Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
0.0 NA
CVE-2026-9357 — vBulletin Login cross site scripting

A vulnerability was found in vBulletin 6.x. This impacts an unknown function of the component Login. Performing a manipulation results in cross site scripting. It is possible to initiate the attack r…

| Cross-Site Scripting
May 24, 2026 May 24, 2026
May 24, 2026
May 24, 2026
0.0 NA
CVE-2026-9356 — SourceCodester Hospitals Patient Records Management System manage_history.php sql injecti…

A vulnerability has been found in SourceCodester Hospitals Patient Records Management System 1.0. This affects an unknown function of the file /admin/patients/manage_history.php. Such manipulation of…

| Injection
May 24, 2026 May 24, 2026
May 24, 2026
May 24, 2026
0.0 NA
CVE-2026-9355 — SourceCodester Hospitals Patient Records Management System Master.php save_patient_histor…

A flaw has been found in SourceCodester Hospitals Patient Records Management System 1.0. The impacted element is an unknown function of the file /classes/Master.php?f=save_patient_history. This manip…

| Injection
May 24, 2026 May 24, 2026
May 24, 2026
May 24, 2026
0.0 NA
CVE-2026-9354 — NousResearch hermes-agent Slack Agent/Mattermost Agent escape output

A vulnerability was detected in NousResearch hermes-agent up to 2026.4.16. The affected element is an unknown function of the component Slack Agent/Mattermost Agent. The manipulation of the argument …

| Injection
May 24, 2026 May 24, 2026
May 24, 2026
May 24, 2026
0.0 NA
CVE-2026-9353 — NousResearch hermes-agent Skills Guard Multi-Word Prompt skills_guard.py injection

A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.23. Impacted is an unknown function of the file agent/skills_guard.py of the component Skills Guard Multi-Word Pro…

| Injection
May 24, 2026 May 24, 2026
May 24, 2026
May 24, 2026
0.0 NA
CVE-2026-3515 — Argument Injection in prefecthq/prefect

A vulnerability in the `GitHubRepository` block of the `prefect-github` integration in Prefect version 3.6.18 allows an attacker to inject arbitrary git command-line options via the `reference` field…

| Injection
May 24, 2026 May 24, 2026
May 24, 2026
May 24, 2026
0.0 NA
CVE-2026-9352 — NousResearch hermes-agent Messaging Gateway local.py _make_run_env information disclosure

A weakness has been identified in NousResearch hermes-agent up to 2026.4.23. This issue affects the function _make_run_env of the file tools/environments/local.py of the component Messaging Gateway H…

| Information Disclosure
May 24, 2026 May 24, 2026
May 24, 2026
May 24, 2026
0.0 NA
CVE-2026-9351 — NousResearch hermes-agent read_file Tool file_tools.py _is_blocked_device path traversal

A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.16. This vulnerability affects the function _is_blocked_device of the file tools/file_tools.py of the component read_file…

| Path Traversal
May 24, 2026 May 24, 2026
May 24, 2026
May 24, 2026
0.0 NA
CVE-2026-9350 — NousResearch hermes-agent Batch Runner approval.py check_all_command_guards authorization

A vulnerability was identified in NousResearch hermes-agent up to 2026.4.16. This affects the function check_all_command_guards of the file tools/approval.py of the component Batch Runner. Such manip…

| Authorization
May 24, 2026 May 24, 2026
May 24, 2026
May 24, 2026
0.0 NA
CVE-2026-9349 — calcom cal.diy Generic React API bookings-single-view.getServerSideProps.tsx getServerSid…

A vulnerability was determined in calcom cal.diy up to 4.9.4. Affected by this issue is the function getServerSideProps of the file apps/web/modules/bookings/views/bookings-single-view.getServerSideP…

| Information Disclosure
May 24, 2026 May 24, 2026
May 24, 2026
May 24, 2026
7.5 HIGH
CVE-2026-48829 — Apache GNU SASL NULL Pointer Dereference Vulnerability

In GNU SASL before 2.2.3, DIGEST-MD5 has a NULL pointer dereference affecting both clients and servers, via a known token with no accompanying = character. This occurs in lib/digest-md5/getsubopt.c.

