Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
6.5 MEDIUM
CVE-2026-13561 — Edimax EW-7478APC POST Request formiNICbasic os command injection

A vulnerability was detected in Edimax EW-7478APC 1.04. The impacted element is the function formiNICbasic of the file /goform/formiNICbasic of the component POST Request Handler. The manipulation of…

Remote | Injection
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
6.5 MEDIUM
CVE-2026-13560 — Edimax EW-7478APC POST Request formAccept os command injection

A security vulnerability has been detected in Edimax EW-7478APC 1.04. The affected element is the function formAccept of the file /goform/formAccept of the component POST Request Handler. The manipul…

Remote | Injection
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
7.5 HIGH
CVE-2026-13559 — code-projects Real State Services single-list_sale.php add sql injection

A weakness has been identified in code-projects Real State Services 1.0. Impacted is an unknown function of the file /single-list_sale.php?action=add. Executing a manipulation of the argument ID can …

real_state_services | Remote | Injection
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
6.9 MEDIUM
CVE-2026-41992 — Global Buffer Overflow in GNU gzip

GNU gzip contains a global buffer overflow vulnerability in the LZH decompression logic caused by improper reuse of shared global state between different decompression formats within a single executi…

gzip | Memory Corruption
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
2.0 LOW
CVE-2026-41991 — Predictable Temporary File in GNU gzip

GNU gzip contains a vulnerability in the gzexe utility related to insecure temporary file handling. When the mktemp utility is not available in the user’s PATH, gzexe falls back to constructing a tem…

gzip | Race Condition
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
4.0 MEDIUM
CVE-2026-13558 — CodeAstro Complaint Management System Report addreport cross site scripting

A security flaw has been discovered in CodeAstro Complaint Management System 1.0. This issue affects some unknown processing of the file /report/addreport of the component Report Handler. Performing …

complaint_management_system | Remote | Cross-Site Scripting
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
8.8 HIGH
CVE-2026-25707 — Handcrafted repo metadata may cause arbitrary local files to be overwritten by libzypp

A relative path traversal bug problem when processing repository metadata in libzypp before 17.38.10 could be used by remote attackers supplying repositories to overwrite files on the system, leading…

Remote | Path Traversal
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
5.0 MEDIUM
CVE-2026-13557 — itsourcecode Online Hotel Management System POST Request controller.php add cross site sc…

A vulnerability was identified in itsourcecode Online Hotel Management System 1.0. This vulnerability affects unknown code of the file /admin/mod_room/controller.php?action=add of the component POST …

Remote | Cross-Site Scripting
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
7.1 HIGH
CVE-2026-57346 — WordPress Embed Privacy plugin <= 1.12.3 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Epiphyt Embed Privacy allows Path Traversal. This issue affects Embed Privacy: from n/a through 1.12.3.

Remote | Path Traversal
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
5.0 MEDIUM
CVE-2026-13556 — itsourcecode Online Hotel Management System POST Request controller.php edit cross site s…

A vulnerability was determined in itsourcecode Online Hotel Management System 1.0. This affects an unknown part of the file /admin/mod_users/controller.php?action=edit of the component POST Request H…

Remote | Cross-Site Scripting
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
7.5 HIGH
CVE-2026-13555 — itsourcecode Online Hotel Management System controller.php add sql injection

A vulnerability was found in itsourcecode Online Hotel Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/mod_users/controller.php?action=add. The manipula…

Remote | Injection
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
7.1 HIGH
CVE-2026-13601 — Yelp: yelp-xsl: overly permissive content security policy in yelp allows host file disclo…

A flaw was found in Yelp due to an overly permissive Content Security Policy (CSP) implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenU…

enterprise_linux enterprise_linux | Misconfiguration
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
5.0 MEDIUM
CVE-2026-13554 — itsourcecode Online Hotel Management System POST Request controller.php add cross site sc…

A vulnerability has been found in itsourcecode Online Hotel Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/mod_amenities/controller.php?action=ad…

Remote | Cross-Site Scripting
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
7.5 HIGH
CVE-2026-13553 — itsourcecode Online Hotel Management System controller.php add unrestricted upload

A flaw has been found in itsourcecode Online Hotel Management System 1.0. Affected is an unknown function of the file /admin/mod_amenities/controller.php?action=add. Executing a manipulation of the a…

Remote | Misconfiguration
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
7.5 HIGH
CVE-2026-13552 — itsourcecode Online Hotel Management System controller.php edit sql injection

A vulnerability was detected in itsourcecode Online Hotel Management System 1.0. This impacts an unknown function of the file /admin/mod_amenities/controller.php?action=edit. Performing a manipulatio…

Remote | Injection
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
7.5 HIGH
CVE-2026-13551 — itsourcecode Baptism Information Management System editBaptism.php sql injection

A security vulnerability has been detected in itsourcecode Baptism Information Management System 1.0. This affects an unknown function of the file /editBaptism.php. Such manipulation of the argument …

baptism_information_management_system | Remote | Injection
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
4.3 MEDIUM
CVE-2026-57676 — WordPress Simple User Avatar plugin <= 4.9 - Insecure Direct Object References (IDOR) vul…

Authorization Bypass Through User-Controlled Key vulnerability in Matteo Manna Simple User Avatar allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Simple U…

Remote | Authorization
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
7.5 HIGH
CVE-2026-13550 — itsourcecode Baptism Information Management System delbaptism.php sql injection

A weakness has been identified in itsourcecode Baptism Information Management System 1.0. The impacted element is an unknown function of the file /delbaptism.php. This manipulation of the argument ID…

baptism_information_management_system | Remote | Injection
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
6.9 MEDIUM
CVE-2026-9267 — tinydtls Out-of-Bounds Read in Certificate Handling

Eclipse tinydtls before commit b3efd41ad111a4920f599f51ffa4f5e9f1e72221 contains an out-of-bounds read vulnerability in the check_server_certificate() function that allows unauthenticated attackers t…

tinydtls | Remote | Memory Corruption
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
6.8 MEDIUM
CVE-2026-13595 — Util-linux: util-linux: heap use-after-free in libblkid nested partition probing

A flaw was found in the libblkid library of util-linux. During nested partition probing, the BSD, Minix, Solaris x86, and UnixWare partition probers cache a raw pointer to a parent partition entry in…

enterprise_linux openshift_container_platform enterprise_linux hardened_images | Memory Corruption
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
Showing 20 of 7362 Results