Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
9.8 CRITICAL
CVE-2026-51844 — Tenda AC7 Stack Buffer Overflow

Tenda AC7 v15.03.06.44 contains a stack buffer overflow vulnerability in the /goform/AdvSetMacMtuWan interface via the cloneType parameter.

Remote | Memory Corruption
Jun 19, 2026 Jun 22, 2026
Jun 19, 2026
Jun 22, 2026
9.8 CRITICAL
CVE-2026-51843 — Tenda AC7 Stack Buffer Overflow

Tenda AC7 v15.03.06.44 contains a stack buffer overflow vulnerability in the /goform/AdvSetMacMtuWan interface via the wanMTU parameter.

Remote | Memory Corruption
Jun 19, 2026 Jun 22, 2026
Jun 19, 2026
Jun 22, 2026
8.2 HIGH
CVE-2026-49260 — PhpWeasyPrint: shell command injection via configurable WeasyPrint binary path due to inv…

PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.5.1, `pontedilana/php-weasyprint` builds the shell command for WeasyPrint by passing the binary p…

| Injection
Jun 19, 2026 Jun 22, 2026
Jun 19, 2026
Jun 22, 2026
5.5 MEDIUM
CVE-2026-3196 — Qemu-kvm: virtio-snd: integer overflow leading to unbounded memory allocation

An integer overflow vulnerability was found in the virtio-snd device via PCM_INFO requests from the guest. A malicious guest can provide out-of-bounds stream counts, potentially leading to unbounded …

Jun 19, 2026 Jun 22, 2026
Jun 19, 2026
Jun 22, 2026
7.4 HIGH
CVE-2026-3195 — Qemu-kvm: virtio-snd: heap buffer overflow in virtio_snd_pcm_in_cb (incomplete fix for cv…

A flaw was found in QEMU. When reading input audio in the virtio-snd device input callback, the `virtio_snd_pcm_in_cb` function did not check whether the iov could fit the data buffer, potentially le…

Jun 19, 2026 Jun 30, 2026
Jun 19, 2026
Jun 30, 2026
8.8 HIGH
CVE-2019-25748 — Joomla JHotelReservation 6.0.7 SQL Injection via search-hotels

Joomla JHotelReservation 6.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the rooms parameter. …

Remote | Injection
Jun 19, 2026 Jun 22, 2026
Jun 19, 2026
Jun 22, 2026
8.8 HIGH
CVE-2017-20282 — Joomla! Component jCart for OpenCart 2.0 SQL Injection

Joomla! Component jCart for OpenCart 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the product_id para…

Remote | Injection
Jun 19, 2026 Jun 22, 2026
Jun 19, 2026
Jun 22, 2026
8.8 HIGH
CVE-2017-20281 — Joomla! Component Extra Search 2.2.8 SQL Injection

Joomla! Component Extra Search 2.2.8 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the establename paramet…

Remote | Injection
Jun 19, 2026 Jun 22, 2026
Jun 19, 2026
Jun 22, 2026
8.8 HIGH
CVE-2017-20280 — Joomla Component Myportfolio 3.0.2 SQL Injection via pid Parameter

Joomla Component Myportfolio 3.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the pid parameter. Attack…

Remote | Injection
Jun 19, 2026 Jun 23, 2026
Jun 19, 2026
Jun 23, 2026
8.8 HIGH
CVE-2017-20279 — Joomla Payage 2.05 SQL Injection via aid Parameter

Joomla Payage 2.05 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the aid parameter. Attackers can send GET…

Remote | Injection
Jun 19, 2026 Jun 22, 2026
Jun 19, 2026
Jun 22, 2026
8.8 HIGH
CVE-2017-20278 — Joomla JoomRecipe 1.0.3 SQL Injection via category parameter

Joomla Component JoomRecipe 1.0.3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the category parameter. At…

Remote | Injection
Jun 19, 2026 Jun 22, 2026
Jun 19, 2026
Jun 22, 2026
8.8 HIGH
CVE-2017-20277 — Joomla JoomRecipe 1.0.4 Component Blind SQL Injection via search_author

Joomla JoomRecipe 1.0.4 component contains a blind SQL injection vulnerability in the search_author parameter on the search results page. Attackers can inject SQL code through POST requests to the se…

Remote | Injection
Jun 19, 2026 Jun 23, 2026
Jun 19, 2026
Jun 23, 2026
8.8 HIGH
CVE-2017-20276 — Joomla! Component SIMGenealogy 2.1.5 SQL Injection

Joomla! Component SIMGenealogy 2.1.5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the type parameter. Att…

Remote | Injection
Jun 19, 2026 Jun 22, 2026
Jun 19, 2026
Jun 22, 2026
8.8 HIGH
CVE-2017-20275 — Joomla! Component PHP-Bridge 1.2.3 SQL Injection via id Parameter

Joomla! Component PHP-Bridge 1.2.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter.…

Remote | Injection
Jun 19, 2026 Jun 22, 2026
Jun 19, 2026
Jun 22, 2026
8.8 HIGH
CVE-2017-20274 — Joomla LMS King Professional 3.2.4.0 SQL Injection via learningpath

Joomla LMS King Professional 3.2.4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cp_id parameter. At…

Remote | Injection
Jun 19, 2026 Jun 23, 2026
Jun 19, 2026
Jun 23, 2026
8.8 HIGH
CVE-2017-20273 — Joomla Event Registration Pro Calendar 4.1.3 SQL Injection

Joomla Event Registration Pro Calendar 4.1.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id …

Remote | Injection
Jun 19, 2026 Jun 22, 2026
Jun 19, 2026
Jun 22, 2026
8.8 HIGH
CVE-2017-20272 — Joomla Ultimate Property Listing 1.0.2 SQL Injection via sf_selectuser_id

Joomla Ultimate Property Listing 1.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the sf_select…

Remote | Injection
Jun 19, 2026 Jun 22, 2026
Jun 19, 2026
Jun 22, 2026
8.8 HIGH
CVE-2017-20271 — Joomla StreetGuessr Game 1.1.8 SQL Injection via catid

Joomla StreetGuessr Game 1.1.8 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the catid parameter. …

Remote | Injection
Jun 19, 2026 Jun 23, 2026
Jun 19, 2026
Jun 23, 2026
8.8 HIGH
CVE-2017-20270 — Joomla! Component Twitch Tv 1.1 SQL Injection

Joomla! Component Twitch Tv 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the username and id …

Remote | Injection
Jun 19, 2026 Jun 22, 2026
Jun 19, 2026
Jun 22, 2026
8.8 HIGH
CVE-2017-20269 — Joomla! Component KissGallery 1.0.0 SQL Injection

Joomla! Component KissGallery 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the component URL path. Attackers can supply malicious…

Remote | Injection
Jun 19, 2026 Jun 22, 2026
Jun 19, 2026
Jun 22, 2026
Showing 20 of 7989 Results