Remote | Memory Corruption
May 24, 2026 May 24, 2026
May 24, 2026
May 24, 2026
0.0 NA
CVE-2026-9348 — Edimax EW-7438RPn webs mp stack-based overflow

A vulnerability was found in Edimax EW-7438RPn up to 1.31. Affected by this vulnerability is an unknown functionality of the file /goform/mp of the component webs. The manipulation of the argument we…

| Memory Corruption
May 24, 2026 May 24, 2026
May 24, 2026
May 24, 2026
0.0 NA
CVE-2026-9347 — Edimax EW-7438RPn webs formWizSurvey os command injection

A vulnerability has been found in Edimax EW-7438RPn up to 1.31. Affected is the function formWizSurvey of the file /goform/formWizSurvey of the component webs. The manipulation of the argument ip/mas…

| Injection
May 24, 2026 May 24, 2026
May 24, 2026
May 24, 2026
0.0 NA
CVE-2026-9346 — Edimax EW-7438RPn webs formWirelessTbl buffer overflow

A flaw has been found in Edimax EW-7438RPn up to 1.31. This impacts the function formWirelessTbl of the file /goform/formWirelessTbl of the component webs. Executing a manipulation of the argument su…

| Memory Corruption
May 24, 2026 May 24, 2026
May 24, 2026
May 24, 2026
0.0 NA
CVE-2026-9345 — Edimax EW-7438RPn webs formWizSurvey buffer overflow

A vulnerability was detected in Edimax EW-7438RPn up to 1.31. This affects the function formWizSurvey of the file /goform/formWizSurvey of the component webs. Performing a manipulation of the argumen…

| Memory Corruption
May 24, 2026 May 24, 2026
May 24, 2026
May 24, 2026
0.0 NA
CVE-2026-9344 — Edimax EW-7438RPn webs formWpsStart stack-based overflow

A security vulnerability has been detected in Edimax EW-7438RPn up to 1.31. The impacted element is an unknown function of the file /goform/formWpsStart of the component webs. Such manipulation of th…

| Memory Corruption
May 24, 2026 May 24, 2026
May 24, 2026
May 24, 2026
0.0 NA
CVE-2026-9343 — Edimax EW-7438RPn webs formWpsStart os command injection

A weakness has been identified in Edimax EW-7438RPn up to 1.31. The affected element is the function formWpsStart of the file /goform/formWpsStart of the component webs. This manipulation of the argu…

| Injection
May 23, 2026 May 23, 2026
May 23, 2026
May 23, 2026
0.0 NA
CVE-2026-9342 — SourceCodester Hospitals Patient Records Management System view_history.php sql injection

A security flaw has been discovered in SourceCodester Hospitals Patient Records Management System 1.0. Impacted is an unknown function of the file /admin/patients/view_history.php. The manipulation o…

| Injection
May 23, 2026 May 23, 2026
May 23, 2026
May 23, 2026
9.8 CRITICAL
CVE-2018-25357 — Dolibarr ERP CRM 7.0.3 Remote Code Evaluation via install/step1.php

Dolibarr ERP CRM 7.0.3 contains a remote code evaluation vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP code through the db_name parameter. Attackers c…

Remote | Injection
May 23, 2026 May 23, 2026
May 23, 2026
May 23, 2026
7.5 HIGH
CVE-2018-25358 — D-Link DIR601 2.02NA Credential Disclosure via my_cgi.cgi

D-Link DIR601 2.02NA contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration data by manipulating the table_name parameter in POST req…

Remote | Information Disclosure
May 23, 2026 May 23, 2026
May 23, 2026
May 23, 2026
Showing 20 of 5908 Results