Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
10.0 HIGH
CVE-2026-6155 — Totolink A7100RU CGI cstecgi.cgi setWanCfg os command injection

A weakness has been identified in Totolink A7100RU 7.4cu.2313. The impacted element is the function setWanCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation o…

Remote | Injection
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
10.0 HIGH
CVE-2026-6154 — Totolink A7100RU CGI cstecgi.cgi setWizardCfg os command injection

A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performi…

Remote | Injection
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
7.5 HIGH
CVE-2026-6153 — code-projects Vehicle Showroom Management System StaffDetailsFunction.php sql injection

A vulnerability was identified in code-projects Vehicle Showroom Management System 1.0. Impacted is an unknown function of the file /util/StaffDetailsFunction.php. Such manipulation of the argument S…

Remote | Injection
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
5.6 MEDIUM
CVE-2026-34867 — Apache Multi-Mode Input System Double Free Vulnerability

Double free vulnerability in the multi-mode input system. Impact: Successful exploitation of this vulnerability may affect availability.

| Memory Corruption
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
4.1 MEDIUM
CVE-2026-34860 — Oracle Memo Access Control Bypass Vulnerability

Access control vulnerability in the memo module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.

| Authorization
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
7.3 HIGH
CVE-2026-34856 — Citrix Communication Module Use-After-Free Vulnerability

UAF vulnerability in the communication module. Impact: Successful exploitation of this vulnerability may affect availability.

| Memory Corruption
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
7.7 HIGH
CVE-2026-34853 — "Qualcomm LBS Module Permission Bypass Vulnerability"

Permission bypass vulnerability in the LBS module. Impact: Successful exploitation of this vulnerability may affect availability.

| Authorization
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
6.1 MEDIUM
CVE-2026-34852 — Media Platform Stack Overflow Vulnerability

Stack overflow vulnerability in the media platform. Impact: Successful exploitation of this vulnerability may affect availability.

| Memory Corruption
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
2.2 LOW
CVE-2026-34851 — Apache Event Notification Module Race Condition Attack

Race condition vulnerability in the event notification module. Impact: Successful exploitation of this vulnerability may affect availability.

| Race Condition
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
1.9 LOW
CVE-2026-34850 — Apache Notification Service Race Condition Vulnerability

Race condition vulnerability in the notification service. Impact: Successful exploitation of this vulnerability may affect availability.

| Race Condition
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
6.9 MEDIUM
CVE-2026-28553 — WordPress Theme Setting Module Permission Bypass

Vulnerability of improper permission control in the theme setting module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

| Authorization
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
6.3 MEDIUM
CVE-2026-6179 — Stored Cross Site Scripting in NightWolf Penetration Testing Platform

Stored Cross Site Scripting in NightWolf Penetration Testing Platform allows attack trigger and run malicious script in user's browser

Remote | Cross-Site Scripting
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
7.5 HIGH
CVE-2026-6152 — code-projects Vehicle Showroom Management System StaffAddingFunction.php sql injection

A vulnerability was determined in code-projects Vehicle Showroom Management System 1.0. This issue affects some unknown processing of the file /util/StaffAddingFunction.php. This manipulation of the …

Remote | Injection
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
7.5 HIGH
CVE-2026-6151 — code-projects Vehicle Showroom Management System PaymentStatusFunction.php sql injection

A vulnerability was found in code-projects Vehicle Showroom Management System 1.0. This vulnerability affects unknown code of the file /util/PaymentStatusFunction.php. The manipulation of the argumen…

Remote | Injection
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
5.3 MEDIUM
CVE-2026-6150 — code-projects Simple Laundry System checkupdatestatus.php cross site scripting

A vulnerability has been found in code-projects Simple Laundry System 1.0. This affects an unknown part of the file /checkupdatestatus.php. The manipulation of the argument serviceId leads to cross s…

Remote | Cross-Site Scripting
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
7.5 HIGH
CVE-2026-6149 — code-projects Vehicle Showroom Management System BookVehicleFunction.php sql injection

A flaw has been found in code-projects Vehicle Showroom Management System 1.0. Affected by this issue is some unknown functionality of the file /util/BookVehicleFunction.php. Executing a manipulation…

Remote | Injection
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
7.5 HIGH
CVE-2026-6148 — code-projects Vehicle Showroom Management System MonthTotalReportUpdateFunction.php sql i…

A vulnerability was detected in code-projects Vehicle Showroom Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /util/MonthTotalReportUpdateFunction.php. …

Remote | Injection
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
6.5 MEDIUM
CVE-2026-6143 — farion1231 cc-switch ProxyServer server.rs cross-domain policy

A security flaw has been discovered in farion1231 cc-switch up to 3.12.3. Affected by this issue is some unknown functionality of the file src-tauri/src/proxy/server.rs of the component ProxyServer. …

Remote | Misconfiguration
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
7.5 HIGH
CVE-2026-6142 — tushar-2223 Hotel Management System roomdelete.php sql injection

A vulnerability was identified in tushar-2223 Hotel Management System up to bb1f3b3666124b888f1e4bcf51b6fba9fbb01d15. Affected by this vulnerability is an unknown functionality of the file /admin/roo…

Remote | Injection
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
6.5 MEDIUM
CVE-2026-6141 — danielmiessler Personal_AI_Infrastructure parse_url.ts os command injection

A vulnerability was determined in danielmiessler Personal_AI_Infrastructure up to 2.3.0. Affected is an unknown function of the file Skills/Parser/Tools/parse_url.ts. Executing a manipulation can lea…

Remote | Injection
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
Showing 20 of 6134 Results