Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
0.0 NA
CVE-2026-6577 — liangliangyy DjangoBlog logtracks Endpoint views.py missing authentication

A vulnerability was identified in liangliangyy DjangoBlog up to 2.1.0.0. The impacted element is an unknown function of the file owntracks/views.py of the component logtracks Endpoint. The manipulati…

| Authentication
Apr 19, 2026 Apr 19, 2026
Apr 19, 2026
Apr 19, 2026
6.5 MEDIUM
CVE-2026-6576 — liangliangyy DjangoBlog WeChat Bot commonapi.py CommandHandler command injection

A vulnerability was determined in liangliangyy DjangoBlog up to 2.1.0.0. The affected element is the function CommandHandler of the file servermanager/api/commonapi.py of the component WeChat Bot Int…

Remote | Injection
Apr 19, 2026 Apr 19, 2026
Apr 19, 2026
Apr 19, 2026
7.5 HIGH
CVE-2026-6574 — osuuu LightPicture API Upload Endpoint lp.sql hard-coded credentials

A vulnerability has been found in osuuu LightPicture up to 1.2.2. This issue affects some unknown processing of the file /public/install/lp.sql of the component API Upload Endpoint. Such manipulation…

Remote | Authentication
Apr 19, 2026 Apr 19, 2026
Apr 19, 2026
Apr 19, 2026
6.5 MEDIUM
CVE-2026-6573 — PHPEMS Instant Exam Creation exams.master.php temppage server-side request forgery

A vulnerability was detected in PHPEMS 11.0. This affects the function temppage of the file /app/exam/controller/exams.master.php of the component Instant Exam Creation Handler. The manipulation of t…

Remote | Server-Side Request Forgery
Apr 19, 2026 Apr 19, 2026
Apr 19, 2026
Apr 19, 2026
6.3 MEDIUM
CVE-2026-6572 — Collabora KodExplorer fileUpload Endpoint share.class.php improper authorization

A security vulnerability has been detected in Collabora KodExplorer up to 4.52. Affected by this issue is some unknown functionality of the file /app/controller/share.class.php of the component fileU…

Remote | Authorization
Apr 19, 2026 Apr 19, 2026
Apr 19, 2026
Apr 19, 2026
6.5 MEDIUM
CVE-2026-6571 — kodcloud KodExplorer systemRole.class.php roleGroupAction authorization

A weakness has been identified in kodcloud KodExplorer up to 4.52. Affected by this vulnerability is the function roleGroupAction of the file /app/controller/systemRole.class.php. Executing a manipul…

Remote | Authorization
Apr 19, 2026 Apr 19, 2026
Apr 19, 2026
Apr 19, 2026
5.1 MEDIUM
CVE-2026-6570 — kodcloud KodExplorer systemMember.class.php initInstall authorization

A security flaw has been discovered in kodcloud KodExplorer up to 4.52. Affected is the function initInstall of the file /app/controller/systemMember.class.php. Performing a manipulation of the argum…

Remote | Authorization
Apr 19, 2026 Apr 19, 2026
Apr 19, 2026
Apr 19, 2026
7.5 HIGH
CVE-2026-6569 — kodcloud KodExplorer fileGet Endpoint share.class.php improper authentication

A vulnerability was identified in kodcloud KodExplorer up to 4.52. This impacts the function fileGet of the file /app/controller/share.class.php of the component fileGet Endpoint. Such manipulation o…

Remote | Authentication
Apr 19, 2026 Apr 19, 2026
Apr 19, 2026
Apr 19, 2026
7.5 HIGH
CVE-2026-6568 — kodcloud KodExplorer Public Share share.class.php initShareOld path traversal

A vulnerability was determined in kodcloud KodExplorer up to 4.52. This affects the function share.class.php::initShareOld of the file /app/controller/share.class.php of the component Public Share Ha…

Remote | Path Traversal
Apr 19, 2026 Apr 19, 2026
Apr 19, 2026
Apr 19, 2026
5.3 MEDIUM
CVE-2026-6564 — EMQ EMQX Enterprise Session Handling improper authorization

A vulnerability was found in EMQ EMQX Enterprise up to 6.1.0. The impacted element is an unknown function of the component Session Handling. The manipulation results in improper authorization. It is …

Remote | Authorization
Apr 19, 2026 Apr 19, 2026
Apr 19, 2026
Apr 19, 2026
9.0 HIGH
CVE-2026-6563 — H3C Magic B1 aspForm SetAPWifiorLedInfoById buffer overflow

