Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
23329
Total
1657
Critical
7330
High
7410
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-11518 | MEDIUM | 4.3 | A vulnerability was identified in SourceCodester Inventory System 1.0. Affected is an unknown function of the file /users.php of the component User Management Page. The … | Jun 08, 2026 |
| CVE-2026-11517 | HIGH | 8.8 | A vulnerability was determined in UTT HiPER 2610G up to 3.0.0-171107. This impacts the function strcpy of the file /goform/formConfigDnsFilterGlobal. Executing a manipulation of the … | Jun 08, 2026 |
| CVE-2026-11516 | MEDIUM | 5.5 | A vulnerability was found in UTT HiPER 2610G up to 3.0.0-171107. This affects the function strcpy of the file /goform/formNatStaticMap. Performing a manipulation of the … | Jun 08, 2026 |
| CVE-2026-9549 | MEDIUM | 4.8 | Stored cross-site scripting in the service discovery active check output in Checkmk <2.5.0p5, <2.4.0p31, <2.3.0p48, and all 2.2.0 versions allows an administrator who can configure … | Jun 08, 2026 |
| CVE-2026-8833 | UNKNOWN | — | Improper neutralization of HTML-encoded characters in the URL validation function in Checkmk <2.5.0p5, <2.4.0p31, <2.3.0p48, and all 2.2.0 versions allows an authenticated user to bypass … | Jun 08, 2026 |
| CVE-2026-8078 | MEDIUM | 4.8 | Stored cross-site scripting in the global settings change log in Checkmk <2.5.0p5, <2.4.0p31, <2.3.0p48, and all 2.2.0 versions allows an administrator who can change global … | Jun 08, 2026 |
| CVE-2026-7765 | UNKNOWN | — | Incorrect authorization in the User Messages dashboard widget in Checkmk <2.5.0p5 causes the message-fetching endpoints to return the dashboard creator's messages rather than the viewer's, … | Jun 08, 2026 |
| CVE-2026-7186 | MEDIUM | 5.4 | Stored cross-site scripting in the URL dashboard widget in Checkmk <2.5.0p5, <2.4.0p31, <2.3.0p48, and all 2.2.0 versions allows a user with dashboard editing permissions to … | Jun 08, 2026 |
| CVE-2026-11577 | HIGH | 7.2 | A flaw was found in Keycloak. A limited administrator can exploit an improper access control vulnerability in the POST /admin/realms/{realm}/partialImport endpoint. This allows them to … | Jun 08, 2026 |
| CVE-2026-11515 | MEDIUM | 5.3 | A vulnerability has been found in SourceCodester Barangay Resident Profiling and Information Management System 1.0. The impacted element is an unknown function of the file … | Jun 08, 2026 |
| CVE-2026-11514 | MEDIUM | 6.3 | A flaw has been found in itsourcecode Hospital Management System 1.0. The affected element is an unknown function of the file /addpatient.php. This manipulation of … | Jun 08, 2026 |
| CVE-2026-11513 | MEDIUM | 6.3 | A vulnerability was detected in itsourcecode Hospital Management System 1.0. Impacted is an unknown function of the file /adminaccount.php. The manipulation of the argument Date … | Jun 08, 2026 |
| CVE-2026-11512 | MEDIUM | 4.3 | A security vulnerability has been detected in itsourcecode Hospital Management System 1.0. This issue affects some unknown processing of the file /billing.php. The manipulation of … | Jun 08, 2026 |
| CVE-2026-11511 | LOW | 3.5 | A weakness has been identified in Bolt CMS up to 3.7.5. This vulnerability affects unknown code of the file src/Storage/Field/Type/TextType.php of the component HTML Attribute … | Jun 08, 2026 |
| CVE-2026-50752 | HIGH | 7.4 | A weakness in the certificate validation logic of the deprecated IKEv1 key exchange may allow an unauthenticated attacker positioned as a man-in-the-middle to bypass certificate … | Jun 08, 2026 |
| CVE-2026-50751 | CRITICAL | 9.3 | A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user … | Jun 08, 2026 |
| CVE-2026-47430 | UNKNOWN | — | ## Summary The iOS implementation of `cordova-plugin-inappbrowser` passes the `id` field from a `WKScriptMessage` body to `commandDelegate sendPluginResult:callbackId:` with no format validation (`CDVWKInAppBrowser.m:560–574`). Any web … | Jun 08, 2026 |
| CVE-2026-3011 | MEDIUM | 6.4 | The Recipe Card Blocks Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the recipe block's 'summary' and 'notes' attributes in all versions … | Jun 08, 2026 |
| CVE-2026-11569 | MEDIUM | 5.4 | A flaw was found in Quay. The filedrop endpoint accepts any mime type without validation, allowing an authenticated user with repository write access to upload … | Jun 08, 2026 |
| CVE-2026-11510 | MEDIUM | 6.3 | A security flaw has been discovered in CodeAstro Leave Management System 1.0. This affects an unknown part of the file /admin/add_leave.php. Performing a manipulation of … | Jun 08, 2026 |
| CVE-2026-11509 | MEDIUM | 6.3 | A vulnerability was identified in CodeAstro Leave Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/search_staff_for_updation.php. Such manipulation of … | Jun 08, 2026 |
| CVE-2026-11508 | MEDIUM | 6.3 | A vulnerability was determined in CodeAstro Leave Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/search_staff_to_assign_pc.php. This manipulation of … | Jun 08, 2026 |
| CVE-2026-11507 | MEDIUM | 6.3 | A vulnerability was found in CodeAstro Leave Management System 1.0. Affected is an unknown function of the file /admin/delete_leave_type.php. The manipulation of the argument leave_type … | Jun 08, 2026 |
| CVE-2026-11506 | MEDIUM | 6.3 | A vulnerability has been found in CodeAstro Leave Management System 1.0. This impacts an unknown function of the file /admin/search_staff_for_deletion.php. The manipulation of the argument … | Jun 08, 2026 |
| CVE-2026-11505 | MEDIUM | 5.0 | A flaw has been found in GL.iNet A1300, AX1800, AXT1800, MT2500, MT3000, MT6000, X3000 and XE3000 4.8.x. This affects an unknown function of the component … | Jun 08, 2026 |