Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
11067
Total
752
Critical
3202
High
3546
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-6035 | MEDIUM | 4.3 | A vulnerability has been found in code-projects Vehicle Showroom Management System 1.0. The affected element is an unknown function of the file /BranchManagement/ServiceAndSalesReport.php. The manipulation … | Apr 10, 2026 |
| CVE-2026-6034 | MEDIUM | 4.3 | A flaw has been found in code-projects Vehicle Showroom Management System 1.0. Impacted is an unknown function of the file /BranchManagement/ProfitAndLossReport.php. Executing a manipulation of … | Apr 10, 2026 |
| CVE-2026-6033 | MEDIUM | 6.3 | A vulnerability was determined in CodeAstro Online Classroom 1.0. Affected is an unknown function of the file /updatedetailsfromstudent.php?eno=146891650. Executing a manipulation of the argument fname … | Apr 10, 2026 |
| CVE-2026-6032 | MEDIUM | 4.3 | A vulnerability was found in code-projects Simple Laundry System 1.0. This impacts an unknown function of the file /checkcheckout.php. Performing a manipulation of the argument … | Apr 10, 2026 |
| CVE-2026-6031 | HIGH | 7.3 | A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. This affects an unknown function of the file /add-category-function.php. Such manipulation of the … | Apr 10, 2026 |
| CVE-2026-5525 | MEDIUM | 6.0 | A stack-based buffer overflow vulnerability exists in Notepad++ version 8.9.3 in the file drop handler component. When a user drags and drops a directory path … | Apr 10, 2026 |
| CVE-2026-40212 | MEDIUM | 5.4 | OpenStack Skyline before 5.0.1, 6.0.0, and 7.0.0 has a DOM-based Cross-Site Scripting (XSS) vulnerability in the console because document.write is used unsafely, which is relevant … | Apr 10, 2026 |
| CVE-2026-22750 | HIGH | 7.5 | When configuring SSL bundles in Spring Cloud Gateway by using the configuration property spring.ssl.bundle, the configuration was silently ignored and the default SSL configuration was … | Apr 10, 2026 |
| CVE-2026-6030 | MEDIUM | 6.3 | A flaw has been found in itsourcecode Construction Management System 1.0. The impacted element is an unknown function of the file /del1.php. This manipulation of … | Apr 10, 2026 |
| CVE-2026-6029 | CRITICAL | 9.8 | A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setVpnAccountCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The … | Apr 10, 2026 |
| CVE-2026-6028 | CRITICAL | 9.8 | A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the function setPptpServerCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The … | Apr 10, 2026 |
| CVE-2026-6027 | CRITICAL | 9.8 | A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. This issue affects the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing … | Apr 10, 2026 |
| CVE-2026-6026 | CRITICAL | 9.8 | A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This vulnerability affects the function setPortalConfWeChat of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. … | Apr 10, 2026 |
| CVE-2026-4432 | MEDIUM | 6.5 | The YITH WooCommerce Wishlist WordPress plugin before 4.13.0 does not properly validate wishlist ownership in the save_title() AJAX handler before allowing wishlist renaming operations. The … | Apr 10, 2026 |
| CVE-2026-28704 | HIGH | 7.8 | Emocheck insecurely loads Dynamic Link Libraries (DLLs). If a crafted DLL file is placed to the same directory, an arbitrary code may be executed with … | Apr 10, 2026 |
| CVE-2026-1115 | CRITICAL | 9.6 | A Stored Cross-Site Scripting (XSS) vulnerability was identified in the social feature of parisneo/lollms, affecting the latest version prior to 2.2.0. The vulnerability exists in … | Apr 10, 2026 |
| CVE-2025-14545 | MEDIUM | 6.5 | The YML for Yandex Market WordPress plugin before 5.0.26 is vulnerable to Remote Code Execution via the feed generation process. | Apr 10, 2026 |
| CVE-2026-6025 | CRITICAL | 9.8 | A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of … | Apr 10, 2026 |
| CVE-2026-6024 | HIGH | 7.3 | A vulnerability was determined in Tenda i6 1.0.0.7(2204). Affected by this issue is the function R7WebsSecurityHandlerfunction of the component HTTP Handler. This manipulation causes path … | Apr 10, 2026 |
| CVE-2026-6016 | HIGH | 8.8 | A vulnerability was found in Tenda AC9 15.03.02.13. The affected element is the function decodePwd of the file /goform/WizardHandle of the component POST Request Handler. … | Apr 10, 2026 |
| CVE-2026-6015 | HIGH | 8.8 | A vulnerability has been found in Tenda AC9 15.03.02.13. Impacted is the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. Such … | Apr 10, 2026 |
| CVE-2026-5477 | UNKNOWN | — | An integer overflow existed in the wolfCrypt CMAC implementation, that could be exploited to forge CMAC tags. The function wc_CmacUpdate used the guard `if (cmac->totalSz … | Apr 10, 2026 |
| CVE-2026-6014 | HIGH | 8.8 | A flaw has been found in D-Link DIR-513 1.10. This issue affects the function formAdvanceSetup of the file /goform/formAdvanceSetup of the component POST Request Handler. … | Apr 10, 2026 |
| CVE-2026-6013 | HIGH | 8.8 | A vulnerability was detected in D-Link DIR-513 1.10. This vulnerability affects the function formSetRoute of the file /goform/formSetRoute of the component POST Request Handler. The … | Apr 10, 2026 |
| CVE-2026-6012 | HIGH | 8.8 | A security vulnerability has been detected in D-Link DIR-513 1.10. This affects the function formSetPassword of the file /goform/formSetPassword of the component POST Request Handler. … | Apr 10, 2026 |