Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
6.5 MEDIUM
CVE-2026-16215 — geex-arts django-jet OAuth Credential Revoke authorization

A security flaw has been discovered in geex-arts django-jet up to 1.0.8. This impacts an unknown function of the component OAuth Credential Revoke Handler. Performing a manipulation results in missin…

Remote | Authorization
Jul 19, 2026 Jul 19, 2026
Jul 19, 2026
Jul 19, 2026
6.5 MEDIUM
CVE-2026-16214 — geex-arts django-jet Dashboard views.py authorization

A vulnerability was identified in geex-arts django-jet up to 1.0.8. This affects an unknown function of the file jet/dashboard/views.py of the component Dashboard Module. Such manipulation leads to a…

Remote | Authorization
Jul 19, 2026 Jul 19, 2026
Jul 19, 2026
Jul 19, 2026
4.8 MEDIUM
CVE-2026-16213 — Fantomas42 django-blog-zinnia Protected Entry Password entry_protection.py cleartext stor…

A security flaw has been discovered in Fantomas42 django-blog-zinnia up to 0.20. Affected by this vulnerability is an unknown functionality of the file zinnia/views/mixins/entry_protection.py of the …

| Cryptography
Jul 19, 2026 Jul 19, 2026
Jul 19, 2026
Jul 19, 2026
4.2 MEDIUM
CVE-2026-16212 — awesto django-shop Purchase Stock inventory.py race condition

A vulnerability was identified in awesto django-shop up to 1.2.4. Affected is an unknown function of the file shop/models/inventory.py of the component Purchase Stock Handler. The manipulation leads …

Remote | Race Condition
Jul 19, 2026 Jul 19, 2026
Jul 19, 2026
Jul 19, 2026
2.6 LOW
CVE-2026-16211 — allegro Hostname Allocation assets.py AssetLastHostname.increment_hostname race condition

A vulnerability was determined in allegro up to bcf65b994ef29fb3fc2e10b660e6288723d5209e. This impacts the function AssetLastHostname.increment_hostname of the file src/ralph/assets/models/assets.py …

| Race Condition
Jul 19, 2026 Jul 19, 2026
Jul 19, 2026
Jul 19, 2026
7.5 HIGH
CVE-2026-16210 — newpanjing simpleui AjaxAdmin AJAX Endpoint admin.py self.get_action missing authenticati…

A vulnerability was found in newpanjing simpleui 2026.01.13. This affects the function self.get_action of the file simpleui/admin.py of the component AjaxAdmin AJAX Endpoint. Performing a manipulatio…

Remote | Authentication
Jul 19, 2026 Jul 19, 2026
Jul 19, 2026
Jul 19, 2026
7.5 HIGH
CVE-2026-16209 — Gerapy Project Upload Endpoint views.py missing authentication

A vulnerability has been found in Gerapy up to 0.9.13. The impacted element is an unknown function of the file gerapy/server/core/views.py of the component Project Upload Endpoint. Such manipulation …

Remote | Authentication
Jul 19, 2026 Jul 19, 2026
Jul 19, 2026
Jul 19, 2026
5.0 MEDIUM
CVE-2026-16208 — django-tastypie throttle.py CacheDBThrottle race condition

A flaw has been found in django-tastypie up to 0.15.1. The affected element is the function CacheThrottle/CacheDBThrottle of the file tastypie/throttle.py. This manipulation causes race condition. Th…

Remote | Race Condition
Jul 19, 2026 Jul 19, 2026
Jul 19, 2026
Jul 19, 2026
6.3 MEDIUM
CVE-2026-16207 — django-tastypie authentication.py ApiKeyAuthentication get request method with sensitive …

A vulnerability was detected in django-tastypie up to 0.15.1. Impacted is the function ApiKeyAuthentication of the file tastypie/authentication.py. The manipulation results in use of get request meth…

Remote | Information Disclosure
Jul 19, 2026 Jul 19, 2026
Jul 19, 2026
Jul 19, 2026
6.5 MEDIUM
CVE-2026-16206 — django-oauth django-oauth-toolkit oauth2_validators.py _load_id_token session expiration

A security vulnerability has been detected in django-oauth django-oauth-toolkit 3.3.0. This issue affects the function _load_id_token of the file oauth2_provider/oauth2_validators.py. The manipulatio…

Remote | Information Disclosure
Jul 19, 2026 Jul 19, 2026
Jul 19, 2026
Jul 19, 2026
3.3 LOW
CVE-2026-16205 — Pluck CMS Albums albums.admin.php htmlspecialchars_decode cross site scripting

