Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
7.5 HIGH
CVE-2026-10777 — ealpha072 Student-Management-System Administrative Backend config.php improper authentica…

A vulnerability was identified in ealpha072 Student-Management-System up to 01451bd7a2f58cdda07bd0b86e3967582e3ecd08. Affected by this issue is some unknown functionality of the file admin/config.php…

Remote | Authentication
Jun 03, 2026 Jun 03, 2026
Jun 03, 2026
Jun 03, 2026
3.6 LOW
CVE-2026-10775 — sgl-project SGLang Cache data_hash denial of service

A vulnerability was determined in sgl-project SGLang up to 0.5.11. Affected by this vulnerability is the function data_hash of the component Cache Handler. This manipulation causes denial of service.…

| Denial of Service
Jun 03, 2026 Jun 03, 2026
Jun 03, 2026
Jun 03, 2026
0.0 NA
CVE-2026-46447 — OpenStack Ironic Boot Script Injection

OpenStack Ironic through 35.0.x allows Boot Script Injection.

| Injection
Jun 03, 2026 Jun 03, 2026
Jun 03, 2026
Jun 03, 2026
5.3 MEDIUM
CVE-2026-22055 — Active IQ OneCollect Hard-coded Credentials for AutoSupport Operations

Active IQ OneCollect version 2.7.3 contains hard-coded credentials that could allow an authenticated attacker with low privileges to perform unauthorized AutoSupport operations.

Remote | Authentication
Jun 03, 2026 Jun 03, 2026
Jun 03, 2026
Jun 03, 2026
5.3 MEDIUM
CVE-2026-22054 — Active IQ Config Advisor Hard-coded Credentials

Active IQ Config Advisor version 6.7.3 contains hard-coded credentials that could allow an authenticated attacker with low privileges to perform unauthorized AutoSupport operations.

Remote | Authentication
Jun 03, 2026 Jun 03, 2026
Jun 03, 2026
Jun 03, 2026
7.5 HIGH
CVE-2026-10771 — crmeb crmeb_java base64 Qrcode Endpoint RestTemplateUtil.java RestTemplate.getForEntity s…

A vulnerability was found in crmeb crmeb_java 1.4. Affected is the function RestTemplate.getForEntity of the file crmeb-common/src/main/java/com/zbkj/common/utils/RestTemplateUtil.java of the compone…

Remote | Server-Side Request Forgery
Jun 03, 2026 Jun 03, 2026
Jun 03, 2026
Jun 03, 2026
7.3 HIGH
CVE-2026-50033 — Acronis DeviceLock DLP DLL Hijacking Privilege Escalation

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.15051.93227.

| Misconfiguration
Jun 03, 2026 Jun 03, 2026
Jun 03, 2026
Jun 03, 2026
7.3 HIGH
CVE-2026-44682 — Acronis DeviceLock DLP DLL Hijacking Local Privilege Escalation

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.15051.93227.

| Misconfiguration
Jun 03, 2026 Jun 03, 2026
Jun 03, 2026
Jun 03, 2026
7.3 HIGH
CVE-2026-44609 — Acronis DeviceLock DLP Privilege Escalation via EXE Hijacking

Local privilege escalation due to EXE hijacking vulnerability. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.15051.93227.

| Misconfiguration
Jun 03, 2026 Jun 03, 2026
Jun 03, 2026
Jun 03, 2026
4.8 MEDIUM
CVE-2026-43924 — FOSSBilling has an open redirect via administrator-configured redirect targets

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the Redirect module does not validate the URL scheme of administrator-configured destination URLs befo…

Remote | Misconfiguration
Jun 03, 2026 Jun 03, 2026
Jun 03, 2026
Jun 03, 2026
7.3 HIGH
CVE-2026-42061 — Acronis DeviceLock DLP Privilege Escalation

Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.15051.93227.

| Authorization
Jun 03, 2026 Jun 03, 2026
Jun 03, 2026
Jun 03, 2026
6.9 MEDIUM
CVE-2026-40495 — FOSSBilling version exposed via asset cache buster

FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 leak the exact system version through asset cache buster parameters in HTML output, bypassing the `hid…

Remote | Information Disclosure
Jun 03, 2026 Jun 03, 2026
Jun 03, 2026
Jun 03, 2026
0.0 NA
CVE-2026-37700 — MaxSite CMS Cross-Site Scripting

Cross Site Scripting vulnerability in MaxSite CMS v.109.2 allows a remote attacker to obtain sensitive information via the Backend page file upload endpoint used by admin_page

| Cross-Site Scripting
Jun 03, 2026 Jun 03, 2026
Jun 03, 2026
Jun 03, 2026
0.0 NA
CVE-2026-26825 — libxls Use-After-Free

A use-of-uninitialized memory vulnerability exists in libxls 1.6.3 when parsing malformed XLS files. The issue is reachable via xls_parseWorkBook() and is triggered by uninitialized heap memory origi…

| Memory Corruption
Jun 03, 2026 Jun 03, 2026
Jun 03, 2026
Jun 03, 2026
0.0 NA
CVE-2026-26824 — libxls: Use of Uninitialized Memory in OLE Container Parser

libxls through version 1.6.3 contains a use of uninitialized memory vulnerability in the OLE container parser. Memory allocated for the Master Sector Allocation Table (MSAT) in read_MSAT() is not ful…

| Memory Corruption
Jun 03, 2026 Jun 03, 2026
Jun 03, 2026
Jun 03, 2026
3.6 LOW
CVE-2026-10766 — mlrun DataFrame Hash helpers.py mlrun.utils.helpers.calculate_dataframe_hash weak hash

A vulnerability has been found in mlrun up to 1.12.0-rc3. This impacts the function mlrun.utils.helpers.calculate_dataframe_hash of the file mlrun/utils/helpers.py of the component DataFrame Hash Han…

| Cryptography
Jun 03, 2026 Jun 03, 2026
Jun 03, 2026
Jun 03, 2026
0.0 NA
CVE-2026-8889 — CVE-2026-8889

Version 3.0.7 of the Securly Chrome Extension uses deprecated SHA-1 hashing for IWF CSAM URL matching (25,020 hashes) and CIPA blocklist matching (12,352 hashes).

| Cryptography
Jun 03, 2026 Jun 03, 2026
Jun 03, 2026
Jun 03, 2026
0.0 NA
CVE-2026-8888 — CVE-2026-8888

Version 3.0.7 of the Securly Chrome Extension downloads config.json over HTTP and compiles server-provided patterns as JavaScript regular expressions via new RegExp() without complexity validation. A…

| Denial of Service
Jun 03, 2026 Jun 03, 2026
Jun 03, 2026
Jun 03, 2026
0.0 NA
CVE-2026-8881 — CVE-2026-8881

Version 3.0.7 of the Securly Chrome Extension uses EVP_BytesToKey key derivation with MD5 and a single iteration for AES encryption. MD5 has been broken since 2004 and a single iteration provides no …

| Cryptography
Jun 03, 2026 Jun 03, 2026
Jun 03, 2026
Jun 03, 2026
0.0 NA
CVE-2026-8879 — CVE-2026-8879

Version 3.0.7 of the Securly Chrome Extension dynamically registers content13.min.js as a content script via chrome.scripting.registerContentScripts() at runtime. This script is NOT declared in manif…

| Misconfiguration
Jun 03, 2026 Jun 03, 2026
Jun 03, 2026
Jun 03, 2026
Showing 20 of 7137 Results