Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
5.5 MEDIUM
CVE-2026-11515 — SourceCodester Barangay Resident Profiling and Information Management System Password Res…

A vulnerability has been found in SourceCodester Barangay Resident Profiling and Information Management System 1.0. The impacted element is an unknown function of the file passsword_reset.php of the …

Remote | Authentication
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
6.5 MEDIUM
CVE-2026-11514 — itsourcecode Hospital Management System addpatient.php sql injection

A flaw has been found in itsourcecode Hospital Management System 1.0. The affected element is an unknown function of the file /addpatient.php. This manipulation of the argument admissiontme causes sq…

Remote | Injection
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
6.5 MEDIUM
CVE-2026-11513 — itsourcecode Hospital Management System adminaccount.php sql injection

A vulnerability was detected in itsourcecode Hospital Management System 1.0. Impacted is an unknown function of the file /adminaccount.php. The manipulation of the argument Date results in sql inject…

Remote | Injection
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
5.0 MEDIUM
CVE-2026-11512 — itsourcecode Hospital Management System billing.php cross site scripting

A security vulnerability has been detected in itsourcecode Hospital Management System 1.0. This issue affects some unknown processing of the file /billing.php. The manipulation of the argument patien…

Remote | Cross-Site Scripting
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
4.0 MEDIUM
CVE-2026-11511 — Bolt CMS HTML Attribute TextType.php HTML injection

A weakness has been identified in Bolt CMS up to 3.7.5. This vulnerability affects unknown code of the file src/Storage/Field/Type/TextType.php of the component HTML Attribute Handler. Executing a ma…

Remote | Injection
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
7.4 HIGH
CVE-2026-50752 — Certificate Validation Bypass in VPN Site-to-Site Connections Using IKEv1

A weakness in the certificate validation logic of the deprecated IKEv1 key exchange may allow an unauthenticated attacker positioned as a man-in-the-middle to bypass certificate validation in VPN sit…

quantum_security_gateway | Remote | Authentication
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
0.0 NA
CVE-2026-50751 — User Authentication Bypass in VPN Remote Access and Mobile Access

A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish …

quantum_security_gateway | Authentication
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
9.5 CRITICAL
CVE-2026-47430 — Cordova Plugin InAppBrowser: iOS: Arbitrary Cordova callback IDs can be dispatched withou…

## Summary The iOS implementation of `cordova-plugin-inappbrowser` passes the `id` field from a `WKScriptMessage` body to `commandDelegate sendPluginResult:callbackId:` with no format validation (`C…

Remote | Authentication
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
6.4 MEDIUM
CVE-2026-3011 — Recipe Card Blocks Lite <= 3.4.13 - Authenticated (Author+) Stored Cross-Site Scripting v…

The Recipe Card Blocks Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the recipe block's 'summary' and 'notes' attributes in all versions up to, and including, 3.4.13. Thi…

Remote | Cross-Site Scripting
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
5.4 MEDIUM
CVE-2026-11569 — Quay: quay: stored xss via filedrop svg upload

A flaw was found in Quay. The filedrop endpoint accepts any mime type without validation, allowing an authenticated user with repository write access to upload a malicious SVG file containing JavaScr…

quay | Remote | Cross-Site Scripting
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
6.5 MEDIUM
CVE-2026-11510 — CodeAstro Leave Management System add_leave.php sql injection

A security flaw has been discovered in CodeAstro Leave Management System 1.0. This affects an unknown part of the file /admin/add_leave.php. Performing a manipulation of the argument type_of_leave re…

leave_management_system | Remote | Injection
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
6.5 MEDIUM
CVE-2026-11509 — CodeAstro Leave Management System search_staff_for_updation.php sql injection

A vulnerability was identified in CodeAstro Leave Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/search_staff_for_updation.php. Such manipulation of th…

leave_management_system | Remote | Injection
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
6.5 MEDIUM
CVE-2026-11508 — CodeAstro Leave Management System search_staff_to_assign_pc.php sql injection

A vulnerability was determined in CodeAstro Leave Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/search_staff_to_assign_pc.php. This manipulation…

leave_management_system | Remote | Injection
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
6.5 MEDIUM
CVE-2026-11507 — CodeAstro Leave Management System delete_leave_type.php sql injection

A vulnerability was found in CodeAstro Leave Management System 1.0. Affected is an unknown function of the file /admin/delete_leave_type.php. The manipulation of the argument leave_type results in sq…

leave_management_system | Remote | Injection
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
6.5 MEDIUM
CVE-2026-11506 — CodeAstro Leave Management System search_staff_for_deletion.php sql injection

A vulnerability has been found in CodeAstro Leave Management System 1.0. This impacts an unknown function of the file /admin/search_staff_for_deletion.php. The manipulation of the argument Name leads…

leave_management_system | Remote | Injection
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
5.0 MEDIUM
CVE-2026-11505 — GL.iNet XE3000 glnassys hard-coded key

A flaw has been found in GL.iNet A1300, AX1800, AXT1800, MT2500, MT3000, MT6000, X3000 and XE3000 4.8.x. This affects an unknown function of the component glnassys. Executing a manipulation can lead …

Remote | Cryptography
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
9.0 HIGH
CVE-2026-11504 — Tenda CX12L Wi-Fi Schedule Configuration Endpoint openSchedWifi setSchedWifi stack-based …

A vulnerability was detected in Tenda CX12L 16.03.53.12. The impacted element is the function setSchedWifi of the file /goform/openSchedWifi of the component Wi-Fi Schedule Configuration Endpoint. Pe…

cx12l | Remote | Memory Corruption
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
8.7 HIGH
CVE-2026-9506 — Path Traversal Vulnerability in Bagisto

This vulnerability exists in Bagisto due to improper validation of user-supplied input in the ImageCacheController component. An unauthenticated remote attacker could exploit this vulnerability by se…

bagisto | Remote | Path Traversal
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
9.0 HIGH
CVE-2026-11503 — Tenda CX12L Wi-Fi Configuration Endpoint fast_setting_wifi_set form_fast_setting_wifi_set…

A security vulnerability has been detected in Tenda CX12L 16.03.53.12. The affected element is the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set of the component Wi-Fi…

cx12l | Remote | Memory Corruption
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
3.1 LOW
CVE-2026-11502 — JeecgBoot Third-Party Login ThirdLoginController.java HttpServletResponse.sendRedirect re…

A weakness has been identified in JeecgBoot up to 3.9.2. Impacted is the function HttpServletResponse.sendRedirect of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/sys…

Remote | Misconfiguration
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
Showing 20 of 6834 Results