Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

23657
Total
1684
Critical
7428
High
7547
Medium
CVE ID Severity Score Description Published
CVE-2026-10808 MEDIUM 6.3 A vulnerability was identified in itsourcecode Fees Management System 1.0. This affects an unknown function of the file /manage_student.php. The manipulation of the argument ID … Jun 04, 2026
CVE-2026-10807 MEDIUM 6.3 A vulnerability was determined in mjperpinosa stumasy. The impacted element is an unknown function of the file application/PHP/objects/profiles/change_profile_image.php. Executing a manipulation of the argument pr_profile_image … Jun 04, 2026
CVE-2026-10806 MEDIUM 6.3 A vulnerability was found in mjperpinosa stumasy. The affected element is an unknown function of the file application/PHP/objects/updates/add_post.php. Performing a manipulation of the argument up_file_to_post … Jun 04, 2026
CVE-2025-62338 LOW 3.3 HCL BigFix Cloud Lifecycle Management is affected by lack of input validation. This low-level flaw allows unauthorized access and may lead to information exposure. Jun 04, 2026
CVE-2025-59874 HIGH 8.1 HCL Hive Telco Observability is affected by a Required directives missing from the CSP issue is detected in keycloak component of the web application. Missing … Jun 04, 2026
CVE-2025-46638 HIGH 7.5 Dell BSAFE SSL-J contains an allocation of resources without limits or throttling vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to a … Jun 04, 2026
CVE-2019-25745 HIGH 8.2 WordPress Plugin Google Review Slider 6.1 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code … Jun 04, 2026
CVE-2019-25744 MEDIUM 6.4 WordPress Popup Builder 3.49 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by breaking out of option tags in … Jun 04, 2026
CVE-2019-25743 MEDIUM 6.4 WordPress Soliloquy Lite 2.5.6 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by inserting script tags in the post … Jun 04, 2026
CVE-2019-25742 MEDIUM 6.4 WordPress Theme Zoner Real Estate 4.1.1 contains a persistent cross-site scripting vulnerability that allows authenticated agents to inject malicious scripts through the Address input field … Jun 04, 2026
CVE-2019-25741 CRITICAL 9.8 Mobatek MobaXterm 12.1 contains a structured exception handling (SEH) based buffer overflow vulnerability in the username field of session files that allows remote attackers to … Jun 04, 2026
CVE-2019-25740 MEDIUM 6.5 Joomla com_jsjobs 1.2.6 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating custom userfield parameters. Attackers can send POST … Jun 04, 2026
CVE-2019-25739 MEDIUM 6.4 GigToDo 1.3 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript and HTML code through the proposal description field. Attackers … Jun 04, 2026
CVE-2019-25738 CRITICAL 9.8 WordPress Hybrid Composer 1.4.6 contains an unauthenticated settings change vulnerability that allows unauthenticated attackers to modify WordPress options by exploiting the hc_ajax_save_option action. Attackers can … Jun 04, 2026
CVE-2019-25737 HIGH 7.2 Live Chat Unlimited 2.8.3 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the chat input field. Attackers can … Jun 04, 2026
CVE-2019-25736 HIGH 8.4 LabF nfsAxe 3.7 Ping Client contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload in the … Jun 04, 2026
CVE-2019-25735 HIGH 8.4 AllPlayer 7.4 contains a local buffer overflow vulnerability in URL handling that allows attackers to overwrite structured exception handling pointers by supplying an excessively long … Jun 04, 2026
CVE-2019-25734 MEDIUM 4.0 Contact Form by WD 1.13.1 contains a cross-site request forgery vulnerability combined with local file inclusion that allows unauthenticated attackers to include arbitrary files by … Jun 04, 2026
CVE-2019-25733 HIGH 8.4 NetShareWatcher 1.5.8.0 contains a structured exception handler buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying malicious input. Attackers can craft … Jun 04, 2026
CVE-2019-25732 HIGH 8.2 PHP EI-Tube Script 3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search … Jun 04, 2026
CVE-2019-25731 HIGH 7.2 Zuz Music 2.1 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious JavaScript by submitting crafted contact form data. Attackers can … Jun 04, 2026
CVE-2019-25730 HIGH 8.2 Listing Hub CMS 1.0 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id … Jun 04, 2026
CVE-2019-25729 CRITICAL 9.8 PDF Signer 3.0 contains a server-side template injection vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP commands through the CSRF-TOKEN cookie … Jun 04, 2026
CVE-2019-25728 HIGH 8.2 Care2x 2.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by manipulating the ck_config cookie parameter. Attackers can inject … Jun 04, 2026
CVE-2019-25727 CRITICAL 9.8 WordPress Plugin ad manager wd 1.0.11 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the path parameter. … Jun 04, 2026