Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
0.0 NA
CVE-2026-13502 — antlr ANTLR4 Maven Plugin GrammarDependencies.java ObjectInputStream.readObject toctou

A flaw has been found in antlr ANTLR4 up to 4.13.2. This affects the function ObjectInputStream.readObject of the file antlr4-maven-plugin/src/main/java/org/antlr/mojo/antlr4/GrammarDependencies.java…

| Race Condition
Jun 28, 2026 Jun 28, 2026
Jun 28, 2026
Jun 28, 2026
0.0 NA
CVE-2026-13501 — antlr ANTLR4 gofmt GoTarget.java GoTarget command injection

A security vulnerability has been detected in antlr ANTLR4 up to 4.13.2. Affected by this vulnerability is the function GoTarget of the file tool/src/org/antlr/v4/codegen/target/GoTarget.java of the …

| Injection
Jun 28, 2026 Jun 28, 2026
Jun 28, 2026
Jun 28, 2026
0.0 NA
CVE-2026-13500 — antlr ANTLR4 Grammar Action Block OutputFile.java code injection

A weakness has been identified in antlr ANTLR4 up to 4.13.2. Affected is an unknown function of the file tool/src/org/antlr/v4/codegen/model/OutputFile.java of the component Grammar Action Block Hand…

| Injection
Jun 28, 2026 Jun 28, 2026
Jun 28, 2026
Jun 28, 2026
0.0 NA
CVE-2026-13499 — yashpokharna2555 restaurent-management-system Registration login_register.php cross site …

A security flaw has been discovered in yashpokharna2555 restaurent-management-system. This impacts an unknown function of the file login_register.php of the component Registration Handler. Performing…

| Cross-Site Scripting
Jun 28, 2026 Jun 28, 2026
Jun 28, 2026
Jun 28, 2026
7.5 HIGH
CVE-2026-13498 — yashpokharna2555 restaurent-management-system POST Parameter forgotpassword.php sql injec…

A vulnerability was identified in yashpokharna2555 restaurent-management-system. This affects an unknown function of the file /forgotpassword.php of the component POST Parameter Handler. Such manipul…

Remote | Injection
Jun 28, 2026 Jun 28, 2026
Jun 28, 2026
Jun 28, 2026
6.5 MEDIUM
CVE-2026-13497 — itsourcecode Hospital Management System appointment.php sql injection

A vulnerability was determined in itsourcecode Hospital Management System 1.0. The impacted element is an unknown function of the file /appointment.php. This manipulation of the argument editid cause…

hospital_management_system | Remote | Injection
Jun 28, 2026 Jun 28, 2026
Jun 28, 2026
Jun 28, 2026
6.5 MEDIUM
CVE-2026-13496 — itsourcecode Hospital Management System ajaxmedicine.php sql injection

A vulnerability was found in itsourcecode Hospital Management System 1.0. The affected element is an unknown function of the file /ajaxmedicine.php. The manipulation of the argument medicineid result…

hospital_management_system | Remote | Injection
Jun 28, 2026 Jun 28, 2026
Jun 28, 2026
Jun 28, 2026
5.8 MEDIUM
CVE-2026-13495 — itsourcecode Hospital Management System adminprofile.php sql injection

A vulnerability has been found in itsourcecode Hospital Management System 1.0. Impacted is an unknown function of the file /adminprofile.php. The manipulation of the argument loginid leads to sql inj…

hospital_management_system | Remote | Injection
Jun 28, 2026 Jun 28, 2026
Jun 28, 2026
Jun 28, 2026
3.1 LOW
CVE-2026-13493 — AIDC-AI ComfyUI-Copilot Workflow Checkpoint Restore conversation_api.py resource injection

A flaw has been found in AIDC-AI ComfyUI-Copilot up to 2.0.28. This issue affects some unknown processing of the file backend/controller/conversation_api.py of the component Workflow Checkpoint Resto…

Remote | Path Traversal
Jun 28, 2026 Jun 28, 2026
Jun 28, 2026
Jun 28, 2026
3.7 LOW
CVE-2026-13491 — 78 xiaozhi-esp32 MQTT Goodbye mqtt_protocol.cc GetInstance denial of service

A vulnerability was detected in 78 xiaozhi-esp32 up to 2.2.6. This vulnerability affects the function Application::GetInstance of the file main/protocols/mqtt_protocol.cc of the component MQTT Goodby…

