/tsMuxer_prev/tsMuxer/hevc.cpp. This manipulation of the argument track_id causes denial of...

CVE-2026-43864

May 4, 2026 06:11:07 UTC

mutt before 2.3.2 has a show_sig_summary NULL pointer dereference.

CVE-2026-43863

May 4, 2026 06:06:06 UTC

mutt before 2.3.2 has an infinite loop in data_object_to_stream in crypt-gpgme.c.

CVE-2026-6859

May 4, 2026 06:05:04 UTC

A flaw was found in InstructLab. The `linux_train.py` script hardcodes `trust_remote_code=True` when loading models from HuggingFace. This allows a remote attacker to achieve arbitrary Python code execution by convincing a user to run `ilab...

CVE-2026-43862

May 4, 2026 06:01:01 UTC

In mutt before 2.3.2, the imap_auth_gss security level is mishandled.

CVE-2026-7738

May 4, 2026 06:00:17 UTC

A security flaw has been discovered in puchunjie doc-tools-mcp 1.0.18. This affects the function create_document/open_document of the file src/mcp-server.ts of the component MCP Interface. The manipulation of the argument filePath results i...

CVE-2026-5335

May 4, 2026 06:00:08 UTC

The Magic Export & Import WordPress plugin before 1.2.0 stores exported CSV files at a publicly accessible location, making it possible for any visitors to leak sensitive user information.

CVE-2026-43861

May 4, 2026 05:53:13 UTC

mutt before 2.3.2 does not check for '\0' in url_pct_decode.