Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
7.5 HIGH
CVE-2026-49049 — Joomla Extension - joomshaper.com - Unauthenticated access to Helix3 template ajax handler

The Helix3 plugin for Joomla exposes an ajax handler task, that allows unauthenticated attackers to delete arbitrary files, write arbitrary JSON files and update template parameters.

helix3 | Remote | Authorization
Jun 29, 2026 Jun 30, 2026
Jun 29, 2026
Jun 30, 2026
6.1 MEDIUM
CVE-2026-46406 — Claude Code: Insecure Temporary File in /copy Command Enables Response Disclosure and Sym…

Claude Code is an agentic coding tool. From 2.1.59 until 2.1.128, the Claude Code /copy command wrote responses to a hardcoded, predictable path (/tmp/claude/response.md) without UID isolation, rand…

claude_code claude_desktop | Information Disclosure
Jun 29, 2026 Jun 30, 2026
Jun 29, 2026
Jun 30, 2026
6.5 MEDIUM
CVE-2026-13579 — itsourcecode Hospital Management System patientchangepassword.php sql injection

A weakness has been identified in itsourcecode Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /patientchangepassword.php. Executing a manipulation of…

hospital_management_system | Remote | Injection
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
6.5 MEDIUM
CVE-2026-13578 — itsourcecode Hospital Management System patientdetail.php sql injection

A security flaw has been discovered in itsourcecode Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /patientdetail.php. Performing a manipulatio…

hospital_management_system | Remote | Injection
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
3.3 LOW
CVE-2026-13574 — llvm llvm-project Bitcode File IntrinsicInst.cpp getBasePtr heap-based overflow

A vulnerability was determined in llvm llvm-project up to 22.1.6. This impacts the function GCRelocateInst::getBasePtr in the library llvm/lib/IR/IntrinsicInst.cpp of the component Bitcode File Handl…

llvm-project | Memory Corruption
Jun 29, 2026 Jul 01, 2026
Jun 29, 2026
Jul 01, 2026
3.3 LOW
CVE-2026-13573 — llvm llvm-project ValueSymbolTable ValueSymbolTable.cpp insert stack-based overflow

A vulnerability was found in llvm llvm-project up to 22.1.6. This affects the function llvm::StringMap::insert in the library /lib/IR/ValueSymbolTable.cpp of the component ValueSymbolTable Module. Th…

llvm-project | Memory Corruption
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
6.5 MEDIUM
CVE-2026-13572 — itsourcecode Hospital Management System insertbillingrecord.php sql injection

A vulnerability has been found in itsourcecode Hospital Management System 1.0. The impacted element is an unknown function of the file /insertbillingrecord.php. The manipulation of the argument patie…

hospital_management_system | Remote | Injection
Jun 29, 2026 Jun 30, 2026
Jun 29, 2026
Jun 30, 2026
5.5 MEDIUM
CVE-2026-13571 — SourceCodester Simple Food Ordering System cart.php logic error

A flaw has been found in SourceCodester Simple Food Ordering System 1.0. The affected element is an unknown function of the file /cart.php. Executing a manipulation of the argument item_price can lea…

simple_food_ordering_system | Remote | Misconfiguration
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
4.3 MEDIUM
CVE-2026-56457 — HCL DevOps Deploy / HCL Launch is susceptible to an exposure of sensitive information

HCL DevOps Deploy / HCL Launch is susceptible to an exposure of sensitive information vulnerability in output logs. This exposure could allow an attacker with access to the logs to potentially obtain…

hcl_launch hcl_devops_deploy | Remote | Information Disclosure
Jun 29, 2026 Jul 02, 2026
Jun 29, 2026
Jul 02, 2026
8.4 HIGH
CVE-2026-54371 — attr < 2.6.0 Symlink Traversal Privilege Escalation via getfattr/setfattr

attr before version 2.6.0 contains a symlink traversal vulnerability in the getfattr and setfattr utilities that allows local attackers to escalate privileges by replacing a pathname component with a…

