Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

23830
Total
1706
Critical
7474
High
7609
Medium
CVE ID Severity Score Description Published
CVE-2026-10289 MEDIUM 4.3 A security flaw has been discovered in code-projects Hotel and Tourism Reservation System 1.0. Impacted is an unknown function of the file /ht/tour.php. Performing a … Jun 01, 2026
CVE-2026-10288 HIGH 7.3 A vulnerability was identified in code-projects Hotel and Tourism Reservation System 1.0. This issue affects the function password_verify of the file /admin/login.php of the component … Jun 01, 2026
CVE-2026-10287 HIGH 7.3 A vulnerability was determined in SourceCodester SEO Meta Tag Extractor 1.0. This vulnerability affects the function get_headers of the file /index.php. This manipulation of the … Jun 01, 2026
CVE-2026-10286 MEDIUM 6.3 A vulnerability was found in CodeAstro Payroll System 1.0. This affects an unknown part of the file /home_employee.php. The manipulation of the argument emp_id results … Jun 01, 2026
CVE-2026-10285 MEDIUM 5.4 A vulnerability has been found in DevaslanPHP project-management up to 2.0.0-beta1. Affected by this issue is the function KanbanScrumHelper::recordUpdated of the file app/Helpers/KanbanScrumHelper.php of the … Jun 01, 2026
CVE-2026-10284 MEDIUM 5.4 A flaw has been found in DevaslanPHP project-management up to 2.0.0-beta1. Affected by this vulnerability is the function editComment/doDeleteComment of the file app/Filament/Resources/TicketResource/Pages/ViewTicket.php of the … Jun 01, 2026
CVE-2025-70099 HIGH 7.5 A NULL pointer dereference in the ext4_dir_en_get_name_len function in include/ext4_dir.h of lwext4 1.0.0 allows attackers to cause a denial of service by supplying a specially … Jun 01, 2026
CVE-2021-46747 UNKNOWN Insufficient granularity of access control in ASP (AMD Secure Processor) may allow an attacker with an untrusted user space application to map sensitive SMN (System … Jun 01, 2026
CVE-2026-9614 HIGH 8.8 An Improper Access Control vulnerability in Ivanti Neurons for ITSM (cloud and on-premises) allows a remote authenticated attacker to gain administrative access. Jun 01, 2026
CVE-2026-9330 HIGH 8.5 IBM WebSphere Application Server 9.0, and 8.5 is affected by an improper validation of user-supplied data during deserialization using the SAML Web Single Sign-On component. … Jun 01, 2026
CVE-2026-9319 CRITICAL 9.0 IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to potential remote code execution due to deserialization of untrusted data via JAX-WS endpoints with WS-Security. Jun 01, 2026
CVE-2026-9311 CRITICAL 9.0 IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to remote code execution caused by the bypass of security controls. Jun 01, 2026
CVE-2026-8644 CRITICAL 9.1 IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to identity spoofing. Jun 01, 2026
CVE-2026-7770 HIGH 8.8 IBM i Access Family 1.1.5.0 through 1.1.9.12 IBM i Access Client Solutions (ACS) is vulnerable to remote code execution when configured to listen for requests … Jun 01, 2026
CVE-2026-49121 HIGH 8.1 AI Tensor Engine for ROCm (AITER) through 0.1.14 contains an unauthenticated remote code execution vulnerability in the MessageQueue.recv() function within shm_broadcast.py that allows unauthenticated remote … Jun 01, 2026
CVE-2026-47294 HIGH 8.0 Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. Jun 01, 2026
CVE-2026-45810 MEDIUM 6.8 Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 31.0.0 to before 31.0.12, and 32.0.0 to before 32.0.3, a missing check … Jun 01, 2026
CVE-2026-45729 MEDIUM 4.3 Thor Vector Graphics (ThorVG) is a production-ready vector graphics engine. Prior to version 1.0.5, a null pointer dereference in SvgLoader::run() allows any caller that passes … Jun 01, 2026
CVE-2026-45727 UNKNOWN CloakBrowser is a tool to bypass bot detection tests. Prior to version 0.3.28, the cloakserve CDP multiplexer uses the user-supplied fingerprint query parameter directly as … Jun 01, 2026
CVE-2026-45722 HIGH 7.1 Nextcloud is an open source content collaboration platform. From versions 0.9.0 to before 0.9.7, and 1.0.0 to before 1.0.2, a missing sanitization in the Tables … Jun 01, 2026
CVE-2026-45691 MEDIUM 5.9 Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, a pre-2FA session … Jun 01, 2026
CVE-2026-45690 MEDIUM 5.9 Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, an authentication bypass … Jun 01, 2026
CVE-2026-45545 HIGH 8.2 Nextcloud is an open source content collaboration platform. From versions 0.7.0 to before 0.7.7, 0.8.0 to before 0.8.10, 0.9.0 to before 0.9.8, and 1.0.0 to … Jun 01, 2026
CVE-2026-45544 MEDIUM 4.3 Nextcloud is an open source content collaboration platform. From version 0.8.0 to before version 1.0.4, the view filter criteria is exposed to users with read-only … Jun 01, 2026
CVE-2026-45543 MEDIUM 5.3 Nextcloud is an open source content collaboration platform. From version 4.3.0 to before version 5.2.7, a removed collaborator retains unauthorized read access to uploaded respondent … Jun 01, 2026