VulDB Recent Entries

A vulnerability, which was classified as critical, has been found in dbt-labs dbt-core. Affected is an unknown function of the file dbt-labs/actions/blob/main/.github/workflows/open-issue-in-repo.yml of the component Comment Handler. The manipulation of the argument steps.issue_comment.outputs.comment- leads to os command injection. This vulnerability is uniquely identified as CVE-2026-39382. The attack is possible to be carried out remotely. No exploit exists. It is suggested to install a patch to address this issue.

A vulnerability classified as critical was found in drizzle-team drizzle-orm up to 0.45.1. This impacts the function escapeName. Executing a manipulation can lead to sql injection. This vulnerability is handled as CVE-2026-39356. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability classified as problematic has been found in jhuckaby Cronicle up to 0.9.110. This affects the function create_events of the component Job Details Page. Performing a manipulation results in cross site scripting. This vulnerability is known as CVE-2026-39400. Remote exploitation of the attack is possible. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability described as problematic has been identified in Semtech LR1110, LR1120 and LR1121. The impacted element is an unknown function of the component SPI Interface. Such manipulation leads to write-what-where condition. This vulnerability is traded as CVE-2025-14857. The attack can be executed directly on the physical device. There is no exploit available.

A vulnerability marked as critical has been reported in WWBN AVideo up to 26.0. The affected element is an unknown function. This manipulation causes server-side request forgery. This vulnerability appears as CVE-2026-39368. The attack may be initiated remotely. There is no available exploit.

A vulnerability labeled as problematic has been found in parse-community parse-server up to 8.6.74. Impacted is an unknown function of the file /sessions/ of the component Endpoint. The manipulation results in incorrect authorization. This vulnerability is reported as CVE-2026-39381. The attack can be launched remotely. No exploit exists. The affected component should be upgraded.

A vulnerability identified as problematic has been detected in WWBN AVideo up to 26.0. This issue affects the function epg_link of the component EPG Page. The manipulation leads to cross site scripting. This vulnerability is documented as CVE-2026-39367. The attack can be initiated remotely. There is not any exploit available. To fix this issue, it is recommended to deploy a patch.

A vulnerability categorized as problematic has been discovered in vitejs vite up to 6.4.1/7.3.1/8.0.4. This vulnerability affects unknown code of the component HTTP Request Handler. Executing a manipulation can lead to information disclosure. This vulnerability is registered as CVE-2026-39363. It is possible to launch the attack remotely. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability was found in JXL 9 Inch Car Android Double Din Player Android 12.0. It has been rated as problematic. This affects an unknown part. Performing a manipulation results in an unknown weakness. This vulnerability is cataloged as CVE-2025-69515. The attack must originate from the local network. There is no exploit available.

A vulnerability was found in makeplane plane up to 1.2.x. It has been declared as problematic. Affected by this issue is some unknown functionality of the file packages/utils/src/auth.ts of the component Authentication Utility Module. Such manipulation leads to information disclosure. This vulnerability is listed as CVE-2026-27949. The attack may be performed from remote. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability was found in vitejs vite up to 6.4.1/7.3.1/8.0.4. It has been classified as critical. Affected by this vulnerability is an unknown functionality. This manipulation causes path traversal. This vulnerability is tracked as CVE-2026-39365. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is recommended.

A vulnerability was found in NI LabVIEW up to 22.x/23.3.8/24.3.5/25.3.3/26.1.0 and classified as critical. Affected is an unknown function of the component LVCLASS File Parser. The manipulation results in out-of-bounds write. This vulnerability is identified as CVE-2026-32861. The attack can be executed remotely. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability has been found in NI LabVIEW up to 22.x/23.3.8/24.3.5/25.3.3/26.1.0 and classified as critical. This impacts the function aligned_free of the component VI File Parser. The manipulation leads to out-of-bounds read. This vulnerability is referenced as CVE-2026-32864. Remote exploitation of the attack is possible. No exploit is available. The affected component should be upgraded.

A vulnerability, which was classified as critical, was found in NI LabVIEW up to 22.x/23.3.8/24.3.5/25.3.3/26.1.0. This affects an unknown function of the component LVLIB File Parser. Executing a manipulation can lead to out-of-bounds write. The identification of this vulnerability is CVE-2026-32860. The attack may be launched remotely. There is no exploit available. You should upgrade the affected component.

A vulnerability, which was classified as critical, has been found in polarnl PolarLearn up to 0-PRERELEASE-15. The impacted element is an unknown function of the file /api/v1/auth/sign-in. Performing a manipulation results in improper authentication. This vulnerability was named CVE-2026-39322. The attack may be initiated remotely. There is no available exploit.

A vulnerability classified as problematic was found in opensourcepos Open Source Point of Sale up to 3.4.2. The affected element is the function customer_name of the component Daily Sales Page. Such manipulation of the argument first_name/last_name leads to cross site scripting. This vulnerability is uniquely identified as CVE-2026-32712. The attack can be launched remotely. No exploit exists. Upgrading the affected component is advised.

A vulnerability classified as problematic has been found in opensourcepos Open Source Point of Sale up to 3.4.2. Impacted is an unknown function of the component Employees Interface. This manipulation of the argument stock_location causes cross site scripting. This vulnerability is handled as CVE-2026-39380. The attack can be initiated remotely. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability described as critical has been identified in NI LabVIEW up to 22.x/23.3.8/24.3.5/25.3.3/26.1.0. This issue affects the function sentry_transaction_context_set_operation of the component VI File Parser. The manipulation results in out-of-bounds read. This vulnerability is known as CVE-2026-32863. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is recommended.

A vulnerability marked as critical has been reported in NI LabVIEW up to 22.x/23.3.8/24.3.5/25.3.3/26.1.0. This vulnerability affects the function ResFileFactory::InitResourceMgr of the component VI File Parser. The manipulation leads to out-of-bounds write. This vulnerability is traded as CVE-2026-32862. It is possible to initiate the attack remotely. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability labeled as critical has been found in jdx mise up to 2026.4.5. This affects an unknown part. Executing a manipulation can lead to improper access controls. This vulnerability appears as CVE-2026-35533. The attack requires local access. There is no available exploit.