Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
21246
Total
1526
Critical
6466
High
6753
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-49260 | HIGH | 8.2 | PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.5.1, `pontedilana/php-weasyprint` builds the shell command for … | Jun 19, 2026 |
| CVE-2026-3196 | MEDIUM | 5.5 | An integer overflow vulnerability was found in the virtio-snd device via PCM_INFO requests from the guest. A malicious guest can provide out-of-bounds stream counts, potentially … | Jun 19, 2026 |
| CVE-2026-3195 | HIGH | 7.4 | A flaw was found in QEMU. When reading input audio in the virtio-snd device input callback, the `virtio_snd_pcm_in_cb` function did not check whether the iov … | Jun 19, 2026 |
| CVE-2019-25748 | HIGH | 8.2 | Joomla JHotelReservation 6.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the rooms parameter. … | Jun 19, 2026 |
| CVE-2017-20282 | HIGH | 8.2 | Joomla! Component jCart for OpenCart 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the … | Jun 19, 2026 |
| CVE-2017-20281 | HIGH | 8.2 | Joomla! Component Extra Search 2.2.8 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the establename … | Jun 19, 2026 |
| CVE-2017-20280 | HIGH | 8.2 | Joomla Component Myportfolio 3.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the pid parameter. … | Jun 19, 2026 |
| CVE-2017-20279 | HIGH | 8.2 | Joomla Payage 2.05 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the aid parameter. Attackers … | Jun 19, 2026 |
| CVE-2017-20278 | HIGH | 8.2 | Joomla Component JoomRecipe 1.0.3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the category parameter. … | Jun 19, 2026 |
| CVE-2017-20277 | HIGH | 8.2 | Joomla JoomRecipe 1.0.4 component contains a blind SQL injection vulnerability in the search_author parameter on the search results page. Attackers can inject SQL code through … | Jun 19, 2026 |
| CVE-2017-20276 | HIGH | 8.2 | Joomla! Component SIMGenealogy 2.1.5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the type parameter. … | Jun 19, 2026 |
| CVE-2017-20275 | HIGH | 8.2 | Joomla! Component PHP-Bridge 1.2.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id … | Jun 19, 2026 |
| CVE-2017-20274 | HIGH | 8.2 | Joomla LMS King Professional 3.2.4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cp_id … | Jun 19, 2026 |
| CVE-2017-20273 | HIGH | 8.2 | Joomla Event Registration Pro Calendar 4.1.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through … | Jun 19, 2026 |
| CVE-2017-20272 | HIGH | 8.2 | Joomla Ultimate Property Listing 1.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the … | Jun 19, 2026 |
| CVE-2017-20271 | HIGH | 8.2 | Joomla StreetGuessr Game 1.1.8 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the catid … | Jun 19, 2026 |
| CVE-2017-20270 | HIGH | 8.2 | Joomla! Component Twitch Tv 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the … | Jun 19, 2026 |
| CVE-2017-20269 | HIGH | 8.2 | Joomla! Component KissGallery 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the component URL path. Attackers can supply … | Jun 19, 2026 |
| CVE-2017-20268 | HIGH | 8.2 | Joomla! Component Zap Calendar Lite 4.3.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through … | Jun 19, 2026 |
| CVE-2026-12622 | UNKNOWN | — | The GridTime 3000 GNSS Time Server has an open redirect vulnerability in the password change form submission. This issue affects GridTime 3000: from 1.0r0.03 through … | Jun 19, 2026 |
| CVE-2026-12621 | UNKNOWN | — | Improper neutralization of input during web page generation XSS vulnerability in the GridTime 3000 (password reset form) allows XSS. This issue affects GridTime 3000: from … | Jun 19, 2026 |
| CVE-2026-12620 | UNKNOWN | — | The GridTime 3000 GNSS Time Server leaks the access token in the URL parameters of some endpoints. This issue affects GridTime 3000: from 1.0r0.03 through … | Jun 19, 2026 |
| CVE-2026-12619 | UNKNOWN | — | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip GridTime 3000 allows Cross-Site Scripting (XSS). This issue affects GridTime … | Jun 19, 2026 |
| CVE-2017-20267 | HIGH | 8.2 | Joomla! Component Calendar Planner 1.0.1 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the category_id parameter. Attackers can send … | Jun 19, 2026 |
| CVE-2017-20266 | HIGH | 8.2 | Joomla SP Movie Database 1.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the … | Jun 19, 2026 |