Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
6.5 MEDIUM
CVE-2026-16223 — 1Panel-dev CordysCRM Third Party Edit Endpoint IntegrationConfigService.java getSqlBotSrc…

A vulnerability was determined in 1Panel-dev CordysCRM up to 1.4.1. Impacted is the function getSqlBotSrc of the file backend/crm/src/main/java/cn/cordys/crm/system/service/IntegrationConfigService.j…

cordyscrm | Remote | Server-Side Request Forgery
Jul 19, 2026 Jul 19, 2026
Jul 19, 2026
Jul 19, 2026
6.5 MEDIUM
CVE-2026-16222 — 1Panel-dev CordysCRM Third Party Endpoint TokenService.java server-side request forgery

A vulnerability was found in 1Panel-dev CordysCRM up to 1.4.1. This issue affects some unknown processing of the file backend/crm/src/main/java/cn/cordys/crm/integration/sso/service/TokenService.java…

cordyscrm | Remote | Server-Side Request Forgery
Jul 19, 2026 Jul 19, 2026
Jul 19, 2026
Jul 19, 2026
0.0 NA
CVE-2026-16226 — SourceCodester Pizzafy Ecommerce System admin_class_novo.php save_settings unrestricted u…

A weakness has been identified in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function save_settings of the file /admin/admin_class_novo.php. This manipulation of the argument img c…

pizzafy_ecommerce_system | Misconfiguration
Jul 19, 2026 Jul 19, 2026
Jul 19, 2026
Jul 19, 2026
0.0 NA
CVE-2026-16225 — davenardella snap7 s7_peer.cpp NegotiatePDULength out-of-bounds write

A security flaw has been discovered in davenardella snap7 up to 1.4.3. The impacted element is the function TSnap7Peer::NegotiatePDULength of the file src/core/s7_peer.cpp. The manipulation of the ar…

snap7 | Memory Corruption
Jul 19, 2026 Jul 19, 2026
Jul 19, 2026
Jul 19, 2026
0.0 NA
CVE-2026-16224 — jxxghp MoviePilot Application API improper authorization

A vulnerability was identified in jxxghp MoviePilot up to 2.13.5. The affected element is an unknown function of the file /jxxghp/MoviePilot of the component Application API. The manipulation leads t…

| Authorization
Jul 19, 2026 Jul 19, 2026
Jul 19, 2026
Jul 19, 2026
5.0 MEDIUM
CVE-2026-16220 — code-projects Online Examination System account.php cross site scripting

A vulnerability has been found in code-projects Online Examination System 1.0. This vulnerability affects unknown code of the file /account.php?q=quiz. Such manipulation of the argument eid/n/t leads…

Remote | Cross-Site Scripting
Jul 19, 2026 Jul 19, 2026
Jul 19, 2026
Jul 19, 2026
6.5 MEDIUM
CVE-2026-16219 — Croogo CMS Admin File Manager FileManager.php isEditable path traversal

A flaw has been found in Croogo CMS up to 4.0.7. This affects the function FileManager::isEditable of the file FileManager/src/Utility/FileManager.php of the component Admin File Manager. This manipu…

Remote | Path Traversal
Jul 19, 2026 Jul 19, 2026
Jul 19, 2026
Jul 19, 2026
2.6 LOW
CVE-2026-16218 — hunvreus devpush Storage Reset Failure storage.py reset_storage improper check or handlin…

A vulnerability was detected in hunvreus devpush up to 0.4.6. Affected by this issue is the function reset_storage of the file app/workers/tasks/storage.py of the component Storage Reset Failure Hand…

| Misconfiguration
Jul 19, 2026 Jul 19, 2026
Jul 19, 2026
Jul 19, 2026
6.5 MEDIUM
CVE-2026-16217 — guohongze adminset Delivery Deployment Endpoint deli.py authorization

A security vulnerability has been detected in guohongze adminset up to 0.61. Affected by this vulnerability is an unknown functionality of the file delivery/deli.py of the component Delivery Deployme…

Remote | Authorization
Jul 19, 2026 Jul 19, 2026
Jul 19, 2026
Jul 19, 2026
5.0 MEDIUM
CVE-2026-16216 — geex-arts django-jet OAuth cross-site request forgery

A weakness has been identified in geex-arts django-jet up to 1.0.8. Affected is an unknown function of the component OAuth Handler. Executing a manipulation can lead to cross-site request forgery. Th…