Remote | Denial of Service
Jun 28, 2026 Jun 28, 2026
Jun 28, 2026
Jun 28, 2026
6.3 MEDIUM
CVE-2026-13490 — glpi-project glpi Document document.send.php canViewFile authorization

A security vulnerability has been detected in glpi-project glpi 11.0.5/11.0.6/11.0.7. This affects the function Document::canViewFile of the file front/document.send.php of the component Document Han…

glpi | Remote | Authorization
Jun 28, 2026 Jun 28, 2026
Jun 28, 2026
Jun 28, 2026
3.1 LOW
CVE-2026-13489 — 78 xiaozhi-esp32 MCP Response mcp_server.cc ParseMessage improper synchronization

A weakness has been identified in 78 xiaozhi-esp32 up to 2.2.6. Affected by this issue is the function ParseMessage of the file main/mcp_server.cc of the component MCP Response Handler. This manipula…

Remote | Race Condition
Jun 28, 2026 Jun 28, 2026
Jun 28, 2026
Jun 28, 2026
7.5 HIGH
CVE-2026-13488 — SourceCodester Class and Exam Timetabling System preview7.php sql injection

A security flaw has been discovered in SourceCodester Class and Exam Timetabling System 1.0/7.php. Affected by this vulnerability is an unknown functionality of the file /preview7.php. The manipulati…

class_and_exam_timetabling_system | Remote | Injection
Jun 28, 2026 Jun 28, 2026
Jun 28, 2026
Jun 28, 2026
7.5 HIGH
CVE-2026-13487 — SourceCodester Class and Exam Timetabling System archive.php sql injection

A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. Affected is an unknown function of the file /archive.php. The manipulation of the argument sy leads to sql inje…

class_and_exam_timetabling_system | Remote | Injection
Jun 28, 2026 Jun 28, 2026
Jun 28, 2026
Jun 28, 2026
7.5 HIGH
CVE-2026-13486 — SourceCodester Class and Exam Timetabling System preview6.php sql injection

A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0/6.php. This impacts an unknown function of the file /preview6.php. Executing a manipulation of the argument cour…

class_and_exam_timetabling_system | Remote | Injection
Jun 28, 2026 Jun 28, 2026
Jun 28, 2026
Jun 28, 2026
7.5 HIGH
CVE-2026-13485 — SourceCodester Class and Exam Timetabling System preview.php sql injection

A vulnerability was found in SourceCodester Class and Exam Timetabling System 1.0. This affects an unknown function of the file /preview.php. Performing a manipulation of the argument course_year_sec…

class_and_exam_timetabling_system | Remote | Injection
Jun 28, 2026 Jun 28, 2026
Jun 28, 2026
Jun 28, 2026
5.0 MEDIUM
CVE-2026-13484 — MLflow Experiment-scoped Label Schema CRUD API authorization

A vulnerability has been found in MLflow up to 4666cffc7912ea606d592fc38d6a75e2935f65e7. The impacted element is an unknown function of the component Experiment-scoped Label Schema CRUD API. Such man…

mlflow | Remote | Authorization
Jun 28, 2026 Jun 28, 2026
Jun 28, 2026
Jun 28, 2026
3.1 LOW
CVE-2026-13483 — arc53 DocsGPT Credential Storage encryption.py encrypt_credentials data authenticity

A flaw has been found in arc53 DocsGPT up to 0.18.0. The affected element is the function encrypt_credentials of the file application/security/encryption.py of the component Credential Storage. This …

docsgpt | Remote | Authentication
Jun 28, 2026 Jun 28, 2026
Jun 28, 2026
Jun 28, 2026
3.7 LOW
CVE-2026-13482 — skypilot-org skypilot User ID server.py username.encode weak hash

A vulnerability was detected in skypilot-org skypilot up to 0.12.0. Impacted is the function username.encode of the file sky/users/server.py of the component User ID Handler. The manipulation results…

skypilot | Remote | Cryptography
Jun 28, 2026 Jun 28, 2026
Jun 28, 2026
Jun 28, 2026
6.5 MEDIUM
CVE-2026-10593 — Remotely triggerable NULL-pointer dereference in Bluetooth LE Audio BAP unicast client Qo…

The Zephyr Bluetooth LE Audio Basic Audio Profile (BAP) unicast client mishandles peer-supplied ASE state notifications. In unicast_client_ep_qos_state() (subsys/bluetooth/audio/bap_unicast_client.c)…

zephyr zephyr | Denial of Service
Jun 28, 2026 Jun 28, 2026
Jun 28, 2026
Jun 28, 2026
Showing 20 of 7310 Results