Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
4.0 MEDIUM
CVE-2026-16202 — SourceCodester Class and Exam Timetabling System CYS.php cross site scripting

A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0. Affected by this vulnerability is an unknown functionality of the file /CYS.php. This manipulation of the argum…

class_and_exam_timetabling_system | Remote | Cross-Site Scripting
Jul 19, 2026 Jul 19, 2026
Jul 19, 2026
Jul 19, 2026
5.5 MEDIUM
CVE-2026-16201 — zevorn rt-claw http_request net.c claw_net_post information disclosure

A vulnerability was found in zevorn rt-claw up to 0.2.0. Affected is the function claw_net_get/claw_net_post of the file claw/services/tools/net.c of the component http_request. The manipulation resu…

Remote | Information Disclosure
Jul 19, 2026 Jul 19, 2026
Jul 19, 2026
Jul 19, 2026
7.5 HIGH
CVE-2026-16200 — zevorn rt-claw RPC swarm.c claw_tool_invoke authorization

A vulnerability has been found in zevorn rt-claw up to 0.2.0. This impacts the function claw_tool_invoke of the file claw/services/swarm/swarm.c of the component RPC Handler. The manipulation leads t…

Remote | Authorization
Jul 19, 2026 Jul 19, 2026
Jul 19, 2026
Jul 19, 2026
6.5 MEDIUM
CVE-2026-16199 — nextlevelbuilder GoClaw credentialed_exec.go ExecTool.Execute improper authorization

A flaw has been found in nextlevelbuilder GoClaw up to 3.13.3-beta.3. This affects the function ExecTool.Execute of the file goclaw/internal/tools/credentialed_exec.go. Executing a manipulation can l…

goclaw | Remote | Authorization
Jul 19, 2026 Jul 19, 2026
Jul 19, 2026
Jul 19, 2026
5.6 MEDIUM
CVE-2026-16198 — Sipeed PicoClaw First Run Setup access_control.go authentication bypass

A vulnerability was detected in Sipeed PicoClaw up to 0.2.9. The impacted element is an unknown function of the file web/backend/middleware/access_control.go of the component First Run Setup. Perform…

picoclaw | Remote | Authentication
Jul 19, 2026 Jul 19, 2026
Jul 19, 2026
Jul 19, 2026
6.5 MEDIUM
CVE-2026-16197 — Sipeed PicoClaw Group Message feishu_64.go handleMessageReceive authorization

A security vulnerability has been detected in Sipeed PicoClaw up to 0.2.9. The affected element is the function handleMessageReceive of the file pkg/channels/feishu/feishu_64.go of the component Grou…

picoclaw | Remote | Authorization
Jul 18, 2026 Jul 18, 2026
Jul 18, 2026
Jul 18, 2026
6.5 MEDIUM
CVE-2026-16196 — Sipeed PicoClaw web_fetch web.go isPrivateOrRestrictedIP server-side request forgery

A weakness has been identified in Sipeed PicoClaw up to 0.2.9. Impacted is the function isPrivateOrRestrictedIP of the file pkg/tools/integration/web.go of the component web_fetch. This manipulation …

picoclaw | Remote | Server-Side Request Forgery
Jul 18, 2026 Jul 18, 2026
Jul 18, 2026
Jul 18, 2026
6.5 MEDIUM
CVE-2026-16195 — Sipeed PicoClaw Group Message wecom.go dispatchIncoming authorization

A security flaw has been discovered in Sipeed PicoClaw up to 0.2.9. This issue affects the function dispatchIncoming of the file pkg/channels/wecom/wecom.go of the component Group Message Handler. Th…

picoclaw | Remote | Authorization
Jul 18, 2026 Jul 18, 2026
Jul 18, 2026
Jul 18, 2026
8.8 HIGH
CVE-2026-10130 — QueryWeaver Authentication Bypass via Email Signup Token Issuance for Existing Accounts

QueryWeaver contains an authentication bypass vulnerability that allows unauthenticated attackers to obtain valid session tokens for existing accounts by submitting a signup request with a known vict…

Remote | Authentication
Jul 18, 2026 Jul 18, 2026
Jul 18, 2026
Jul 18, 2026
6.5 MEDIUM
CVE-2026-16194 — zhayujie CowAgent web_fetch.py WebFetch.execute server-side request forgery

A vulnerability was determined in zhayujie CowAgent up to 2.1.1. This affects the function WebFetch.execute of the file agent/tools/web_fetch/web_fetch.py. Executing a manipulation of the argument ur…

cowagent | Remote | Server-Side Request Forgery
Jul 18, 2026 Jul 18, 2026
Jul 18, 2026
Jul 18, 2026
4.0 MEDIUM
CVE-2026-16156 — SourceCodester Class and Exam Timetabling System forexam.php cross site scripting

