Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

23287
Total
1655
Critical
7324
High
7394
Medium
CVE ID Severity Score Description Published
CVE-2026-11531 HIGH 7.3 A security flaw has been discovered in imvks786 student_management_system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. This impacts an unknown function of the file admin/admin_login.php of the component Administrator … Jun 08, 2026
CVE-2026-11530 HIGH 7.3 A vulnerability was identified in imvks786 student_management_system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. This affects an unknown function of the file /index.ph of the component Login. Such manipulation … Jun 08, 2026
CVE-2026-49975 UNKNOWN Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's mod_http leads to denial of service via malicious HTTP requests. This issue affects Apache … Jun 08, 2026
CVE-2026-49756 UNKNOWN Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in wojtekmach Req allows multipart parameter smuggling via attacker-influenced part metadata. Req.Utils.encode_form_part/2 in lib/req/utils.ex builds the per-part … Jun 08, 2026
CVE-2026-49755 UNKNOWN Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in wojtekmach Req allows attacker-controlled HTTP servers to exhaust memory in a Req client via decompression-bomb … Jun 08, 2026
CVE-2026-48913 HIGH 7.3 Use After Free vulnerability in Apache HTTP Server module mod_http2 when file handles are already exhausted. This issue affects Apache HTTP Server: from 2.4.55 through … Jun 08, 2026
CVE-2026-48488 UNKNOWN phpMyFAQ is an open source FAQ web application. Prior to version 4.1.4, attachment passwords are hashed using SHA-1, a cryptographically broken algorithm. SHA-1 has been … Jun 08, 2026
CVE-2026-46657 HIGH 7.1 Bludit is a content management system. Versions prior to 3.22.0 have a vulnerability in the user management logic that allows deactivated accounts to maintain access … Jun 08, 2026
CVE-2026-46656 HIGH 8.8 Bludit is a content management system. Versions prior to 3.22.0 have a Broken Access Control flaw where active sessions remain valid even after the corresponding … Jun 08, 2026
CVE-2026-46480 UNKNOWN Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluator create and update mass-assignment … Jun 08, 2026
CVE-2026-46479 UNKNOWN Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluation create and update mass-assignment … Jun 08, 2026
CVE-2026-46478 UNKNOWN Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, DatasetRow create and update mass-assignment … Jun 08, 2026
CVE-2026-46477 UNKNOWN Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, dataset create and update mass-assignment … Jun 08, 2026
CVE-2026-46476 UNKNOWN Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, CustomTemplate create and update mass-assignment … Jun 08, 2026
CVE-2026-46475 UNKNOWN Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, assistant create and update mass-assignment … Jun 08, 2026
CVE-2026-46444 UNKNOWN Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, all CRUD endpoints for OpenAI … Jun 08, 2026
CVE-2026-46443 UNKNOWN Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, when credentials are fetched with … Jun 08, 2026
CVE-2026-46442 UNKNOWN Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, POST /api/v1/node-custom-function lacks route-level authorization, … Jun 08, 2026
CVE-2026-46441 UNKNOWN Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists … Jun 08, 2026
CVE-2026-46440 HIGH 7.5 Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, the checkBasicAuth endpoint validates credentials … Jun 08, 2026
CVE-2026-46275 UNKNOWN In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_uart: fix UAFs and race conditions in close and init paths Vulnerabilities leading to … Jun 08, 2026
CVE-2026-46274 UNKNOWN In the Linux kernel, the following vulnerability has been resolved: io-wq: check that the predecessor is hashed in io_wq_remove_pending() io_wq_remove_pending() needs to fix up wq->hash_tail[] … Jun 08, 2026
CVE-2026-44631 CRITICAL 9.8 Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users … Jun 08, 2026
CVE-2026-44186 UNKNOWN Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in the mod_proxy_ftp module in Apache HTTP Server with an attacker controlled backend FTP server. This issue … Jun 08, 2026
CVE-2026-44185 HIGH 7.3 Buffer Over-read vulnerability in Apache HTTP Server via outbound OCSP requests to an attacker controlled OCSP server This issue affects Apache HTTP Server: from 2.4.0 … Jun 08, 2026