Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
7.6 HIGH
CVE-2026-24782 — Kiteworks Secure Data Forms has a SQL Injection vulnerability

Kiteworks is a private data network (PDN). Prior to version 9.3.0,ultiple SQL Injection vulnerabilities in Kiteworks Secure Data Forms could be exploited by an authenticated attacker with the FormBui…

kiteworks | Remote | Injection
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
3.7 LOW
CVE-2026-24761 — Kiteworks Secure Data Forms is vulnerable to Authorization Bypass Through User-Controlled…

Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks Secure Data Forms allows an authenticated user to access metad…

kiteworks | Remote | Authorization
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
4.3 MEDIUM
CVE-2026-24756 — Kiteworks Secure Data Forms is vulnerable to Authorization Bypass Through User-Controlled…

Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks Secure Data Forms allows an authenticated user to modify resou…

kiteworks | Remote | Authorization
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
5.4 MEDIUM
CVE-2026-24755 — Kiteworks Secure Data Forms is vulnerable to Authorization Bypass Through User-Controlled…

Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks Secure Data Forms allows an authenticated user to modify permi…

kiteworks | Remote | Authorization
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
5.4 MEDIUM
CVE-2026-24754 — Kiteworks Secure Data Forms Vulnerable to Cross-site Scripting

Kiteworks is a private data network (PDN). Prior to version 9.3.0, a stored XSS vulnerability in Kiteworks Secure Data Forms could allow an authenticated attacker to execute arbitrary JavaScript code…

kiteworks | Remote | Cross-Site Scripting
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
6.5 MEDIUM
CVE-2026-24753 — Kiteworks Secure Data Forms is vulnerable to Authorization Bypass Through User-Controlled…

Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks Secure Data Forms allows an authenticated user to modify resou…

kiteworks | Remote | Authorization
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
8.2 HIGH
CVE-2026-24752 — Kiteworks Secure Data Forms Vulnerable to Cross-site Scripting

Kiteworks is a private data network (PDN). Prior to version 9.3.0, a reflected XSS vulnerability in Kiteworks Secure Data Forms could allow an external attacker to trick a user into executing arbitra…

kiteworks | Remote | Cross-Site Scripting
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
7.2 HIGH
CVE-2026-24092 — Improper Validation of Syntactic Correctness of Input in Display

Memory Corruption when processing fastboot commands to set display mode.

Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
7.2 HIGH
CVE-2026-24091 — Improper Validation of Syntactic Correctness of Input in Display

Memory corruption while processing fastboot commands with improperly formatted input.

Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
7.1 HIGH
CVE-2026-24090 — Missing Authentication for Critical Function in HLOS

Cryptographic issue while processing partition table entries allows unauthorized modification of boot flow.

Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
7.2 HIGH
CVE-2026-24089 — Improper Validation of Syntactic Correctness of Input in Kernel

Memory corruption while processing fastboot commands with invalid input.

Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
8.2 HIGH
CVE-2026-24088 — Missing Authentication for Critical Function in Boot

Cryptographic Issue while processing a specific partition which allows unauthorized write access to load a customized bootloader.

Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
7.2 HIGH
CVE-2026-24087 — Improper Validation of Syntactic Correctness of Input in Kernel

Memory corruption while processing fastboot OEM commands.

Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
7.2 HIGH
CVE-2026-24085 — Stack-based Buffer Overflow in Display

Memory Corruption when processing display command line information due to improper initialization of a variable.

Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
3.7 LOW
CVE-2026-10300 — SGLang Inference HTTP Endpoint lora_manager.py assertion

A security vulnerability has been detected in SGLang 0.5.10.post1. Impacted is an unknown function of the file python/sglang/srt/lora/lora_manager.py of the component Inference HTTP Endpoint. Such ma…

sglang | Remote | Misconfiguration
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
4.7 MEDIUM
CVE-2026-10299 — code-projects Online Hospital Management System viewdoctortimings.php resource injection

A weakness has been identified in code-projects Online Hospital Management System 1.0. This issue affects some unknown processing of the file viewdoctortimings.php. This manipulation of the argument …

online_hospital_management_system | Remote | Path Traversal
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
3.3 LOW
CVE-2026-10298 — ggml-org whisper.cpp ggml.c whisper_model_load null pointer dereference

A security flaw has been discovered in ggml-org whisper.cpp up to 1.8.2. This vulnerability affects the function whisper_model_load of the file ggml/src/ggml.c. The manipulation results in null point…

whisper.cpp | Memory Corruption
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
6.5 MEDIUM
CVE-2026-10297 — itsourcecode Fees Management System manage_course.php sql injection

A vulnerability was identified in itsourcecode Fees Management System 1.0. This affects an unknown part of the file /manage_course.php. The manipulation of the argument ID leads to sql injection. It …

fees_management_system | Remote | Injection
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
6.5 MEDIUM
CVE-2026-10296 — itsourcecode Fees Management System ajax.php sql injection

A vulnerability was determined in itsourcecode Fees Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php. Executing a manipulation of the argument Usernam…

fees_management_system | Remote | Injection
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
3.3 LOW
CVE-2026-10295 — SourceCodester Customer Review App review_app.py get_all_reviews denial of service

A vulnerability was found in SourceCodester Customer Review App 1.0. Affected by this vulnerability is the function add_review/save_review/get_all_reviews of the file review_app.py. Performing a mani…

customer_review_app | Denial of Service
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
Showing 20 of 7051 Results