Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
21880
Total
1559
Critical
6647
High
6994
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2019-25749 | HIGH | 7.1 | Joomla J-CruisePortal 6.0.4 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the guest_adult parameter. … | Jun 19, 2026 |
| CVE-2026-56211 | HIGH | 7.1 | A remote code execution vulnerability was found in libaom, the reference AV1 codec implementation. Insufficient bounds validation in the AV1 encoder's SVC (Scalable Video Coding) … | Jun 19, 2026 |
| CVE-2026-56210 | HIGH | 7.1 | A heap-buffer-overflow read vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC (Scalable Video Coding) layer ID … | Jun 19, 2026 |
| CVE-2026-56209 | HIGH | 7.1 | An arbitrary address write vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC (Scalable Video Coding) layer … | Jun 19, 2026 |
| CVE-2026-56208 | HIGH | 7.6 | A heap buffer overflow vulnerability was found in libaom, the reference AV1 codec implementation. A flaw in the AV1 encoder's Look-Ahead Processing (LAP) mode causes … | Jun 19, 2026 |
| CVE-2026-51846 | UNKNOWN | — | In Tenda AC7 v15.03.06.44, the wanSpeed parameter of the route /goform/AdvSetMacMtuWan has a stack buffer overflow vulnerability that can lead to remote arbitrary code execution. | Jun 19, 2026 |
| CVE-2026-51845 | UNKNOWN | — | Tenda AC7 v15.03.06.44 contains a stack buffer overflow vulnerability in the /goform/AdvSetMacMtuWan interface via the mac parameter. | Jun 19, 2026 |
| CVE-2026-51844 | UNKNOWN | — | Tenda AC7 v15.03.06.44 contains a stack buffer overflow vulnerability in the /goform/AdvSetMacMtuWan interface via the cloneType parameter. | Jun 19, 2026 |
| CVE-2026-51843 | UNKNOWN | — | Tenda AC7 v15.03.06.44 contains a stack buffer overflow vulnerability in the /goform/AdvSetMacMtuWan interface via the wanMTU parameter. | Jun 19, 2026 |
| CVE-2026-49260 | HIGH | 8.2 | PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.5.1, `pontedilana/php-weasyprint` builds the shell command for … | Jun 19, 2026 |
| CVE-2026-3196 | MEDIUM | 5.5 | An integer overflow vulnerability was found in the virtio-snd device via PCM_INFO requests from the guest. A malicious guest can provide out-of-bounds stream counts, potentially … | Jun 19, 2026 |
| CVE-2026-3195 | HIGH | 7.4 | A flaw was found in QEMU. When reading input audio in the virtio-snd device input callback, the `virtio_snd_pcm_in_cb` function did not check whether the iov … | Jun 19, 2026 |
| CVE-2019-25748 | HIGH | 8.2 | Joomla JHotelReservation 6.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the rooms parameter. … | Jun 19, 2026 |
| CVE-2017-20282 | HIGH | 8.2 | Joomla! Component jCart for OpenCart 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the … | Jun 19, 2026 |
| CVE-2017-20281 | HIGH | 8.2 | Joomla! Component Extra Search 2.2.8 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the establename … | Jun 19, 2026 |
| CVE-2017-20280 | HIGH | 8.2 | Joomla Component Myportfolio 3.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the pid parameter. … | Jun 19, 2026 |
| CVE-2017-20279 | HIGH | 8.2 | Joomla Payage 2.05 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the aid parameter. Attackers … | Jun 19, 2026 |
| CVE-2017-20278 | HIGH | 8.2 | Joomla Component JoomRecipe 1.0.3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the category parameter. … | Jun 19, 2026 |
| CVE-2017-20277 | HIGH | 8.2 | Joomla JoomRecipe 1.0.4 component contains a blind SQL injection vulnerability in the search_author parameter on the search results page. Attackers can inject SQL code through … | Jun 19, 2026 |
| CVE-2017-20276 | HIGH | 8.2 | Joomla! Component SIMGenealogy 2.1.5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the type parameter. … | Jun 19, 2026 |
| CVE-2017-20275 | HIGH | 8.2 | Joomla! Component PHP-Bridge 1.2.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id … | Jun 19, 2026 |
| CVE-2017-20274 | HIGH | 8.2 | Joomla LMS King Professional 3.2.4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cp_id … | Jun 19, 2026 |
| CVE-2017-20273 | HIGH | 8.2 | Joomla Event Registration Pro Calendar 4.1.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through … | Jun 19, 2026 |
| CVE-2017-20272 | HIGH | 8.2 | Joomla Ultimate Property Listing 1.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the … | Jun 19, 2026 |
| CVE-2017-20271 | HIGH | 8.2 | Joomla StreetGuessr Game 1.1.8 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the catid … | Jun 19, 2026 |