A security flaw has been discovered in SourceCodester Class and Exam Timetabling System 1.0. This affects an unknown part of the file /forexam.php. The manipulation of the argument day results in cro…

class_and_exam_timetabling_system | Remote | Cross-Site Scripting
Jul 18, 2026 Jul 18, 2026
Jul 18, 2026
Jul 18, 2026
7.2 HIGH
CVE-2026-57857 — Flow Payment Plugin for WordPress Reflected Cross-Site Scripting via error_message Parame…

The Flow Payment plugin for WordPress (flow.cl) version 3.0.8 is vulnerable to reflected cross-site scripting on the WooCommerce checkout page. When the plugin handles an order cancellation, the erro…

Remote | Cross-Site Scripting
Jul 18, 2026 Jul 18, 2026
Jul 18, 2026
Jul 18, 2026
4.0 MEDIUM
CVE-2026-16155 — SourceCodester Class and Exam Timetabling System schoolyr.php cross site scripting

A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. Affected by this issue is some unknown functionality of the file /schoolyr.php. The manipulation of the argumen…

class_and_exam_timetabling_system | Remote | Cross-Site Scripting
Jul 18, 2026 Jul 18, 2026
Jul 18, 2026
Jul 18, 2026
7.5 HIGH
CVE-2026-16154 — SourceCodester Class and Exam Timetabling System edit_room1.php sql injection

A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0/1.php. Affected by this vulnerability is an unknown functionality of the file /edit_room1.php. Executing a manip…

class_and_exam_timetabling_system | Remote | Injection
Jul 18, 2026 Jul 18, 2026
Jul 18, 2026
Jul 18, 2026
7.5 HIGH
CVE-2026-16152 — SourceCodester Class and Exam Timetabling System edit_rooma.php sql injection

A vulnerability was found in SourceCodester Class and Exam Timetabling System 1.0. Affected is an unknown function of the file /edit_rooma.php. Performing a manipulation of the argument ID results in…

class_and_exam_timetabling_system | Remote | Injection
Jul 18, 2026 Jul 18, 2026
Jul 18, 2026
Jul 18, 2026
8.7 HIGH
CVE-2026-12228 — Stored XSS in Direct Messages via Prompt Sharing in parisneo/lollms

A stored cross-site scripting (XSS) vulnerability exists in the `POST /api/prompts/share` endpoint of parisneo/lollms (latest version). The endpoint stores attacker-controlled `prompt_content` into `…

Remote | Cross-Site Scripting
Jul 18, 2026 Jul 18, 2026
Jul 18, 2026
Jul 18, 2026
6.8 MEDIUM
CVE-2026-57848 — Stoat for Android Internal File Disclosure via Exported ShareTargetActivity URI Validation

Stoat for Android exports the chat.stoat.activities.ShareTargetActivity component (reachable to any process on the device via the android.intent.action.SEND intent) and accepts the file to share as a…

| Information Disclosure
Jul 18, 2026 Jul 18, 2026
Jul 18, 2026
Jul 18, 2026
7.7 HIGH
CVE-2026-53994 — ProFTPD mod_sftp Heap Buffer Overflow via Unsigned Integer Underflow and Size Truncation

ProFTPD mod_sftp contains a heap-based buffer overflow reachable by an authenticated SFTP user. The fxp_packet_read() function accepts the attacker-supplied 32-bit big-endian SFTP packet length witho…

Remote | Memory Corruption
Jul 18, 2026 Jul 18, 2026
Jul 18, 2026
Jul 18, 2026
6.5 MEDIUM
CVE-2026-16151 — CartoDB carto-api-client filters.ts addFilter prototype pollution

A vulnerability has been found in CartoDB carto-api-client 0.5.29. This impacts the function addFilter of the file src/filters.ts. Such manipulation of the argument column leads to improperly control…

Remote | Misconfiguration
Jul 18, 2026 Jul 18, 2026
Jul 18, 2026
Jul 18, 2026
6.5 MEDIUM
CVE-2026-16150 — RobinHerbots Inputmask Internal Deep Merge Helper extend.js extendAliases prototype pollu…

A vulnerability was found in RobinHerbots Inputmask up to 5.0.9. Affected by this issue is the function extendDefaults/extendDefinitions/extendAliases in the library lib/dependencyLibs/extend.js of t…

Remote | Misconfiguration
Jul 18, 2026 Jul 18, 2026
Jul 18, 2026
Jul 18, 2026
Showing 20 of 7788 Results