Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
6.1 MEDIUM
CVE-2026-46406 — Claude Code: Insecure Temporary File in /copy Command Enables Response Disclosure and Sym…

Claude Code is an agentic coding tool. From 2.1.59 until 2.1.128, the Claude Code /copy command wrote responses to a hardcoded, predictable path (/tmp/claude/response.md) without UID isolation, rand…

claude_code claude_desktop | Information Disclosure
Jun 29, 2026 Jun 30, 2026
Jun 29, 2026
Jun 30, 2026
6.5 MEDIUM
CVE-2026-13579 — itsourcecode Hospital Management System patientchangepassword.php sql injection

A weakness has been identified in itsourcecode Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /patientchangepassword.php. Executing a manipulation of…

hospital_management_system | Remote | Injection
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
5.5 MEDIUM
CVE-2026-13571 — SourceCodester Simple Food Ordering System cart.php logic error

A flaw has been found in SourceCodester Simple Food Ordering System 1.0. The affected element is an unknown function of the file /cart.php. Executing a manipulation of the argument item_price can lea…

simple_food_ordering_system | Remote | Misconfiguration
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
10.0 CRITICAL
CVE-2026-56290 — Joomla Extension - joomlack.fr - Unauthenticated file upload in Page Builder CK extension…

The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.

Remote | Authentication
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
6.5 MEDIUM
CVE-2026-13578 — itsourcecode Hospital Management System patientdetail.php sql injection

A security flaw has been discovered in itsourcecode Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /patientdetail.php. Performing a manipulatio…

hospital_management_system | Remote | Injection
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
8.4 HIGH
CVE-2026-54371 — attr < 2.6.0 Symlink Traversal Privilege Escalation via getfattr/setfattr

attr before version 2.6.0 contains a symlink traversal vulnerability in the getfattr and setfattr utilities that allows local attackers to escalate privileges by replacing a pathname component with a…

| Path Traversal
Jun 29, 2026 Jun 30, 2026
Jun 29, 2026
Jun 30, 2026
7.2 HIGH
CVE-2026-54370 — acl < 2.4.0 TOCTOU Symlink Traversal via getfacl/setfacl/chacl

acl before version 2.4.0 contains a time-of-check to time-of-use (TOCTOU) race condition vulnerability that allows local attackers to escalate privileges by replacing a pathname component with a symb…

| Race Condition
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
8.4 HIGH
CVE-2026-54369 — acl < 2.4.0 Symlink Traversal Privilege Escalation via libacl Functions

acl before version 2.4.0 contains a symlink traversal vulnerability in the libacl pathname-based functions acl_get_file(), acl_set_file(), acl_extended_file(), and acl_delete_def_file() that allows l…

| Path Traversal
Jun 29, 2026 Jul 02, 2026
Jun 29, 2026
Jul 02, 2026
8.1 HIGH
CVE-2026-40524 — FrontAccounting < 2.4.20 SQL Injection via get_gl_transactions()

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the get_gl_transactions() function where the filter_type parameter is concatenated directly into a SQL IN() clause without para…

frontaccounting | Remote | Injection
Jun 29, 2026 Jul 01, 2026
Jun 29, 2026
Jul 01, 2026
8.1 HIGH
CVE-2026-40523 — FrontAccounting < 2.4.20 SQL Injection via reporting/rep710.php

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the Audit Trail report handler that allows authenticated attackers with SA_GLANALYTIC permission to execute arbitrary SQL queri…

frontaccounting | Remote | Injection
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
7.1 HIGH
CVE-2026-40522 — FrontAccounting < 2.4.20 SQL Injection via rep601.php

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the Bank Statement report handler that allows authenticated attackers to extract arbitrary database data by injecting UNION SEL…

frontaccounting | Remote | Injection
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
8.8 HIGH
CVE-2026-40521 — FrontAccounting < 2.4.20 Path Traversal RCE via attachment upload

FrontAccounting before 2.4.20 contains a path traversal vulnerability in the attachment upload handler that allows authenticated attackers to execute arbitrary code by uploading files with traversal …

frontaccounting | Remote | Path Traversal
Jun 29, 2026 Jun 30, 2026
Jun 29, 2026
Jun 30, 2026
4.0 MEDIUM
CVE-2026-13570 — SourceCodester Inventory Management System User Registration Endpoint users_handler.php c…

A vulnerability was detected in SourceCodester Inventory Management System 1.0. Impacted is an unknown function of the file /api/users_handler.php of the component User Registration Endpoint. Perform…

inventory_management_system | Remote | Cross-Site Scripting
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
5.8 MEDIUM
CVE-2026-13569 — weng-xianhu EyouCMS API index.php sql injection

A security vulnerability has been detected in weng-xianhu EyouCMS up to 1.7.1. This issue affects some unknown processing of the file /index.php of the component API. Such manipulation of the argumen…

eyoucms | Remote | Injection
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
7.5 HIGH
CVE-2026-13568 — SourceCodester Inventory Management System User Registration Endpoint users_handler.php a…

A weakness has been identified in SourceCodester Inventory Management System 1.0. This vulnerability affects unknown code of the file /api/users_handler.php of the component User Registration Endpoin…

inventory_management_system | Remote | Authorization
Jun 29, 2026 Jul 01, 2026
Jun 29, 2026
Jul 01, 2026
5.0 MEDIUM
CVE-2026-13567 — code-projects Online Music Site POST Request Feedback.php cross site scripting

A security flaw has been discovered in code-projects Online Music Site 1.0. This affects an unknown part of the file /Frontend/Feedback.php of the component POST Request Handler. The manipulation of …

online_music_site | Remote | Cross-Site Scripting
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
7.5 HIGH
CVE-2026-13566 — SourceCodester Class and Exam Timetabling System preview3.php sql injection

A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. Affected by this issue is some unknown functionality of the file /preview3.php. The manipulation of the argumen…

class_and_exam_timetabling_system | Remote | Injection
Jun 29, 2026 Jun 30, 2026
Jun 29, 2026
Jun 30, 2026
7.5 HIGH
CVE-2026-13565 — SourceCodester Class and Exam Timetabling System edit_class1.php sql injection

A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0/1.php. Affected by this vulnerability is an unknown functionality of the file /edit_class1.php. Executing a mani…

class_and_exam_timetabling_system | Remote | Injection
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
8.6 HIGH
CVE-2026-13165 — Remote Code Execution in SzafirHost

SzafirHost verifies the downloaded native library archive with one JarFile parser (reading the Central Directory) but extracts native libraries with JarInputStream parser (reading sequentially from l…

Remote | Supply Chain
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
8.8 HIGH
CVE-2026-12856 — Vscode-java: vscode: command injection vulnerability in the javadoc hover provider of the…

A flaw was found in the vscode-java extension, which provides Java language support for Visual Studio Code. The extension incorrectly trusts all Markdown content in JavaDoc hovers, allowing a malicio…

openshift_dev_spaces | Remote | Misconfiguration
Jun 29, 2026 Jun 30, 2026
Jun 29, 2026
Jun 30, 2026
Showing 20 of 7970 Results