CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2026-5630 A flaw has been found in assafelovic gpt-researcher up to 3.4.3. The impacted element is an unknown function of the file backend/server/app.py of the component Report API. This manipulation causes cro... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-5631 A vulnerability has been found in assafelovic gpt-researcher up to 3.4.3. This affects the function extract_command_data of the file backend/server/server_utils.py of the component ws Endpoint. Such m... | 7.3 | HIGH | — | 0 |
| CVE-2026-5632 A vulnerability was found in assafelovic gpt-researcher up to 3.4.3. This impacts an unknown function of the component HTTP REST API Endpoint. Performing a manipulation results in missing authenticati... | 7.3 | HIGH | — | 0 |
| CVE-2026-31405 In the Linux kernel, the following vulnerability has been resolved: media: dvb-net: fix OOB access in ULE extension header tables The ule_mandatory_ext_handlers[] and ule_optional_ext_handlers[] tab... | N/A | NONE | — | 0 |
| CVE-2026-31406 In the Linux kernel, the following vulnerability has been resolved: xfrm: Fix work re-schedule after cancel in xfrm_nat_keepalive_net_fini() After cancel_delayed_work_sync() is called from xfrm_nat_... | N/A | NONE | — | 0 |
| CVE-2026-31407 In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: add missing netlink policy validations Hyunwoo Kim reports out-of-bounds access in sctp and ctnetlink. Thes... | N/A | NONE | — | 0 |
| CVE-2026-31408 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold sco_recv_frame() reads conn->sk under sco_conn_loc... | N/A | NONE | — | 0 |
| CVE-2026-31409 In the Linux kernel, the following vulnerability has been resolved: ksmbd: unset conn->binding on failed binding request When a multichannel SMB2_SESSION_SETUP request with SMB2_SESSION_REQ_FLAG_BIN... | N/A | NONE | — | 0 |
| CVE-2026-31410 In the Linux kernel, the following vulnerability has been resolved: ksmbd: use volume UUID in FS_OBJECT_ID_INFORMATION Use sb->s_uuid for a proper volume identifier as the primary choice. For filesy... | N/A | NONE | — | 0 |
| CVE-2026-5633 A vulnerability was determined in assafelovic gpt-researcher up to 3.4.3. Affected is an unknown function of the component ws Endpoint. Executing a manipulation of the argument source_urls can lead to... | 7.3 | HIGH | — | 0 |
| CVE-2026-5634 A vulnerability was identified in projectworlds Car Rental Project 1.0. Affected by this vulnerability is an unknown functionality of the file /book_car.php of the component Parameter Handler. The man... | 7.3 | HIGH | — | 0 |
| CVE-2026-5635 A security flaw has been discovered in PHPGurukul Online Shopping Portal Project 2.1. Affected by this issue is some unknown functionality of the file /categorywise-products.php of the component Param... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-5636 A weakness has been identified in PHPGurukul Online Shopping Portal Project 2.1. This affects an unknown part of the file /cancelorder.php of the component Parameter Handler. This manipulation of the ... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-37977 A flaw was found in Keycloak. A remote attacker can exploit a Cross-Origin Resource Sharing (CORS) header injection vulnerability in Keycloak's User-Managed Access (UMA) token endpoint. This flaw occu... | 3.7 | LOW | — | 0 |
| CVE-2026-5637 A security vulnerability has been detected in projectworlds Car Rental System 1.0. This vulnerability affects unknown code of the file /message_admin.php of the component Parameter Handler. Such manip... | 7.3 | HIGH | — | 0 |
| CVE-2026-5638 A vulnerability was detected in HerikLyma CPPWebFramework up to 3.1. This issue affects some unknown processing. Performing a manipulation results in path traversal. Remote exploitation of the attack ... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-5639 A flaw has been found in PHPGurukul Online Shopping Portal Project 2.1. Impacted is an unknown function of the file /admin/update-image3.php of the component Parameter Handler. Executing a manipulatio... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-5640 A vulnerability has been found in PHPGurukul Online Shopping Portal Project 2.1. The affected element is an unknown function of the file /admin/update-image2.php of the component Parameter Handler. Th... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-5641 A vulnerability was found in PHPGurukul Online Shopping Portal Project 2.1. The impacted element is an unknown function of the file /admin/update-image1.php of the component Parameter Handler. The man... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-5642 A vulnerability was determined in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This affects an unknown function of the file /viva/update.php of the component HTT... | 7.3 | HIGH | — | 0 |
| CVE-2026-5645 A weakness has been identified in projectworlds Car Rental System 1.0. Affected by this vulnerability is an unknown functionality of the file /pay.php of the component Parameter Handler. Executing a m... | 7.3 | HIGH | — | 0 |
| CVE-2026-5646 A security vulnerability has been detected in code-projects Easy Blog Site 1.0. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument username/pa... | 7.3 | HIGH | — | 0 |
| CVE-2026-5647 A vulnerability was detected in code-projects Online Shoe Store 1.0. This affects an unknown part of the file /admin/admin_feature.php of the component Add Product Page. The manipulation of the argume... | 2.4 | LOW | — | 0 |
| CVE-2026-5648 A flaw has been found in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /userfinishregister.php of the component Parameter Handler. This manipulation of t... | 7.3 | HIGH | — | 0 |
