Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
20560
Total
1471
Critical
6231
High
6522
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-57332 | HIGH | 7.1 | Subscriber Broken Access Control in Wallet System for WooCommerce <= 2.7.6 versions. | Jun 29, 2026 |
| CVE-2026-57331 | CRITICAL | 9.9 | Performer Arbitrary File Deletion in Paid Videochat Turnkey Site <= 7.4.8 versions. | Jun 29, 2026 |
| CVE-2026-57330 | MEDIUM | 6.5 | Subscriber Cross Site Scripting (XSS) in MasterStudy LMS <= 3.7.27 versions. | Jun 29, 2026 |
| CVE-2026-57329 | MEDIUM | 6.5 | Subscriber Cross Site Scripting (XSS) in WooCommerce Designer Pro <= 1.9.34 versions. | Jun 29, 2026 |
| CVE-2026-57328 | MEDIUM | 6.5 | Subscriber Cross Site Scripting (XSS) in Business Directory <= 6.4.22 versions. | Jun 29, 2026 |
| CVE-2026-57327 | MEDIUM | 6.3 | Subscriber Broken Access Control in MainWP <= 6.1.1 versions. | Jun 29, 2026 |
| CVE-2026-57326 | MEDIUM | 6.1 | Unauthenticated Cross Site Scripting (XSS) in Business Directory <= 6.4.22 versions. | Jun 29, 2026 |
| CVE-2026-57320 | HIGH | 7.1 | Unauthenticated Cross Site Scripting (XSS) in BEAR <= 1.1.8 versions. | Jun 29, 2026 |
| CVE-2026-56290 | UNKNOWN | — | The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE. | Jun 29, 2026 |
| CVE-2026-56124 | HIGH | 7.5 | phpUploader before 2.0.2 contains an unauthenticated information disclosure vulnerability that allows remote attackers to access the full contents of the uploaded-files database table by visiting … | Jun 29, 2026 |
| CVE-2026-55844 | HIGH | 7.5 | Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2025.5.0, The iOS companion app ignores the SSID … | Jun 29, 2026 |
| CVE-2026-55607 | UNKNOWN | — | Claude Code is an agentic coding tool. From 2.1.38 until 2.1.163, Claude Code's worktree handling allowed creation of worktrees named ".git" and navigation to worktrees … | Jun 29, 2026 |
| CVE-2026-49049 | HIGH | 7.5 | The Helix3 plugin for Joomla exposes an ajax handler task, that allows unauthenticated attackers to delete arbitrary files, write arbitrary JSON files and update template … | Jun 29, 2026 |
| CVE-2026-46406 | UNKNOWN | — | Claude Code is an agentic coding tool. From 2.1.59 until 2.1.128, the Claude Code /copy command wrote responses to a hardcoded, predictable path (/tmp/claude/response.md) without … | Jun 29, 2026 |
| CVE-2026-13579 | MEDIUM | 6.3 | A weakness has been identified in itsourcecode Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /patientchangepassword.php. Executing a … | Jun 29, 2026 |
| CVE-2026-13578 | MEDIUM | 6.3 | A security flaw has been discovered in itsourcecode Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /patientdetail.php. Performing … | Jun 29, 2026 |
| CVE-2026-13574 | LOW | 3.3 | A vulnerability was determined in llvm llvm-project up to 22.1.6. This impacts the function GCRelocateInst::getBasePtr in the library llvm/lib/IR/IntrinsicInst.cpp of the component Bitcode File Handler. … | Jun 29, 2026 |
| CVE-2026-13573 | LOW | 3.3 | A vulnerability was found in llvm llvm-project up to 22.1.6. This affects the function llvm::StringMap::insert in the library /lib/IR/ValueSymbolTable.cpp of the component ValueSymbolTable Module. The … | Jun 29, 2026 |
| CVE-2026-13572 | MEDIUM | 6.3 | A vulnerability has been found in itsourcecode Hospital Management System 1.0. The impacted element is an unknown function of the file /insertbillingrecord.php. The manipulation of … | Jun 29, 2026 |
| CVE-2026-13571 | MEDIUM | 5.3 | A flaw has been found in SourceCodester Simple Food Ordering System 1.0. The affected element is an unknown function of the file /cart.php. Executing a … | Jun 29, 2026 |
| CVE-2026-56457 | MEDIUM | 4.3 | HCL DevOps Deploy / HCL Launch is susceptible to an exposure of sensitive information vulnerability in output logs. This exposure could allow an attacker with … | Jun 29, 2026 |
| CVE-2026-54371 | HIGH | 7.1 | attr before version 2.6.0 contains a symlink traversal vulnerability in the getfattr and setfattr utilities that allows local attackers to escalate privileges by replacing a … | Jun 29, 2026 |
| CVE-2026-54370 | MEDIUM | 6.3 | acl before version 2.4.0 contains a time-of-check to time-of-use (TOCTOU) race condition vulnerability that allows local attackers to escalate privileges by replacing a pathname component … | Jun 29, 2026 |
| CVE-2026-54369 | HIGH | 7.1 | acl before version 2.4.0 contains a symlink traversal vulnerability in the libacl pathname-based functions acl_get_file(), acl_set_file(), acl_extended_file(), and acl_delete_def_file() that allows local attackers to escalate … | Jun 29, 2026 |
| CVE-2026-40524 | HIGH | 8.1 | FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the get_gl_transactions() function where the filter_type parameter is concatenated directly into a SQL IN() clause without … | Jun 29, 2026 |