Security Vulnerabilities
Improper input validation in Galaxy Store prior to version 4.6.02 allows local attacker to execute arbitrary script.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-01-09
Use after free in DualDAR prior to SMR Jan-2026 Release 1 allows local privileged attackers to execute arbitrary code.
CVSS Score
6.7
EPSS Score
0.0
Published
2026-01-09
Improper input validation in SecSettings prior to SMR Jan-2026 Release 1 allows local attacker to access file with system privilege. User interaction is required for triggering this vulnerability.
CVSS Score
5.5
EPSS Score
0.001
Published
2026-01-09
Improper access control in SLocation prior to SMR Jan-2026 Release 1 allows local attackers to execute the privileged APIs.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-01-09
Use After Free in PROCA driver prior to SMR Jan-2026 Release 1 allows local attackers to potentially execute arbitrary code.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-01-09
Improper Export of Android Application Components in UwbTest prior to SMR Jan-2026 Release 1 allows local attackers to enable UWB.
CVSS Score
3.3
EPSS Score
0.0
Published
2026-01-09
A vulnerability was found in D-Link DI-8200G 17.12.20A1. This affects an unknown function of the file /upgrade_filter.asp. The manipulation of the argument path results in command injection. The attack may be performed from remote. The exploit has been made public and could be used.
CVSS Score
6.3
EPSS Score
0.003
Published
2026-01-09
A vulnerability was determined in PHPGurukul Online Course Registration System up to 3.1. This impacts an unknown function of the file /onlinecourse/admin/manage-students.php. This manipulation of the argument id/cid causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.
CVSS Score
6.3
EPSS Score
0.0
Published
2026-01-09
A vulnerability was detected in code-projects Intern Membership Management System 1.0. Impacted is an unknown function of the file /intern/admin/add_activity.php. Performing a manipulation of the argument Title results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used.
CVSS Score
4.7
EPSS Score
0.0
Published
2026-01-08
A flaw has been found in PHPGurukul Staff Leave Management System 1.0. The affected element is the function ADD_STAFF/UPDATE_STAFF of the file /staffleave/slms/slms/adminviews.py of the component SVG File Handler. Executing a manipulation of the argument profile_pic can lead to cross site scripting. The attack can be executed remotely. The exploit has been published and may be used.
CVSS Score
2.4
EPSS Score
0.0
Published
2026-01-08