🚨 CVE-2026-46243
In the Linux kernel, the following vulnerability has been resolved:

smb: client: reject userspace cifs.spnego descriptions

cifs.spnego key descriptions contain authority-bearing fields such as
pid, uid, creduid, and upcall_target that cifs.upcall treats as
kernel-originating inputs. However, userspace can also create keys of
this type through request_key(2) or add_key(2), allowing those fields to
be supplied without CIFS origin.

Only accept cifs.spnego descriptions while CIFS is using its private
spnego_cred to request the key.

🎖@cveNotify

🚨 CVE-2025-10914
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Proliz Software Ltd. Co. OBS (Student Affairs Information System) allows Reflected XSS.

This issue affects OBS (Student Affairs Information System): before V26.0401.

🎖@cveNotify

🚨 CVE-2025-10955
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Netcad Software Inc. Netigma allows XSS Through HTTP Query Strings.

This issue affects Netigma: from 6.3.5 before 6.3.5 V8.

🎖@cveNotify

🚨 CVE-2025-10968
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 564 - SQL Injection: Hibernate vulnerability in GG Soft Software Services Inc. PaperWork allows Blind SQL Injection, SQL Injection.

This issue affects PaperWork: from 6.1.0.9390 before 6.1.0.9398.

🎖@cveNotify

🚨 CVE-2025-10876
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Talent Software e-BAP Automation allows Cross-Site Scripting (XSS).

This issue affects e-BAP Automation: from 1.8.96 before v.41815.

🎖@cveNotify

🚨 CVE-2025-10856
Unrestricted Upload of File with Dangerous Type vulnerability in Solvera Software Services Trade Inc. Teknoera allows File Content Injection.

This issue affects Teknoera: through 01102025.

🎖@cveNotify

🚨 CVE-2025-10912
Authorization Bypass Through User-Controlled Key vulnerability in Saastech Cleaning and Internet Services Inc. TemizlikYolda allows Manipulating User-Controlled Variables.

This issue affects TemizlikYolda: through 11022026.

NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

🎖@cveNotify

🚨 CVE-2025-10439
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yordam Informatics Yordam Library Automation System allows SQL Injection.

This issue affects Yordam Library Automation System: from 21.5 & 21.6 before 21.7.

🎖@cveNotify

🚨 CVE-2025-10468
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Beyaz Computer CityPlus allows Path Traversal.

This issue affects CityPlus: before 24.29375.

🎖@cveNotify

🚨 CVE-2025-10449
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Saysis Computer Systems Trade Ltd. Co. Saysis Web Portal allows Path Traversal.

This issue affects Saysis Web Portal: from 3.1.9 & 3.2.0 before 3.2.1.

🎖@cveNotify

🚨 CVE-2025-10467
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PROLIZ Computer Software Hardware Service Trade Ltd. Co. OBS (Student Affairs Information System) allows Stored XSS.

This issue affects OBS (Student Affairs Information System): before v25.0401.

🎖@cveNotify

🚨 CVE-2025-10609
Use of Hard-coded Credentials vulnerability in Logo Software Inc. TigerWings ERP allows Read Sensitive Constants Within an Executable.

This issue affects TigerWings ERP: from 01.01.00 before 3.03.00.

🎖@cveNotify

🚨 CVE-2025-10610
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SFS Consulting Information Processing Industry and Foreign Trade Inc. Winsure allows Blind SQL Injection.

This issue affects Winsure: through Version dated 21.08.2025.

🎖@cveNotify

🚨 CVE-2025-10438
Path Traversal: 'dir/../../filename' vulnerability in Yordam Information Technology Consulting Education and Electrical Systems Industry Trade Inc. Yordam Katalog allows Path Traversal.

This issue affects Yordam Katalog: before 21.7.

🎖@cveNotify

🚨 CVE-2025-10228
Session Fixation vulnerability in Rolantis Information Technologies Agentis allows Session Hijacking.

This issue affects Agentis: before 4.44.

🎖@cveNotify

🚨 CVE-2025-10437
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eksagate Electronic Engineering and Computer Industry Trade Inc. Webpack Management System allows SQL Injection.

This issue affects Webpack Management System: through 20251119.

🎖@cveNotify

🚨 CVE-2025-8695
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Netcad NetGIS Server allows Reflected XSS.

This issue affects NetGIS Server: from 5.2.4 through 22.08.2025.

🎖@cveNotify

🚨 CVE-2025-8411
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dokuzsoft Technology E-Commerce Web Design Product allows XSS Through HTTP Headers.

This issue affects E-Commerce Web Design Product: before 11.08.2025.

🎖@cveNotify

🚨 CVE-2025-8463
Authorization Bypass Through User-Controlled Key vulnerability in SecHard Information Technologies SecHard allows Forceful Browsing.

This issue affects SecHard: before 3.6.2-20250805.

🎖@cveNotify

🚨 CVE-2025-9969
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Vizly Web Design Real Estate Packages allows Content Spoofing, CAPEC - 593 - Session Hijacking, CAPEC - 591 - Reflected XSS.

This issue affects Real Estate Packages: before 5.1.

🎖@cveNotify

🚨 CVE-2025-8532
Authorization Bypass Through User-Controlled Key, Improper Authorization vulnerability in Bimser Solution Software Trade Inc. EBA Document and Workflow Management System allows Forceful Browsing.

This issue affects eBA Document and Workflow Management System: from 6.7.164 before 6.7.166.

🎖@cveNotify