Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
20560
Total
1471
Critical
6231
High
6522
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-40523 | HIGH | 8.1 | FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the Audit Trail report handler that allows authenticated attackers with SA_GLANALYTIC permission to execute arbitrary SQL … | Jun 29, 2026 |
| CVE-2026-40522 | HIGH | 7.1 | FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the Bank Statement report handler that allows authenticated attackers to extract arbitrary database data by injecting … | Jun 29, 2026 |
| CVE-2026-40521 | HIGH | 8.8 | FrontAccounting before 2.4.20 contains a path traversal vulnerability in the attachment upload handler that allows authenticated attackers to execute arbitrary code by uploading files with … | Jun 29, 2026 |
| CVE-2026-13676 | HIGH | 7.5 | fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode (IDN) hostnames for HTTP-family URLs. The IDN conversion path calls a helper that does … | Jun 29, 2026 |
| CVE-2026-13570 | LOW | 3.5 | A vulnerability was detected in SourceCodester Inventory Management System 1.0. Impacted is an unknown function of the file /api/users_handler.php of the component User Registration Endpoint. … | Jun 29, 2026 |
| CVE-2026-13569 | MEDIUM | 4.7 | A security vulnerability has been detected in weng-xianhu EyouCMS up to 1.7.1. This issue affects some unknown processing of the file /index.php of the component … | Jun 29, 2026 |
| CVE-2026-13568 | HIGH | 7.3 | A weakness has been identified in SourceCodester Inventory Management System 1.0. This vulnerability affects unknown code of the file /api/users_handler.php of the component User Registration … | Jun 29, 2026 |
| CVE-2026-13567 | MEDIUM | 4.3 | A security flaw has been discovered in code-projects Online Music Site 1.0. This affects an unknown part of the file /Frontend/Feedback.php of the component POST … | Jun 29, 2026 |
| CVE-2026-13566 | HIGH | 7.3 | A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. Affected by this issue is some unknown functionality of the file /preview3.php. The … | Jun 29, 2026 |
| CVE-2026-13565 | HIGH | 7.3 | A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0/1.php. Affected by this vulnerability is an unknown functionality of the file /edit_class1.php. Executing … | Jun 29, 2026 |
| CVE-2026-13165 | UNKNOWN | — | SzafirHost verifies the downloaded native library archive with one JarFile parser (reading the Central Directory) but extracts native libraries with JarInputStream parser (reading sequentially from … | Jun 29, 2026 |
| CVE-2026-12856 | HIGH | 8.8 | A flaw was found in the vscode-java extension, which provides Java language support for Visual Studio Code. The extension incorrectly trusts all Markdown content in … | Jun 29, 2026 |
| CVE-2026-12616 | UNKNOWN | — | The /v1/upload/sbom endpoint extracts the iss claim from the attacker-supplied JWT with signature verification disabled, then interpolates that string into three log statements before any … | Jun 29, 2026 |
| CVE-2026-11979 | UNKNOWN | — | libxml2 is vulnerable to multiple stack-based buffer overflows in the xmlcatalog utility when running in --shell mode. The usershell() function processes user input using fixed-size … | Jun 29, 2026 |
| CVE-2026-41992 | UNKNOWN | — | GNU gzip contains a global buffer overflow vulnerability in the LZH decompression logic caused by improper reuse of shared global state between different decompression formats … | Jun 29, 2026 |
| CVE-2026-41991 | UNKNOWN | — | GNU gzip contains a vulnerability in the gzexe utility related to insecure temporary file handling. When the mktemp utility is not available in the user’s … | Jun 29, 2026 |
| CVE-2026-13564 | HIGH | 8.8 | A vulnerability was found in Edimax EW-7478APC 1.04. Affected is the function formPPPoESetup of the file /goform/formPPPoESetup of the component POST Request Handler. Performing a … | Jun 29, 2026 |
| CVE-2026-13563 | HIGH | 8.8 | A vulnerability has been found in Edimax EW-7478APC 1.04. This impacts the function formL2TPSetup of the file /goform/formL2TPSetup of the component POST Request Handler. Such … | Jun 29, 2026 |
| CVE-2026-13562 | HIGH | 8.8 | A flaw has been found in Edimax EW-7478APC 1.04. This affects the function formiNICSiteSurvey of the file /goform/formiNICSiteSurvey of the component POST Request Handler. This … | Jun 29, 2026 |
| CVE-2026-13561 | MEDIUM | 6.3 | A vulnerability was detected in Edimax EW-7478APC 1.04. The impacted element is the function formiNICbasic of the file /goform/formiNICbasic of the component POST Request Handler. … | Jun 29, 2026 |
| CVE-2026-13560 | MEDIUM | 6.3 | A security vulnerability has been detected in Edimax EW-7478APC 1.04. The affected element is the function formAccept of the file /goform/formAccept of the component POST … | Jun 29, 2026 |
| CVE-2026-13559 | HIGH | 7.3 | A weakness has been identified in code-projects Real State Services 1.0. Impacted is an unknown function of the file /single-list_sale.php?action=add. Executing a manipulation of the … | Jun 29, 2026 |
| CVE-2026-13558 | LOW | 3.5 | A security flaw has been discovered in CodeAstro Complaint Management System 1.0. This issue affects some unknown processing of the file /report/addreport of the component … | Jun 29, 2026 |
| CVE-2026-57346 | HIGH | 7.1 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Epiphyt Embed Privacy allows Path Traversal. This issue affects Embed Privacy: from … | Jun 29, 2026 |
| CVE-2026-25707 | HIGH | 8.8 | A relative path traversal bug problem when processing repository metadata in libzypp before 17.38.10 could be used by remote attackers supplying repositories to overwrite files … | Jun 29, 2026 |