A weakness has been identified in Pluck CMS up to 4.7.21. This vulnerability affects the function htmlspecialchars_decode of the file data/modules/albums/albums.admin.php of the component Albums Modu…

Remote | Cross-Site Scripting
Jul 19, 2026 Jul 19, 2026
Jul 19, 2026
Jul 19, 2026
7.5 HIGH
CVE-2026-16204 — zevorn rt-claw Telegram-to-AI Tool Execution Flow script.c tool_run_script_execute code i…

A security flaw has been discovered in zevorn rt-claw up to 0.2.0. This affects the function tool_run_script_execute of the file claw/services/tools/script.c of the component Telegram-to-AI Tool Exec…

Remote | Injection
Jul 19, 2026 Jul 19, 2026
Jul 19, 2026
Jul 19, 2026
4.0 MEDIUM
CVE-2026-16203 — SourceCodester Class and Exam Timetabling System forCYS.php cross site scripting

A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. Affected by this issue is some unknown functionality of the file /forCYS.php. Such manipulation of the argument…

class_and_exam_timetabling_system | Remote | Cross-Site Scripting
Jul 19, 2026 Jul 19, 2026
Jul 19, 2026
Jul 19, 2026
4.0 MEDIUM
CVE-2026-16202 — SourceCodester Class and Exam Timetabling System CYS.php cross site scripting

A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0. Affected by this vulnerability is an unknown functionality of the file /CYS.php. This manipulation of the argum…

class_and_exam_timetabling_system | Remote | Cross-Site Scripting
Jul 19, 2026 Jul 19, 2026
Jul 19, 2026
Jul 19, 2026
5.5 MEDIUM
CVE-2026-16201 — zevorn rt-claw http_request net.c claw_net_post information disclosure

A vulnerability was found in zevorn rt-claw up to 0.2.0. Affected is the function claw_net_get/claw_net_post of the file claw/services/tools/net.c of the component http_request. The manipulation resu…

Remote | Information Disclosure
Jul 19, 2026 Jul 19, 2026
Jul 19, 2026
Jul 19, 2026
7.5 HIGH
CVE-2026-16200 — zevorn rt-claw RPC swarm.c claw_tool_invoke authorization

A vulnerability has been found in zevorn rt-claw up to 0.2.0. This impacts the function claw_tool_invoke of the file claw/services/swarm/swarm.c of the component RPC Handler. The manipulation leads t…

Remote | Authorization
Jul 19, 2026 Jul 19, 2026
Jul 19, 2026
Jul 19, 2026
6.5 MEDIUM
CVE-2026-16199 — nextlevelbuilder GoClaw credentialed_exec.go ExecTool.Execute improper authorization

A flaw has been found in nextlevelbuilder GoClaw up to 3.13.3-beta.3. This affects the function ExecTool.Execute of the file goclaw/internal/tools/credentialed_exec.go. Executing a manipulation can l…

goclaw | Remote | Authorization
Jul 19, 2026 Jul 19, 2026
Jul 19, 2026
Jul 19, 2026
5.6 MEDIUM
CVE-2026-16198 — Sipeed PicoClaw First Run Setup access_control.go authentication bypass

A vulnerability was detected in Sipeed PicoClaw up to 0.2.9. The impacted element is an unknown function of the file web/backend/middleware/access_control.go of the component First Run Setup. Perform…

picoclaw | Remote | Authentication
Jul 19, 2026 Jul 19, 2026
Jul 19, 2026
Jul 19, 2026
6.5 MEDIUM
CVE-2026-16197 — Sipeed PicoClaw Group Message feishu_64.go handleMessageReceive authorization

A security vulnerability has been detected in Sipeed PicoClaw up to 0.2.9. The affected element is the function handleMessageReceive of the file pkg/channels/feishu/feishu_64.go of the component Grou…

picoclaw | Remote | Authorization
Jul 18, 2026 Jul 18, 2026
Jul 18, 2026
Jul 18, 2026
6.5 MEDIUM
CVE-2026-16196 — Sipeed PicoClaw web_fetch web.go isPrivateOrRestrictedIP server-side request forgery

A weakness has been identified in Sipeed PicoClaw up to 0.2.9. Impacted is the function isPrivateOrRestrictedIP of the file pkg/tools/integration/web.go of the component web_fetch. This manipulation …

picoclaw | Remote | Server-Side Request Forgery
Jul 18, 2026 Jul 18, 2026
Jul 18, 2026
Jul 18, 2026
Showing 20 of 7789 Results