| Path Traversal
Jun 29, 2026 Jul 03, 2026
Jun 29, 2026
Jul 03, 2026
7.2 HIGH
CVE-2026-54370 — acl < 2.4.0 TOCTOU Symlink Traversal via getfacl/setfacl/chacl

acl before version 2.4.0 contains a time-of-check to time-of-use (TOCTOU) race condition vulnerability that allows local attackers to escalate privileges by replacing a pathname component with a symb…

| Race Condition
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
8.4 HIGH
CVE-2026-54369 — acl < 2.4.0 Symlink Traversal Privilege Escalation via libacl Functions

acl before version 2.4.0 contains a symlink traversal vulnerability in the libacl pathname-based functions acl_get_file(), acl_set_file(), acl_extended_file(), and acl_delete_def_file() that allows l…

| Path Traversal
Jun 29, 2026 Jul 02, 2026
Jun 29, 2026
Jul 02, 2026
8.1 HIGH
CVE-2026-40524 — FrontAccounting < 2.4.20 SQL Injection via get_gl_transactions()

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the get_gl_transactions() function where the filter_type parameter is concatenated directly into a SQL IN() clause without para…

frontaccounting | Remote | Injection
Jun 29, 2026 Jul 01, 2026
Jun 29, 2026
Jul 01, 2026
8.1 HIGH
CVE-2026-40523 — FrontAccounting < 2.4.20 SQL Injection via reporting/rep710.php

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the Audit Trail report handler that allows authenticated attackers with SA_GLANALYTIC permission to execute arbitrary SQL queri…

frontaccounting | Remote | Injection
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
7.1 HIGH
CVE-2026-40522 — FrontAccounting < 2.4.20 SQL Injection via rep601.php

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the Bank Statement report handler that allows authenticated attackers to extract arbitrary database data by injecting UNION SEL…

frontaccounting | Remote | Injection
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
8.8 HIGH
CVE-2026-40521 — FrontAccounting < 2.4.20 Path Traversal RCE via attachment upload

FrontAccounting before 2.4.20 contains a path traversal vulnerability in the attachment upload handler that allows authenticated attackers to execute arbitrary code by uploading files with traversal …

frontaccounting | Remote | Path Traversal
Jun 29, 2026 Jun 30, 2026
Jun 29, 2026
Jun 30, 2026
7.5 HIGH
CVE-2026-13676 — fast-uri vulnerable to host confusion via failed IDN canonicalization

fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode (IDN) hostnames for HTTP-family URLs. The IDN conversion path calls a helper that does not exist on the global URL constru…

fast-uri | Misconfiguration
Jun 29, 2026 Jul 02, 2026
Jun 29, 2026
Jul 02, 2026
4.0 MEDIUM
CVE-2026-13570 — SourceCodester Inventory Management System User Registration Endpoint users_handler.php c…

A vulnerability was detected in SourceCodester Inventory Management System 1.0. Impacted is an unknown function of the file /api/users_handler.php of the component User Registration Endpoint. Perform…

inventory_management_system | Remote | Cross-Site Scripting
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
5.8 MEDIUM
CVE-2026-13569 — weng-xianhu EyouCMS API index.php sql injection

A security vulnerability has been detected in weng-xianhu EyouCMS up to 1.7.1. This issue affects some unknown processing of the file /index.php of the component API. Such manipulation of the argumen…

eyoucms | Remote | Injection
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
7.5 HIGH
CVE-2026-13568 — SourceCodester Inventory Management System User Registration Endpoint users_handler.php a…

A weakness has been identified in SourceCodester Inventory Management System 1.0. This vulnerability affects unknown code of the file /api/users_handler.php of the component User Registration Endpoin…

inventory_management_system | Remote | Authorization
Jun 29, 2026 Jul 01, 2026
Jun 29, 2026
Jul 01, 2026
Showing 20 of 7999 Results