Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
23657
Total
1684
Critical
7428
High
7547
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-10808 | MEDIUM | 6.3 | A vulnerability was identified in itsourcecode Fees Management System 1.0. This affects an unknown function of the file /manage_student.php. The manipulation of the argument ID … | Jun 04, 2026 |
| CVE-2026-10807 | MEDIUM | 6.3 | A vulnerability was determined in mjperpinosa stumasy. The impacted element is an unknown function of the file application/PHP/objects/profiles/change_profile_image.php. Executing a manipulation of the argument pr_profile_image … | Jun 04, 2026 |
| CVE-2026-10806 | MEDIUM | 6.3 | A vulnerability was found in mjperpinosa stumasy. The affected element is an unknown function of the file application/PHP/objects/updates/add_post.php. Performing a manipulation of the argument up_file_to_post … | Jun 04, 2026 |
| CVE-2025-62338 | LOW | 3.3 | HCL BigFix Cloud Lifecycle Management is affected by lack of input validation. This low-level flaw allows unauthorized access and may lead to information exposure. | Jun 04, 2026 |
| CVE-2025-59874 | HIGH | 8.1 | HCL Hive Telco Observability is affected by a Required directives missing from the CSP issue is detected in keycloak component of the web application. Missing … | Jun 04, 2026 |
| CVE-2025-46638 | HIGH | 7.5 | Dell BSAFE SSL-J contains an allocation of resources without limits or throttling vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to a … | Jun 04, 2026 |
| CVE-2019-25745 | HIGH | 8.2 | WordPress Plugin Google Review Slider 6.1 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code … | Jun 04, 2026 |
| CVE-2019-25744 | MEDIUM | 6.4 | WordPress Popup Builder 3.49 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by breaking out of option tags in … | Jun 04, 2026 |
| CVE-2019-25743 | MEDIUM | 6.4 | WordPress Soliloquy Lite 2.5.6 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by inserting script tags in the post … | Jun 04, 2026 |
| CVE-2019-25742 | MEDIUM | 6.4 | WordPress Theme Zoner Real Estate 4.1.1 contains a persistent cross-site scripting vulnerability that allows authenticated agents to inject malicious scripts through the Address input field … | Jun 04, 2026 |
| CVE-2019-25741 | CRITICAL | 9.8 | Mobatek MobaXterm 12.1 contains a structured exception handling (SEH) based buffer overflow vulnerability in the username field of session files that allows remote attackers to … | Jun 04, 2026 |
| CVE-2019-25740 | MEDIUM | 6.5 | Joomla com_jsjobs 1.2.6 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating custom userfield parameters. Attackers can send POST … | Jun 04, 2026 |
| CVE-2019-25739 | MEDIUM | 6.4 | GigToDo 1.3 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript and HTML code through the proposal description field. Attackers … | Jun 04, 2026 |
| CVE-2019-25738 | CRITICAL | 9.8 | WordPress Hybrid Composer 1.4.6 contains an unauthenticated settings change vulnerability that allows unauthenticated attackers to modify WordPress options by exploiting the hc_ajax_save_option action. Attackers can … | Jun 04, 2026 |
| CVE-2019-25737 | HIGH | 7.2 | Live Chat Unlimited 2.8.3 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the chat input field. Attackers can … | Jun 04, 2026 |
| CVE-2019-25736 | HIGH | 8.4 | LabF nfsAxe 3.7 Ping Client contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload in the … | Jun 04, 2026 |
| CVE-2019-25735 | HIGH | 8.4 | AllPlayer 7.4 contains a local buffer overflow vulnerability in URL handling that allows attackers to overwrite structured exception handling pointers by supplying an excessively long … | Jun 04, 2026 |
| CVE-2019-25734 | MEDIUM | 4.0 | Contact Form by WD 1.13.1 contains a cross-site request forgery vulnerability combined with local file inclusion that allows unauthenticated attackers to include arbitrary files by … | Jun 04, 2026 |
| CVE-2019-25733 | HIGH | 8.4 | NetShareWatcher 1.5.8.0 contains a structured exception handler buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying malicious input. Attackers can craft … | Jun 04, 2026 |
| CVE-2019-25732 | HIGH | 8.2 | PHP EI-Tube Script 3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search … | Jun 04, 2026 |
| CVE-2019-25731 | HIGH | 7.2 | Zuz Music 2.1 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious JavaScript by submitting crafted contact form data. Attackers can … | Jun 04, 2026 |
| CVE-2019-25730 | HIGH | 8.2 | Listing Hub CMS 1.0 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id … | Jun 04, 2026 |
| CVE-2019-25729 | CRITICAL | 9.8 | PDF Signer 3.0 contains a server-side template injection vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP commands through the CSRF-TOKEN cookie … | Jun 04, 2026 |
| CVE-2019-25728 | HIGH | 8.2 | Care2x 2.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by manipulating the ck_config cookie parameter. Attackers can inject … | Jun 04, 2026 |
| CVE-2019-25727 | CRITICAL | 9.8 | WordPress Plugin ad manager wd 1.0.11 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the path parameter. … | Jun 04, 2026 |