Common Vulnerabilities and Exposures (CVE)

CVE-2026-5911

May 10, 2026 20:06:01 UTC

Policy bypass in ServiceWorkers in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)

CVE-2026-1502

May 10, 2026 20:05:37 UTC

CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host.

CVE-2026-36874

May 10, 2026 20:04:09 UTC

Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load_student.php.

CVE-2026-31280

May 10, 2026 20:03:40 UTC

An issue in the Bluetooth RFCOMM service of Parani M10 Motorcycle Intercom v2.1.3 allows unauthorized attackers to cause a Denial of Service (DoS) via supplying crafted RFCOMM frames.

Catalyst::Plugin::Statsd versions through 0.10.0 for Perl may leak session ids. If the communication channel to the statsd daemon is not secured (for example, by sending UDP packets to a host on another network), then users' session ids ma...

CVE-2025-65134

May 10, 2026 20:01:56 UTC

In manikandan580 School-management-system 1.0, a reflected cross-site scripting (XSS) vulnerability exists in /studentms/admin/contact-us.php via the email POST parameter.

CVE-2026-21733

May 10, 2026 20:00:46 UTC

Vulnerability in Imagination Technologies Graphics DDK on Linux, Android -- RESERVED

CVE-2026-34314

May 10, 2026 19:59:28 UTC

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Difficul...

CVE-2026-31370

May 10, 2026 19:58:54 UTC

Honor E APP is affected by information leak vulnerability, successful exploitation of this vulnerability may affect service confidentiality.

CVE-2026-31368

May 10, 2026 19:58:19 UTC

AiAssistant is affected by type privilege bypass, successful exploitation of this vulnerability may affect service availability.

CVE-2026-3007

May 10, 2026 19:57:33 UTC

Successful exploitation of the stored cross-site scripting (XSS) vulnerability could allow an attacker to execute arbitrary JavaScript on any user account that has access to Koollab LMS’ courselet feature.

CVE-2026-38949

May 10, 2026 19:57:07 UTC

Cross-Site Scripting (XSS) vulnerability exists in HTMLy version 3.1.1 in the content creation functionality at the /add/content?type=image endpoint. The application fails to properly sanitize user input, allowing injection of arbitrary cod...

CVE-2026-35253

May 10, 2026 19:56:18 UTC

Vulnerability in the Oracle Macoron Tool product of Oracle Open Source Projects. The supported versions that is affected is v0.22.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

CVE-2026-45184

May 10, 2026 17:48:53 UTC

Kdenlive before 26.04.1 allows dangerous proxy parameters when an attacker-controlled project file is used.

CVE-2026-5791

May 10, 2026 15:48:12 UTC

Cross-Site request forgery (CSRF) vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Cross Site Request Forgery. This issue affects DivvyDrive: from 4.8.2.9 before 4.8.3.2.

Page: 2