A vulnerability has been found in H3C Magic B1 up to 100R004. The affected element is the function SetAPWifiorLedInfoById of the file /goform/aspForm. The manipulation of the argument param leads to …

magic_b1_firmware | Remote | Memory Corruption
Apr 19, 2026 Apr 19, 2026
Apr 19, 2026
Apr 19, 2026
7.5 HIGH
CVE-2026-6562 — dameng100 muucmf index.html getListByPage sql injection

A flaw has been found in dameng100 muucmf 1.9.5.20260309. Impacted is the function getListByPage of the file /index/Search/index.html. Executing a manipulation of the argument keyword can lead to sql…

Remote | Injection
Apr 19, 2026 Apr 19, 2026
Apr 19, 2026
Apr 19, 2026
5.8 MEDIUM
CVE-2026-6561 — EyouCMS Index.php edit_adminlogo unrestricted upload

A vulnerability was detected in EyouCMS up to 1.7.1. This issue affects the function edit_adminlogo of the file application/admin/controller/Index.php. Performing a manipulation of the argument filen…

eyoucms | Remote | Authentication
Apr 19, 2026 Apr 19, 2026
Apr 19, 2026
Apr 19, 2026
9.0 HIGH
CVE-2026-6560 — H3C Magic B0 aspForm Edit_BasicSSID buffer overflow

A security vulnerability has been detected in H3C Magic B0 up to 100R002. This vulnerability affects the function Edit_BasicSSID of the file /goform/aspForm. Such manipulation of the argument param l…

magic_b0_firmware | Remote | Memory Corruption
Apr 19, 2026 Apr 19, 2026
Apr 19, 2026
Apr 19, 2026
5.3 MEDIUM
CVE-2026-6559 — Wavlink WL-WN579A3 login.cgi sub_401F80 cross site scripting

A weakness has been identified in Wavlink WL-WN579A3 220323. This affects the function sub_401F80 of the file /cgi-bin/login.cgi. This manipulation of the argument Hostname causes cross site scriptin…

wl-wn579a3_firmware | Remote | Cross-Site Scripting
Apr 19, 2026 Apr 19, 2026
Apr 19, 2026
Apr 19, 2026
6.4 MEDIUM
CVE-2026-0868 — EMC Scheduling Manager <= 4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting …

The EMC – Easily Embed Calendly Scheduling Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's calendly shortcode in all versions up to, and including, 4.4 due…

embed_calendly | Remote | Cross-Site Scripting
Apr 19, 2026 Apr 19, 2026
Apr 19, 2026
Apr 19, 2026
9.4 CRITICAL
CVE-2026-41242 — protobufjs has an arbitrary code execution issue

protobufjs compiles protobuf definitions into JavaScript (JS) functions. In versions prior to 8.0.1 and 7.5.5, attackers can inject arbitrary code in the "type" fields of protobuf definitions, which …

protobufjs | Remote | Injection
Apr 18, 2026 Apr 18, 2026
Apr 18, 2026
Apr 18, 2026
0.0 NA
CVE-2026-40948 — Apache Airflow: OAuth Login CSRF — Missing State Parameter in Keycloak Auth Manager

The Keycloak authentication manager in `apache-airflow-providers-keycloak` did not generate or validate the OAuth 2.0 `state` parameter on the login / login-callback flow, and did not use PKCE. An at…

airflow | Cross-Site Request Forgery
Apr 18, 2026 Apr 18, 2026
Apr 18, 2026
Apr 18, 2026
6.4 MEDIUM
CVE-2026-2986 — Contextual Related Posts <= 4.2.1 - Authenticated (Contributor+) Stored Cross-Site Script…

The Contextual Related Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'other_attributes' parameter in versions up to, and including, 4.2.1 due to insufficient input s…

Remote | Cross-Site Scripting
Apr 18, 2026 Apr 18, 2026
Apr 18, 2026
Apr 18, 2026
5.4 MEDIUM
CVE-2026-2505 — Categories Images <= 3.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via…

The Categories Images plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.3.1, via the 'z_taxonomy_image' shortcode. This is due to the shortcode ren…

Remote | Cross-Site Scripting
Apr 18, 2026 Apr 18, 2026
Apr 18, 2026
Apr 18, 2026
Showing 20 of 6096 Results