Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-37601 | LOW | 2.7 | SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the file /scheduler/admin/appointments/manage_appointment.php. | Apr 14, 2026 |
| CVE-2026-37600 | LOW | 2.7 | SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the file /scheduler/admin/appointments/view_details.php. | Apr 14, 2026 |
| CVE-2026-37598 | LOW | 2.7 | SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to arbitrary code execution (RCE) via /scheduler/classes/SystemSettings.php?f=update_settings. | Apr 14, 2026 |
| CVE-2026-37597 | LOW | 2.7 | SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/attendance_list.php. | Apr 14, 2026 |
| CVE-2026-37596 | LOW | 2.7 | SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/manage_department.php. | Apr 14, 2026 |
| CVE-2026-37595 | LOW | 2.7 | SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/manage_employee.php. | Apr 14, 2026 |
| CVE-2026-37594 | LOW | 2.7 | SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/view_employee.php. | Apr 14, 2026 |
| CVE-2026-37593 | LOW | 2.7 | SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/view_att.php. | Apr 14, 2026 |
| CVE-2026-37592 | LOW | 2.7 | Sourcecodester Storage Unit Rental Management System v1.0 is vulnerable to SQL in the file /storage/admin/maintenance/manage_pricing.php. | Apr 14, 2026 |
| CVE-2026-37591 | LOW | 2.7 | Sourcecodester Storage Unit Rental Management System v1.0 is vulnerable to SQL injection in the file /storage/admin/tenants/view_details.php. | Apr 14, 2026 |
| CVE-2026-37590 | LOW | 2.7 | SourceCodester Storage Unit Rental Management System v1.0 is vulnerable to SQL Injection in the file /storage/admin/rents/manage_rent.php. | Apr 14, 2026 |
| CVE-2026-37589 | LOW | 2.7 | SourceCodester Storage Unit Rental Management System v1.0 is vulnerable to SQL Injection in the file /storage/admin/maintenance/manage_storage_unit.php. | Apr 14, 2026 |
| CVE-2026-30480 | UNKNOWN | — | A Local File Inclusion (LFI) vulnerability in the NFSen module (nfsen.inc.php) of LibreNMS 22.11.0-23-gd091788f2 allows authenticated attackers to include arbitrary PHP files from the server … | Apr 14, 2026 |
| CVE-2025-69993 | MEDIUM | 6.1 | Leaflet versions up to and including 1.9.4 are vulnerable to Cross-Site Scripting (XSS) via the bindPopup() method. This method renders user-supplied input as raw HTML … | Apr 14, 2026 |
| CVE-2025-69893 | UNKNOWN | — | A side-channel vulnerability exists in the implementation of BIP-39 mnemonic processing, as observed in Trezor One v1.13.0 to v1.14.0, Trezor T v1.13.0 to v1.14.0, and … | Apr 14, 2026 |
| CVE-2025-61260 | UNKNOWN | — | A vulnerability was identified in OpenAI Codex CLI v0.23.0 and before that enables code execution through malicious MCP (Model Context Protocol) configuration files. The attack … | Apr 14, 2026 |
| CVE-2026-31049 | UNKNOWN | — | An issue in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to execute arbitrary code and escalate privileges via the CSV registration field | Apr 14, 2026 |
| CVE-2025-8095 | UNKNOWN | — | The OECH1 prefix encoding is intended to obfuscate values across the OpenEdge platform. It has been identified as cryptographically weak and unsuitable for stored encodings … | Apr 14, 2026 |
| CVE-2025-7389 | UNKNOWN | — | A vulnerability in the AdminServer component of OpenEdge on all supported platforms grants its authenticated users OS-level access to the server through the adopted authority … | Apr 14, 2026 |
| CVE-2026-5307 | UNKNOWN | — | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this … | Apr 14, 2026 |
| CVE-2026-2450 | UNKNOWN | — | .NET misconfiguration: use of impersonation vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Hijacking a Privileged Thread of Execution.This issue affects upKeeper Instant Privilege … | Apr 14, 2026 |
| CVE-2024-9168 | UNKNOWN | — | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this … | Apr 14, 2026 |
| CVE-2026-2449 | UNKNOWN | — | Improper neutralization of argument delimiters in a command ('argument injection') vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Hijacking a Privileged Thread of Execution.This … | Apr 14, 2026 |
| CVE-2026-2332 | HIGH | 7.4 | In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the "funky chunks" techniques outlined here: * … | Apr 14, 2026 |
| CVE-2026-24069 | MEDIUM | 5.4 | Kiuwan SAST improperly authorizes SSO logins for locally disabled mapped user accounts, allowing disabled users to continue accessing the application. Kiuwan Cloud was affected, and … | Apr 14, 2026 |