Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
5.3 MEDIUM
CVE-2026-6035 — code-projects Vehicle Showroom Management System ServiceAndSalesReport.php cross site scr…

A vulnerability has been found in code-projects Vehicle Showroom Management System 1.0. The affected element is an unknown function of the file /BranchManagement/ServiceAndSalesReport.php. The manipu…

Remote | Cross-Site Scripting
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
5.3 MEDIUM
CVE-2026-6034 — code-projects Vehicle Showroom Management System ProfitAndLossReport.php cross site scrip…

A flaw has been found in code-projects Vehicle Showroom Management System 1.0. Impacted is an unknown function of the file /BranchManagement/ProfitAndLossReport.php. Executing a manipulation of the a…

Remote | Cross-Site Scripting
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
6.5 MEDIUM
CVE-2026-6033 — CodeAstro Online Classroom updatedetailsfromstudent.php sql injection

A vulnerability was determined in CodeAstro Online Classroom 1.0. Affected is an unknown function of the file /updatedetailsfromstudent.php?eno=146891650. Executing a manipulation of the argument fna…

Remote | Injection
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
5.3 MEDIUM
CVE-2026-6032 — code-projects Simple Laundry System checkcheckout.php cross site scripting

A vulnerability was found in code-projects Simple Laundry System 1.0. This impacts an unknown function of the file /checkcheckout.php. Performing a manipulation of the argument serviceId results in c…

Remote | Cross-Site Scripting
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
7.5 HIGH
CVE-2026-6031 — code-projects Simple IT Discussion Forum add-category-function.php sql injection

A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. This affects an unknown function of the file /add-category-function.php. Such manipulation of the argument Category lea…

Remote | Injection
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
6.0 MEDIUM
CVE-2026-5525 — Stack-Based Buffer Overflow in Notepad++ File Drop Handler leads to DoS

A stack-based buffer overflow vulnerability exists in Notepad++ version 8.9.3 in the file drop handler component. When a user drags and drops a directory path of exactly 259 characters without a trai…

| Memory Corruption
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
5.4 MEDIUM
CVE-2026-40212 — OpenStack Skyline DOM-Based Cross-Site Scripting (XSS)

OpenStack Skyline before 5.0.1, 6.0.0, and 7.0.0 has a DOM-based Cross-Site Scripting (XSS) vulnerability in the console because document.write is used unsafely, which is relevant in scenarios where …

Remote | Cross-Site Scripting
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
7.5 HIGH
CVE-2026-22750 — SSL bundle configuration silently bypassed in Spring Cloud Gateway

When configuring SSL bundles in Spring Cloud Gateway by using the configuration property spring.ssl.bundle, the configuration was silently ignored and the default SSL configuration was used instead. …

Remote | Misconfiguration
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
6.5 MEDIUM
CVE-2026-6030 — itsourcecode Construction Management System del1.php sql injection

A flaw has been found in itsourcecode Construction Management System 1.0. The impacted element is an unknown function of the file /del1.php. This manipulation of the argument toolname causes sql inje…

Remote | Injection
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
10.0 HIGH
CVE-2026-6029 — Totolink A7100RU CGI cstecgi.cgi setVpnAccountCfg os command injection

A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setVpnAccountCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipul…

Remote | Injection
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
10.0 HIGH
CVE-2026-6028 — Totolink A7100RU CGI cstecgi.cgi setPptpServerCfg os command injection

A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the function setPptpServerCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manip…

Remote | Injection
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
10.0 HIGH
CVE-2026-6027 — Totolink A7100RU CGI cstecgi.cgi setUrlFilterRules os command injection

A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. This issue affects the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a m…

Remote | Injection
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
10.0 HIGH
CVE-2026-6026 — Totolink A7100RU CGI cstecgi.cgi setPortalConfWeChat os command injection

A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This vulnerability affects the function setPortalConfWeChat of the file /cgi-bin/cstecgi.cgi of the component CGI Handler…

Remote | Injection
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
0.0 NA
CVE-2026-4432 — YITH WooCommerce Wishlist < 4.13.0 - Unauthenticated Arbitrary Wishlist Renaming via IDOR

The YITH WooCommerce Wishlist WordPress plugin before 4.13.0 does not properly validate wishlist ownership in the save_title() AJAX handler before allowing wishlist renaming operations. The function …

| Authorization
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
8.4 HIGH
CVE-2026-28704 — EmoCheck DLL Loading Vulnerability

Emocheck insecurely loads Dynamic Link Libraries (DLLs). If a crafted DLL file is placed to the same directory, an arbitrary code may be executed with the privilege of the user invoking EmoCheck.

| Misconfiguration
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
9.6 CRITICAL
CVE-2026-1115 — Stored XSS in parisneo/lollms

A Stored Cross-Site Scripting (XSS) vulnerability was identified in the social feature of parisneo/lollms, affecting the latest version prior to 2.2.0. The vulnerability exists in the `create_post` f…

Remote | Cross-Site Scripting
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
0.0 NA
CVE-2025-14545 — YML for Yandex Market < 5.0.26 - Shop Manager+ RCE via Feed Generation

The YML for Yandex Market WordPress plugin before 5.0.26 is vulnerable to Remote Code Execution via the feed generation process.

| Injection
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
10.0 HIGH
CVE-2026-6025 — Totolink A7100RU CGI cstecgi.cgi setSyslogCfg os command injection

A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the…

Remote | Injection
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
7.5 HIGH
CVE-2026-6024 — Tenda i6 HTTP R7WebsSecurityHandlerfunction path traversal

A vulnerability was determined in Tenda i6 1.0.0.7(2204). Affected by this issue is the function R7WebsSecurityHandlerfunction of the component HTTP Handler. This manipulation causes path traversal. …

Remote | Path Traversal
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
9.0 HIGH
CVE-2026-6016 — Tenda AC9 POST Request WizardHandle decodePwd stack-based overflow

A vulnerability was found in Tenda AC9 15.03.02.13. The affected element is the function decodePwd of the file /goform/WizardHandle of the component POST Request Handler. Performing a manipulation of…

Remote | Memory Corruption
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
Showing 20 of 6448 Results