Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

23830
Total
1706
Critical
7474
High
7609
Medium
CVE ID Severity Score Description Published
CVE-2026-10271 MEDIUM 6.3 A flaw has been found in a4m4 Student-Management-System up to f0c5f6842c5e8c431ff02b5260a565ca844df3a0. The affected element is an unknown function of the file admin/ of the component … Jun 01, 2026
CVE-2026-10270 HIGH 8.8 A vulnerability was detected in D-Link DI-7001 MINI up to 19.09.19A1. Impacted is the function sprintf of the file /httpd_debug.asp of the component API. The … Jun 01, 2026
CVE-2026-10269 MEDIUM 6.3 A security vulnerability has been detected in decolua 9router up to 0.4.0. This issue affects the function isAuthenticated of the file src/dashboardGuard.js of the component … Jun 01, 2026
CVE-2026-10268 LOW 3.3 A weakness has been identified in janet-lang janet up to 1.41.0. This vulnerability affects the function unmarshal_one_fiber of the file src/core/marsh.c. Executing a manipulation can … Jun 01, 2026
CVE-2026-10118 HIGH 7.8 A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers … Jun 01, 2026
CVE-2022-4991 UNKNOWN Tychon includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory that may be controllable by an unprivileged user on Windows. Tychon contains … Jun 01, 2026
CVE-2026-8931 UNKNOWN A critical Remote Code Execution (RCE) vulnerability exists in Disig Web Signer versions 2.0.3 through 2.5.3. Jun 01, 2026
CVE-2026-48879 CRITICAL 9.8 Incorrect Privilege Assignment vulnerability in Sergey AIWU allows Privilege Escalation. This issue affects AIWU: from n/a through 1.4.17. Jun 01, 2026
CVE-2026-48866 CRITICAL 9.6 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Rocketgenius Inc. Gravity Forms allows Path Traversal. This issue affects Gravity Forms: … Jun 01, 2026
CVE-2026-48865 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress LearnPress allows Reflected XSS. This issue affects LearnPress: from n/a through 4.3.6. Jun 01, 2026
CVE-2026-48839 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs WP Statistics allows DOM-Based XSS. This issue affects WP Statistics: from n/a … Jun 01, 2026
CVE-2026-48559 MEDIUM 5.4 Lightweight Music Server (LMS) though 3.76.0 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary JavaScript by embedding malicious HTML in media … Jun 01, 2026
CVE-2026-42683 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS allows DOM-Based XSS. This issue affects … Jun 01, 2026
CVE-2026-42682 CRITICAL 9.1 Missing Authorization vulnerability in Tomdever wpForo Forum allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects wpForo Forum: from n/a through 3.0.6. Jun 01, 2026
CVE-2026-42681 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in E2Pdf.Com e2pdf allows Reflected XSS. This issue affects e2pdf: from n/a through 1.32.14. Jun 01, 2026
CVE-2026-42680 CRITICAL 9.8 Incorrect Privilege Assignment vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery Pro allows Privilege Escalation. This issue affects Contest Gallery Pro: from n/a through … Jun 01, 2026
CVE-2026-42251 UNKNOWN Use of hard-coded credentials in KS-SOMED allowed an unauthorized attacker access to FTP server that hosted the application's update packages. The attacker with these credentials … Jun 01, 2026
CVE-2026-37221 HIGH 7.5 FlexRIC v2.0.0 crashes when receiving a RIC_SUBSCRIPTION_RESPONSE with an unknown ric_id that has no corresponding pending event. The near-RT RIC uses assert() to enforce the … Jun 01, 2026
CVE-2026-37220 HIGH 7.5 FlexRIC v2.0.0 crashes when an SCTP association is closed before an E2_SETUP_REQUEST is sent. The near-RT RIC assumes a mapping between SCTP association and E2 … Jun 01, 2026
CVE-2026-10533 MEDIUM 5.0 A flaw was found in OpenShift Container Platform. Completed pods with restartPolicy: Never do not count toward ResourceQuota pod limits, and Kubernetes events are not … Jun 01, 2026
CVE-2026-10267 LOW 3.3 A security flaw has been discovered in janet-lang janet up to 1.41.0. This affects the function doframe of the file src/core/debug.c. Performing a manipulation results … Jun 01, 2026
CVE-2026-10265 MEDIUM 6.3 A vulnerability was identified in itsourcecode Content Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/edit_topic.php. Such manipulation of … Jun 01, 2026
CVE-2026-10264 LOW 3.5 A vulnerability was determined in lharries whatsapp-mcp 0.0.1. Affected by this vulnerability is the function SendMessageRequest of the file whatsapp-bridge/main.go of the component Send API … Jun 01, 2026
CVE-2026-10263 HIGH 7.3 A vulnerability was found in SourceCodester Computer Repair Shop Management System up to 1.0. Affected is an unknown function of the file /admin/products/manage_product.php. The manipulation … Jun 01, 2026
CVE-2026-10262 HIGH 7.3 A vulnerability has been found in code-projects Real State Services 1.0. This impacts an unknown function of the file /loginuser.php of the component Login. The … Jun 01, 2026