Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12557
Total
848
Critical
3598
High
3936
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-26027 | HIGH | 7.5 | GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, an unauthenticated user can store an XSS payload through the … | Apr 06, 2026 |
| CVE-2026-26026 | CRITICAL | 9.1 | GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, template injection by an administrator lead to RCE. This vulnerability … | Apr 06, 2026 |
| CVE-2026-25932 | HIGH | 7.2 | GLPI is a Free Asset and IT Management Software package. From 0.60 to before 10.0.24, an authenticated technician user can store an XSS payload in … | Apr 06, 2026 |
| CVE-2026-5660 | MEDIUM | 6.3 | A vulnerability was determined in itsourcecode Construction Management System 1.0. The impacted element is an unknown function of the file /borrowed_equip.php of the component Parameter … | Apr 06, 2026 |
| CVE-2026-5659 | MEDIUM | 6.3 | A vulnerability was found in pytries datrie up to 0.8.3. The affected element is the function Trie.load/Trie.read/Trie.__setstate__ of the file src/datrie.pyx of the component trie … | Apr 06, 2026 |
| CVE-2026-30078 | HIGH | 7.5 | OpenAirInterface V2.2.0 AMF crashes when it receives an NGAP message with invalid procedure code or invalid PDU-type. For example when the message specification requires InitiatingMessage … | Apr 06, 2026 |
| CVE-2026-3524 | HIGH | 8.8 | Mattermost Plugin Legal Hold versions <=1.1.4 fail to halt request processing after a failed authorization check in ServeHTTP which allows an authenticated attacker to access, … | Apr 06, 2026 |
| CVE-2026-5650 | MEDIUM | 5.3 | A vulnerability was found in code-projects Online Application System for Admission 1.0. Impacted is an unknown function of the file /enrollment/database/oas.sql. Performing a manipulation results … | Apr 06, 2026 |
| CVE-2026-5649 | MEDIUM | 6.3 | A vulnerability has been found in code-projects Online Application System for Admission 1.0. This issue affects some unknown processing of the file /enrollment/admsnform.php of the … | Apr 06, 2026 |
| CVE-2026-5648 | HIGH | 7.3 | A flaw has been found in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /userfinishregister.php of the component Parameter Handler. … | Apr 06, 2026 |
| CVE-2026-5647 | LOW | 2.4 | A vulnerability was detected in code-projects Online Shoe Store 1.0. This affects an unknown part of the file /admin/admin_feature.php of the component Add Product Page. … | Apr 06, 2026 |
| CVE-2026-5646 | HIGH | 7.3 | A security vulnerability has been detected in code-projects Easy Blog Site 1.0. Affected by this issue is some unknown functionality of the file login.php. The … | Apr 06, 2026 |
| CVE-2026-5645 | HIGH | 7.3 | A weakness has been identified in projectworlds Car Rental System 1.0. Affected by this vulnerability is an unknown functionality of the file /pay.php of the … | Apr 06, 2026 |
| CVE-2026-5673 | MEDIUM | 5.6 | A flaw was found in libtheora. This heap-based out-of-bounds read vulnerability exists within the AVI (Audio Video Interleave) parser, specifically in the avi_parse_input_file() function. A … | Apr 06, 2026 |
| CVE-2026-5644 | LOW | 2.4 | A security flaw has been discovered in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. Affected is an unknown function of the file /admin/Add%20notice/batch-notice.php. Performing a manipulation of … | Apr 06, 2026 |
| CVE-2026-5643 | LOW | 2.4 | A vulnerability was identified in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This impacts an unknown function of the file /admin/Add%20notice/notice.php of the component Admin Add Endpoint. … | Apr 06, 2026 |
| CVE-2026-5642 | HIGH | 7.3 | A vulnerability was determined in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This affects an unknown function of the file /viva/update.php of the component HTTP POST Request … | Apr 06, 2026 |
| CVE-2026-5641 | MEDIUM | 6.3 | A vulnerability was found in PHPGurukul Online Shopping Portal Project 2.1. The impacted element is an unknown function of the file /admin/update-image1.php of the component … | Apr 06, 2026 |
| CVE-2026-5640 | MEDIUM | 6.3 | A vulnerability has been found in PHPGurukul Online Shopping Portal Project 2.1. The affected element is an unknown function of the file /admin/update-image2.php of the … | Apr 06, 2026 |
| CVE-2026-5639 | MEDIUM | 6.3 | A flaw has been found in PHPGurukul Online Shopping Portal Project 2.1. Impacted is an unknown function of the file /admin/update-image3.php of the component Parameter … | Apr 06, 2026 |
| CVE-2026-5638 | MEDIUM | 5.3 | A vulnerability was detected in HerikLyma CPPWebFramework up to 3.1. This issue affects some unknown processing. Performing a manipulation results in path traversal. Remote exploitation … | Apr 06, 2026 |
| CVE-2026-5637 | HIGH | 7.3 | A security vulnerability has been detected in projectworlds Car Rental System 1.0. This vulnerability affects unknown code of the file /message_admin.php of the component Parameter … | Apr 06, 2026 |
| CVE-2026-37977 | LOW | 3.7 | A flaw was found in Keycloak. A remote attacker can exploit a Cross-Origin Resource Sharing (CORS) header injection vulnerability in Keycloak's User-Managed Access (UMA) token … | Apr 06, 2026 |
| CVE-2026-5636 | MEDIUM | 6.3 | A weakness has been identified in PHPGurukul Online Shopping Portal Project 2.1. This affects an unknown part of the file /cancelorder.php of the component Parameter … | Apr 06, 2026 |
| CVE-2026-5635 | MEDIUM | 6.3 | A security flaw has been discovered in PHPGurukul Online Shopping Portal Project 2.1. Affected by this issue is some unknown functionality of the file /categorywise-products.php … | Apr 06, 2026 |