Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
6.5 MEDIUM
CVE-2026-6190 — itsourcecode Construction Management System employees.php sql injection

A vulnerability was found in itsourcecode Construction Management System 1.0. The impacted element is an unknown function of the file /employees.php. Performing a manipulation of the argument Name re…

Remote | Injection
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
7.5 HIGH
CVE-2026-6189 — SourceCodester Pharmacy Sales and Inventory System ajax.php sql injection

A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. The affected element is an unknown function of the file /ajax.php?action=login. Such manipulation of the argu…

Remote | Injection
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
5.3 MEDIUM
CVE-2026-39940 — ChurchCRM has an Open Redirect via the ‘linkBack’ URL Parameter in DonatedItemEditor.php

ChurchCRM is an open-source church management system. Prior to 7.0.0, it was possible in many places across the ChurchCRM application to create a link that, when visited by an authenticated user, wou…

Remote | Authentication
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
0.0 NA
CVE-2026-36952 — Sourcecodester Online Thesis Archiving System SQL Injection Vulnerability

Sourcecodester Online Thesis Archiving System v1.0 is vulnerable to SQL injection in the file /otas/admin/curriculum/manage_curriculum.php.

| Injection
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
0.0 NA
CVE-2026-36950 — Sourcecodester Online Thesis Archiving System SQL Injection

Sourcecodester Online Thesis Archiving System v1.0 is vulnerable to SQL injection in /otas/projects_per_department.php.

| Injection
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
0.0 NA
CVE-2026-36948 — Sourcecodester Online Thesis Archiving System SQL Injection Vulnerability

Sourcecodester Online Thesis Archiving System v1.0 is vulnerale to SQL injection in the file /otas/view_archive.php.

| Injection
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
4.0 MEDIUM
CVE-2026-33555 — HAProxy HTTP/3 Request Smuggling Vulnerability

An issue was discovered in HAProxy before 3.3.6. The HTTP/3 parser does not check that the received body length matches a previously announced content-length when the stream is closed via a frame wit…

Remote | Misconfiguration
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
9.3 CRITICAL
CVE-2026-23891 — Decidim has a Cross-site scripting (XSS) vulnerability via user name field

Decidim is a participatory democracy framework. In versions below 0.30.5 and 0.31.0.rc1 through 0.31.0, a stored code execution vulnerability in the user name field allows a low-privileged attacker t…

Remote | Injection
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
5.3 MEDIUM
CVE-2026-6231 — bson_validate may skip validation when processing certain inputs

The bson_validate function may return early on specific inputs and incorrectly report success. This behavior could result in skipping validation for BSON data, allowing malformed or invalid UTF-8 seq…

Remote | Misconfiguration
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
7.5 HIGH
CVE-2026-6188 — SourceCodester Pharmacy Sales and Inventory System ajax.php sql injection

A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Impacted is an unknown function of the file /ajax.php?action=delete_sales. This manipulation of the argument ID causes…

Remote | Injection
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
7.5 HIGH
CVE-2026-6187 — SourceCodester Pharmacy Sales and Inventory System ajax.php sql injection

A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. This issue affects some unknown processing of the file /ajax.php?action=chk_prod_availability. The manipulation…

Remote | Injection
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
9.0 HIGH
CVE-2026-6186 — UTT HiPER 1200GW formNatStaticMap strcpy buffer overflow

A security vulnerability has been detected in UTT HiPER 1200GW up to 2.5.3-170306. This vulnerability affects the function strcpy of the file /goform/formNatStaticMap. The manipulation of the argumen…

Remote | Memory Corruption
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
4.8 MEDIUM
CVE-2026-6184 — code-projects Simple Content Management System welcome.php cross site scripting

A weakness has been identified in code-projects Simple Content Management System 1.0. This affects an unknown part of the file /web/admin/welcome.php. Executing a manipulation of the argument News Ti…

Remote | Cross-Site Scripting
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
0.0 NA
CVE-2026-36938 — Sourcecodester Online Resort Management System SQL Injection Vulnerability

Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injection in /orms/admin/rooms/view_room.php.

| Injection
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
0.0 NA
CVE-2026-36937 — Sourcecodester Online Resort Management System SQL Injection Vulnerability

Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injection in /orms/admin/reservations/view_details.php.

| Injection
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
7.5 HIGH
CVE-2026-34188 — OS Command Injection in Event Response Execution

Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via Event Response execution. This issue affects Pandora FMS: from 777 through 800

Remote | Injection
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
8.7 HIGH
CVE-2026-34186 — SQL Injection in Custom Fields leads to Database Compromise

Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via custom fields. This issue affects Pandora FMS: from 777 through 800

Remote | Injection
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
8.7 HIGH
CVE-2026-30813 — SQL Injection in Module Search leads to Database Compromise

Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via module search. This issue affects Pandora FMS: from 777 through 800

Remote | Injection
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
2.1 LOW
CVE-2026-30812 — Stored Cross-Site Scripting in Event Comments via Filter Bypass

Improper Neutralization of Input During Web Page Generation vulnerability allows Stored Cross-Site Scripting via event comments. This issue affects Pandora FMS: from 777 through 800

Remote | Cross-Site Scripting
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
8.4 HIGH
CVE-2026-30811 — Missing Authorization in Configuration Ajax Endpoint leads to Information Disclosure

Missing Authorization vulnerability allows Exposure of Sensitive Information via configuration endpoint. This issue affects Pandora FMS: from 777 through 800

Remote | Authorization
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
Showing 20 of 6220 Results