Remote | Cross-Site Request Forgery
Jul 19, 2026 Jul 19, 2026
Jul 19, 2026
Jul 19, 2026
6.5 MEDIUM
CVE-2026-16215 — geex-arts django-jet OAuth Credential Revoke authorization

A security flaw has been discovered in geex-arts django-jet up to 1.0.8. This impacts an unknown function of the component OAuth Credential Revoke Handler. Performing a manipulation results in missin…

Remote | Authorization
Jul 19, 2026 Jul 19, 2026
Jul 19, 2026
Jul 19, 2026
6.5 MEDIUM
CVE-2026-16214 — geex-arts django-jet Dashboard views.py authorization

A vulnerability was identified in geex-arts django-jet up to 1.0.8. This affects an unknown function of the file jet/dashboard/views.py of the component Dashboard Module. Such manipulation leads to a…

Remote | Authorization
Jul 19, 2026 Jul 19, 2026
Jul 19, 2026
Jul 19, 2026
4.8 MEDIUM
CVE-2026-16213 — Fantomas42 django-blog-zinnia Protected Entry Password entry_protection.py cleartext stor…

A security flaw has been discovered in Fantomas42 django-blog-zinnia up to 0.20. Affected by this vulnerability is an unknown functionality of the file zinnia/views/mixins/entry_protection.py of the …

| Cryptography
Jul 19, 2026 Jul 19, 2026
Jul 19, 2026
Jul 19, 2026
4.2 MEDIUM
CVE-2026-16212 — awesto django-shop Purchase Stock inventory.py race condition

A vulnerability was identified in awesto django-shop up to 1.2.4. Affected is an unknown function of the file shop/models/inventory.py of the component Purchase Stock Handler. The manipulation leads …

Remote | Race Condition
Jul 19, 2026 Jul 19, 2026
Jul 19, 2026
Jul 19, 2026
2.6 LOW
CVE-2026-16211 — allegro Hostname Allocation assets.py AssetLastHostname.increment_hostname race condition

A vulnerability was determined in allegro up to bcf65b994ef29fb3fc2e10b660e6288723d5209e. This impacts the function AssetLastHostname.increment_hostname of the file src/ralph/assets/models/assets.py …

| Race Condition
Jul 19, 2026 Jul 19, 2026
Jul 19, 2026
Jul 19, 2026
7.5 HIGH
CVE-2026-16210 — newpanjing simpleui AjaxAdmin AJAX Endpoint admin.py self.get_action missing authenticati…

A vulnerability was found in newpanjing simpleui 2026.01.13. This affects the function self.get_action of the file simpleui/admin.py of the component AjaxAdmin AJAX Endpoint. Performing a manipulatio…

Remote | Authentication
Jul 19, 2026 Jul 19, 2026
Jul 19, 2026
Jul 19, 2026
7.5 HIGH
CVE-2026-16209 — Gerapy Project Upload Endpoint views.py missing authentication

A vulnerability has been found in Gerapy up to 0.9.13. The impacted element is an unknown function of the file gerapy/server/core/views.py of the component Project Upload Endpoint. Such manipulation …

Remote | Authentication
Jul 19, 2026 Jul 19, 2026
Jul 19, 2026
Jul 19, 2026
5.0 MEDIUM
CVE-2026-16208 — django-tastypie throttle.py CacheDBThrottle race condition

A flaw has been found in django-tastypie up to 0.15.1. The affected element is the function CacheThrottle/CacheDBThrottle of the file tastypie/throttle.py. This manipulation causes race condition. Th…

Remote | Race Condition
Jul 19, 2026 Jul 19, 2026
Jul 19, 2026
Jul 19, 2026
6.3 MEDIUM
CVE-2026-16207 — django-tastypie authentication.py ApiKeyAuthentication get request method with sensitive …

A vulnerability was detected in django-tastypie up to 0.15.1. Impacted is the function ApiKeyAuthentication of the file tastypie/authentication.py. The manipulation results in use of get request meth…

Remote | Information Disclosure
Jul 19, 2026 Jul 19, 2026
Jul 19, 2026
Jul 19, 2026
6.5 MEDIUM
CVE-2026-16206 — django-oauth django-oauth-toolkit oauth2_validators.py _load_id_token session expiration

A security vulnerability has been detected in django-oauth django-oauth-toolkit 3.3.0. This issue affects the function _load_id_token of the file oauth2_provider/oauth2_validators.py. The manipulatio…

Remote | Information Disclosure
Jul 19, 2026 Jul 19, 2026
Jul 19, 2026
Jul 19, 2026
Showing 20 of 7776 Results