Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
0.0 NA
CVE-2026-5426 — KnowledgeDeliver deployments before February 24, 2026 use a static ASP.NET/IIS machineKey…

Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to February 24, 2026 allows adversaries to circumvent ViewState validation mechanisms and achieve remot…

| Misconfiguration
Apr 16, 2026 Apr 16, 2026
Apr 16, 2026
Apr 16, 2026
7.1 HIGH
CVE-2026-6409 — Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsi…

A Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untrusted input. Maliciously structured messages—specifically those containing negative varints or dee…

Remote | Denial of Service
Apr 16, 2026 Apr 16, 2026
Apr 16, 2026
Apr 16, 2026
8.2 HIGH
CVE-2026-3324 — Authentication Bypass

Zohocorp ManageEngine Log360 versions 13000 through 13013 are vulnerable to authentication bypass on certain actions due to improper filter configuration.

Remote | Authentication
Apr 16, 2026 Apr 16, 2026
Apr 16, 2026
Apr 16, 2026
0.0 NA
CVE-2026-37347 — SourceCodester Payroll Management and Information System SQL Injection Vulnerability

SourceCodester Payroll Management and Information System v1.0 is vulnerable to SQL Injection in the file /payroll/view_employee.php.

| Injection
Apr 16, 2026 Apr 16, 2026
Apr 16, 2026
Apr 16, 2026
0.0 NA
CVE-2026-37346 — SourceCodester Payroll Management and Information System SQL Injection

SourceCodester Payroll Management and Information System v1.0 is vulnerable to SQL Injection in the file /payroll/view_account.php?emp_id=.

| Injection
Apr 16, 2026 Apr 16, 2026
Apr 16, 2026
Apr 16, 2026
0.0 NA
CVE-2026-37345 — SourceCodester Vehicle Parking Area Management System SQL Injection

SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/manage_park.php.

| Injection
Apr 16, 2026 Apr 16, 2026
Apr 16, 2026
Apr 16, 2026
0.0 NA
CVE-2026-37344 — SourceCodester Vehicle Parking Area Management System SQL Injection

SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/manage_location.php.

| Injection
Apr 16, 2026 Apr 16, 2026
Apr 16, 2026
Apr 16, 2026
0.0 NA
CVE-2026-37343 — SourceCodester Vehicle Parking Area Management System SQL Injection Vulnerability

SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/manage_user.php.

| Injection
Apr 16, 2026 Apr 16, 2026
Apr 16, 2026
Apr 16, 2026
0.0 NA
CVE-2026-37342 — SourceCodester Vehicle Parking Area Management System SQL Injection

SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/view_parked_details.php.

| Injection
Apr 16, 2026 Apr 16, 2026
Apr 16, 2026
Apr 16, 2026
0.0 NA
CVE-2026-37341 — SourceCodester Vehicle Parking Area Management System SQL Injection

SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/manage_category.php.

| Injection
Apr 16, 2026 Apr 16, 2026
Apr 16, 2026
Apr 16, 2026
0.0 NA
CVE-2026-37340 — SourceCodester Simple Music Cloud Community System SQL Injection Vulnerability

SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/edit_music.php.

| Injection
Apr 16, 2026 Apr 16, 2026
Apr 16, 2026
Apr 16, 2026
0.0 NA
CVE-2026-37339 — SourceCodester Simple Music Cloud Community System SQL Injection Vulnerability

SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/view_genre.php.

| Injection
Apr 16, 2026 Apr 16, 2026
Apr 16, 2026
Apr 16, 2026
0.0 NA
CVE-2026-37338 — SourceCodester Simple Music Cloud Community System SQL Injection Vulnerability

SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/view_user.php.

| Injection
Apr 16, 2026 Apr 16, 2026
Apr 16, 2026
Apr 16, 2026
0.0 NA
CVE-2026-37337 — SourceCodester Simple Music Cloud Community System SQL Injection

SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/view_playlist.php.

| Injection
Apr 16, 2026 Apr 16, 2026
Apr 16, 2026
Apr 16, 2026
0.0 NA
CVE-2026-37336 — SourceCodester Simple Music Cloud Community System SQL Injection Vulnerability

SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/view_music.php.

| Injection
Apr 16, 2026 Apr 16, 2026
Apr 16, 2026
Apr 16, 2026
7.4 HIGH
CVE-2026-33804 — @fastify/middie vulnerable to middleware bypass via deprecated ignoreDuplicateSlashes opt…

@fastify/middie versions 9.3.1 and earlier are vulnerable to middleware bypass when the deprecated Fastify ignoreDuplicateSlashes option is enabled. The middleware path matching logic does not accoun…

| Authorization
Apr 16, 2026 Apr 16, 2026
Apr 16, 2026
Apr 16, 2026
0.0 NA
CVE-2026-30656 — "Fio NULL Pointer Dereference Vulnerability"

A NULL pointer dereference vulnerability exists in fio (Flexible I/O Tester) v3.41 when parsing job files containing the fdp_pli option. The callback function str_fdp_pli_cb() does not validate the i…

| Memory Corruption
Apr 16, 2026 Apr 16, 2026
Apr 16, 2026
Apr 16, 2026
0.0 NA
CVE-2026-30459 — Daylight Studio FuelCMS Password Reset Token Disclosure

An issue in the Forgot Password feature of Daylight Studio FuelCMS v1.5.2 allows unauthenticated attackers to obtain the password reset token of a victim user via a crafted link placed in a valid e-m…

| Information Disclosure
Apr 16, 2026 Apr 16, 2026
Apr 16, 2026
Apr 16, 2026
6.4 MEDIUM
CVE-2026-2840 — Email Encoder – Protect Email Addresses and Phone Numbers <= 2.4.4 - Authenticated (Contr…

The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'eeb_mailto' shortcode in all versions up to, and including, 2.…

Remote | Cross-Site Scripting
Apr 16, 2026 Apr 16, 2026
Apr 16, 2026
Apr 16, 2026
5.3 MEDIUM
CVE-2026-6410 — @fastify/static vulnerable to path traversal in directory listing

@fastify/static versions 8.0.0 through 9.1.0 allow path traversal when directory listing is enabled via the list option. The dirList.path() function resolves directories outside the configured static…

Remote | Path Traversal
Apr 16, 2026 Apr 16, 2026
Apr 16, 2026
Apr 16, 2026
Showing 20 of 6564 Results