Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
5.1 MEDIUM
CVE-2026-57965 — Spice-vdagent: integer overflow in udscs_write() leading to heap buffer overflow

A flaw was found in spice-vdagent. A malicious or compromised SPICE host can trigger an integer overflow by sending a specially crafted message. This vulnerability can lead to a heap buffer overflow,…

enterprise_linux enterprise_linux | Denial of Service
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
4.3 MEDIUM
CVE-2026-57676 — WordPress Simple User Avatar plugin <= 4.9 - Insecure Direct Object References (IDOR) vul…

Authorization Bypass Through User-Controlled Key vulnerability in Matteo Manna Simple User Avatar allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Simple U…

Remote | Authorization
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
7.3 HIGH
CVE-2026-22078 — O+ Connect's lack of authentication for IPC channels led to a local privilege escalation …

Because O+ Connect's IPC service does not authenticate clients, external applications can escalate privileges and perform sensitive actions through the IPC channel.

| Authentication
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
6.8 MEDIUM
CVE-2026-13595 — Util-linux: util-linux: heap use-after-free in libblkid nested partition probing

A flaw was found in the libblkid library of util-linux. During nested partition probing, the BSD, Minix, Solaris x86, and UnixWare partition probers cache a raw pointer to a parent partition entry in…

Jun 29, 2026 Jun 30, 2026
Jun 29, 2026
Jun 30, 2026
7.5 HIGH
CVE-2026-13551 — itsourcecode Baptism Information Management System editBaptism.php sql injection

A security vulnerability has been detected in itsourcecode Baptism Information Management System 1.0. This affects an unknown function of the file /editBaptism.php. Such manipulation of the argument …

Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
7.5 HIGH
CVE-2026-13550 — itsourcecode Baptism Information Management System delbaptism.php sql injection

A weakness has been identified in itsourcecode Baptism Information Management System 1.0. The impacted element is an unknown function of the file /delbaptism.php. This manipulation of the argument ID…

Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
6.4 MEDIUM
CVE-2026-13549 — CodeAstro Complaint Management System Report Endpoint Report.php deletereport authorizati…

A security flaw has been discovered in CodeAstro Complaint Management System 1.0. The affected element is the function deletereport of the file application/controllers/Report.php of the component Rep…

complaint_management_system | Remote | Authorization
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
6.5 MEDIUM
CVE-2026-13548 — itsourcecode Hospital Management System doctortimings.php sql injection

A vulnerability was identified in itsourcecode Hospital Management System 1.0. Impacted is an unknown function of the file /doctortimings.php. The manipulation of the argument editid leads to sql inj…

hospital_management_system | Remote | Injection
Jun 29, 2026 Jun 30, 2026
Jun 29, 2026
Jun 30, 2026
7.5 HIGH
CVE-2026-13547 — Hanwang e-Face General Management Platform upload.do unrestricted upload

A vulnerability was determined in Hanwang e-Face General Management Platform 6.3.5.4. This issue affects some unknown processing of the file /manage/resourceUpload/upload.do. Executing a manipulation…

e-face_general_management_platform | Remote | Misconfiguration
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
7.5 HIGH
CVE-2026-13546 — Feehi CMS REST API Endpoint articles missing authentication

A vulnerability was found in Feehi CMS up to 2.1.1. This vulnerability affects unknown code of the file /api/articles of the component REST API Endpoint. Performing a manipulation results in missing …

cms | Remote | Authentication
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
9.0 HIGH
CVE-2026-13545 — D-Link DCS-935L POST Parameter setconf.cgi sub_400E40 os command injection

A vulnerability has been found in D-Link DCS-935L 1.10.01. This affects the function sub_400E40 of the file setconf.cgi of the component POST Parameter Handler. Such manipulation of the argument UID …

dcs-935l_firmware dcs-935l | Remote | Injection
Jun 29, 2026 Jun 30, 2026
Jun 29, 2026
Jun 30, 2026
4.3 MEDIUM
CVE-2026-9676 — f4 Post Tree < 2.0.5 - Subscriber+ Arbitrary Post Parent/Menu Order Modification

The F4 Post Tree WordPress plugin before 2.0.5 does not perform capability checks or CSRF/nonce verification on one of its AJAX actions, allowing authenticated users with Subscriber-level access and …

Remote | Authorization
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
6.5 MEDIUM
CVE-2026-13544 — Feehi CMS API users access control

A flaw has been found in Feehi CMS up to 2.1.1. Affected by this issue is some unknown functionality of the file /api/users of the component API. This manipulation causes improper access controls. Th…

cms | Remote | Authorization
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
5.6 MEDIUM
CVE-2026-13543 — Documenso Google OAuth Login handle-oauth-callback-url.ts improper authentication

A vulnerability was detected in Documenso up to 2.11.0. Affected by this vulnerability is an unknown functionality of the file packages/auth/server/lib/utils/handle-oauth-callback-url.ts of the compo…

documenso | Remote | Authentication
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
6.5 MEDIUM
CVE-2026-13542 — itsourcecode Hospital Management System doctorprofile.php sql injection

A security vulnerability has been detected in itsourcecode Hospital Management System 1.0. Affected is an unknown function of the file /doctorprofile.php. The manipulation of the argument doctorname …

hospital_management_system | Remote | Injection
Jun 29, 2026 Jun 30, 2026
Jun 29, 2026
Jun 30, 2026
6.5 MEDIUM
CVE-2026-13541 — itsourcecode Hospital Management System doctorchangepassword.php sql injection

A weakness has been identified in itsourcecode Hospital Management System 1.0. This impacts an unknown function of the file /doctorchangepassword.php. Executing a manipulation of the argument newpass…

hospital_management_system | Remote | Injection
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
6.5 MEDIUM
CVE-2026-13540 — GitBucket RepositoryCreationService.scala Git.cloneRepository.setURI server-side request …

A security flaw has been discovered in GitBucket up to 4.46.1. This affects the function Git.cloneRepository.setURI of the file src/main/scala/gitbucket/core/service/RepositoryCreationService.scala. …

gitbucket | Remote | Server-Side Request Forgery
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
9.0 HIGH
CVE-2026-13539 — Wavlink WL-NU516U1-A POST Parameter wireless.cgi sub_407504 stack-based overflow

A vulnerability was identified in Wavlink WL-NU516U1-A M16U1_V240425. The impacted element is the function sub_407504 of the file /cgi-bin/wireless.cgi of the component POST Parameter Handler. Such m…

wl-nu516u1-a | Remote | Memory Corruption
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
7.5 HIGH
CVE-2026-10083 — APCu Manager < 4.5.0 - Unauthenticated Stored XSS via Cache Key Pollution

The APCu Manager WordPress plugin before 4.5.0 does not escape APCu object-cache keys before rendering them in an admin-area page, leading to a Stored Cross-Site Scripting vulnerability. When a persi…

Remote | Cross-Site Scripting
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
6.8 MEDIUM
CVE-2025-7386 — Information exposure vulnerability in Hitachi Storage Navigator

Information exposure vulnerability in Hitachi Storage Navigator. This issue affects Hitachi Virtual Storage Platform 5100, 5200, 5500, 5600, 5100H, 5200H, 5500H, 5600H, VX8: before DKCMAIN Ver. 90-0…

Remote | Information Disclosure
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
Showing 20 of 7469 Results