| CVE-2026-5649 A vulnerability has been found in code-projects Online Application System for Admission 1.0. This issue affects some unknown processing of the file /enrollment/admsnform.php of the component Endpoint.... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-5650 A vulnerability was found in code-projects Online Application System for Admission 1.0. Impacted is an unknown function of the file /enrollment/database/oas.sql. Performing a manipulation results in i... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-30078 OpenAirInterface V2.2.0 AMF crashes when it receives an NGAP message with invalid procedure code or invalid PDU-type. For example when the message specification requires InitiatingMessage but sent wit... | 7.5 | HIGH | — | 0 |
| CVE-2026-5659 A vulnerability was found in pytries datrie up to 0.8.3. The affected element is the function Trie.load/Trie.read/Trie.__setstate__ of the file src/datrie.pyx of the component trie File Handler. The m... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-5660 A vulnerability was determined in itsourcecode Construction Management System 1.0. The impacted element is an unknown function of the file /borrowed_equip.php of the component Parameter Handler. This ... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-26026 GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, template injection by an administrator lead to RCE. This vulnerability is fixed in 11.0.6. | 9.1 | CRITICAL | — | 0 |
| CVE-2026-31053 A double free vulnerability exists in librz/bin/format/le/le.c in the function le_load_fixup_record(). When processing malformed or circular LE fixup chains, relocation entries may be freed multiple t... | 6.2 | MEDIUM | — | 0 |
| CVE-2026-31061 UTT Aggressive HiPER 810G v3v1.7.7-171114 was discovered to contain a buffer overflow in the timestart parameter of the ConfigAdvideo function. This vulnerability allows attackers to cause a Denial of... | 4.5 | MEDIUM | — | 0 |
| CVE-2026-31062 UTT Aggressive 520W v3v1.7.7-180627 was discovered to contain a buffer overflow in the filename parameter of the formFtpServerDirConfig function. This vulnerability allows attackers to cause a Denial ... | 4.5 | MEDIUM | — | 0 |
| CVE-2026-31063 UTT Aggressive HiPER 1200GW v2.5.3-170306 was discovered to contain a buffer overflow in the pools parameter of the formArpBindConfig function. This vulnerability allows attackers to cause a Denial of... | 4.5 | MEDIUM | — | 0 |
| CVE-2026-31065 UTT Aggressive 520W v3v1.7.7-180627 was discovered to contain a buffer overflow in the addCommand parameter of the formConfigCliForEngineerOnly function. This vulnerability allows attackers to cause a... | 4.5 | MEDIUM | — | 0 |
| CVE-2026-31066 UTT Aggressive HiPER 810G v3v1.7.7-171114 was discovered to contain a buffer overflow in the selDateType parameter of the formTaskEdit function. This vulnerability allows attackers to cause a Denial o... | 4.5 | MEDIUM | — | 0 |
| CVE-2026-32602 Homarr is an open-source dashboard. Prior to 1.57.0, the user registration endpoint (/api/trpc/user.register) is vulnerable to a race condition that allows an attacker to create multiple user accounts... | 4.2 | MEDIUM | — | 0 |
| CVE-2026-33403 Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. From 6.0 to before 6.5, a reflected DOM-based XSS vulnerability in taillo... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-33404 Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. From 6.0 to before 6.5, client hostnames and IP addresses from the FTL da... | 3.4 | LOW | — | 0 |
| CVE-2026-33406 Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. From 6.0 to before 6.5, configuration values from the /api/config endpoin... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-33510 Homarr is an open-source dashboard. Prior to 1.57.0, a DOM-based Cross-Site Scripting (XSS) vulnerability has been discovered in Homarr's /auth/login page. The application improperly trusts a URL para... | 8.8 | HIGH | — | 0 |
| CVE-2026-33540 Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, in pull-through cache mode, distribution discovers token auth endpoints by parsing WWW-Authenticate chall... | 7.5 | HIGH | — | 0 |
| CVE-2026-34885 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David Lingren Media LIbrary Assistant allows SQL Injection.This issue affects Media LIbrary Assist... | 8.5 | HIGH | — | 0 |
| CVE-2026-34897 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Lingren Media LIbrary Assistant allows Stored XSS.This issue affects Media LIbrary Assistant... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-5661 A vulnerability was identified in Free5GC 4.2.0. This affects an unknown function of the component NGSetupRequest Handler. Such manipulation leads to denial of service. The attack may be launched remo... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-5663 A security flaw has been discovered in OFFIS DCMTK up to 3.7.0. This impacts the function executeOnReception/executeOnEndOfStudy of the file dcmnet/apps/storescp.cc of the component storescp. Performi... | 7.3 | HIGH | — | 0 |
| CVE-2024-14032 Twitch Studio version 0.114.8 and prior contain a privilege escalation vulnerability in its privileged helper tool that allows local attackers to execute arbitrary code as root by exploiting an unprot... | 7.8 | HIGH | — | 0 |
| CVE-2026-21376 Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver. | 7.8 | HIGH | — | 0 |
| CVE-2026-21378 Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver. | 7.8 | HIGH | — | 0 |
| CVE-2026-33405 Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. From 6.0 to before 6.5, the formatInfo() function in queries.js renders d... | 3.1 | LOW | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.