Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
0.0 NA
CVE-2026-13526 — SourceCodester Class and Exam Timetabling System edit_class.php sql injection

A flaw has been found in SourceCodester Class and Exam Timetabling System 1.0. Impacted is an unknown function of the file /edit_class.php. This manipulation of the argument ID causes sql injection. …

class_and_exam_timetabling_system | Injection
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
0.0 NA
CVE-2026-13525 — CodeAstro Human Resource Management System Update_Earn_Leave Endpoint Employee_model.php …

A vulnerability was detected in CodeAstro Human Resource Management System 1.0. This issue affects the function emselectByCode of the file application/models/Employee_model.php of the component Updat…

human_resource_management_system | Injection
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
0.0 NA
CVE-2026-13524 — CherryHQ cherry-studio MCP OAuth Local Callback Server callback.ts improper authorization

A security vulnerability has been detected in CherryHQ cherry-studio up to 1.9.6. This vulnerability affects unknown code of the file src/main/services/mcp/oauth/callback.ts of the component MCP OAut…

| Authorization
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
0.0 NA
CVE-2026-13523 — GPAC ISOBMFF base_encoding.c data amplification

A weakness has been identified in GPAC up to 26.02.0. This affects an unknown part of the file src/utils/base_encoding.c of the component ISOBMFF Parser. Executing a manipulation can lead to highly c…

| Denial of Service
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
0.0 NA
CVE-2026-13522 — Investintech SlimPDFReader PDF File SlimPDFReader.exe TeighaDo+0x25cde0 out-of-bounds

A security flaw has been discovered in Investintech SlimPDFReader up to 2.0.14. Affected by this issue is the function SlimPDFReader!Investintech::PCV::TeighaDo+0x25cde0 of the file SlimPDFReader.exe…

slimpdfreader | Memory Corruption
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
0.0 NA
CVE-2026-13521 — SourceCodester Class and Exam Timetabling System preview5.php sql injection

A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0/5.php. Affected by this vulnerability is an unknown functionality of the file /preview5.php. Such manipulation o…

class_and_exam_timetabling_system | Injection
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
0.0 NA
CVE-2026-13520 — itsourcecode Hospital Management System Appointment appointmentapproval.php sql injection

A vulnerability was determined in itsourcecode Hospital Management System 1.0. Affected is an unknown function of the file /appointmentapproval.php of the component Appointment Handler. This manipula…

hospital_management_system | Injection
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
0.0 NA
CVE-2026-13519 — Tenda JD12L NatStaticSetting fromNatStaticSetting stack-based overflow

A vulnerability was found in Tenda JD12L 16.03.53.23. This impacts the function fromNatStaticSetting of the file /goform/NatStaticSetting. The manipulation of the argument page results in stack-based…

| Memory Corruption
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
0.0 NA
CVE-2026-13518 — Tenda JD12L addressNat fromAddressNat stack-based overflow

A vulnerability has been found in Tenda JD12L 16.03.53.23. This affects the function fromAddressNat of the file /goform/addressNat. The manipulation of the argument page leads to stack-based buffer o…

| Memory Corruption
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
0.0 NA
CVE-2026-13517 — Tenda JD12L WifiBasicSet formWifiBasicSet stack-based overflow

A flaw has been found in Tenda JD12L 16.03.53.23. The impacted element is the function formWifiBasicSet of the file /goform/WifiBasicSet. Executing a manipulation of the argument security_5g can lead…

| Memory Corruption
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
0.0 NA
CVE-2026-13516 — Tenda JD12L WifiGuestSet fromSetWifiGusetBasic stack-based overflow

A vulnerability was detected in Tenda JD12L 16.03.53.23. The affected element is the function fromSetWifiGusetBasic of the file /goform/WifiGuestSet. Performing a manipulation of the argument shareSp…

| Memory Corruption
Jun 28, 2026 Jun 28, 2026
Jun 28, 2026
Jun 28, 2026
0.0 NA
CVE-2026-13515 — Tenda JD12L SetPptpServerCfg formSetPPTPServer stack-based overflow

A security vulnerability has been detected in Tenda JD12L 16.03.53.23. Impacted is the function formSetPPTPServer of the file /goform/SetPptpServerCfg. Such manipulation of the argument startIp leads…

| Memory Corruption
Jun 28, 2026 Jun 28, 2026
Jun 28, 2026
Jun 28, 2026
0.0 NA
CVE-2026-13514 — Chess Play and Learn App com.chess AndroidManifest.xml backup

A weakness has been identified in Chess Play and Learn App up to 4.9.42 on Android. This issue affects some unknown processing of the file AndroidManifest.xml of the component com.chess. This manipul…

| Information Disclosure
Jun 28, 2026 Jun 28, 2026
Jun 28, 2026
Jun 28, 2026
0.0 NA
CVE-2026-13513 — MyScale MyScaleDB SegmentId.h getCacheKey data authenticity

A security flaw has been discovered in MyScale MyScaleDB up to 1.8.0. This vulnerability affects the function SegmentId::getCacheKey in the library src/VectorIndex/Common/SegmentId.h. The manipulatio…

| Misconfiguration
Jun 28, 2026 Jun 28, 2026
Jun 28, 2026
Jun 28, 2026
6.5 MEDIUM
CVE-2026-13512 — Databend Tenant client_session_manager.rs state_key authorization

A vulnerability was identified in Databend up to 1.2.881 on HTTP. This affects the function ClientSessionManager::state_key of the file src/query/service/src/servers/http/v1/session/client_session_ma…

Remote | Authorization
Jun 28, 2026 Jun 28, 2026
Jun 28, 2026
Jun 28, 2026
3.1 LOW
CVE-2026-13511 — VoltAgent Memory REST API memory.handlers.ts handleGetMemoryConversation improper authori…

A vulnerability was determined in VoltAgent up to 2.1.17. Affected by this issue is the function handleGetMemoryConversation of the file packages/server-core/src/handlers/memory.handlers.ts of the co…

Remote | Authorization
Jun 28, 2026 Jun 28, 2026
Jun 28, 2026
Jun 28, 2026
3.7 LOW
CVE-2026-13510 — SimStudioAI sim Password Protection deployment.ts weak hash

A vulnerability was found in SimStudioAI sim up to 0.6.92. Affected by this vulnerability is an unknown functionality in the library apps/sim/lib/core/security/deployment.ts of the component Password…

Remote | Cryptography
Jun 28, 2026 Jun 28, 2026
Jun 28, 2026
Jun 28, 2026
6.5 MEDIUM
CVE-2026-13509 — RAGapp Knowledge File files.py FileHandler.remove_file path traversal

A vulnerability has been found in RAGapp up to 0.1.5. Affected is the function FileHandler.upload_file/FileHandler.remove_file of the file src/ragapp/backend/controllers/files.py of the component Kno…

Remote | Path Traversal
Jun 28, 2026 Jun 28, 2026
Jun 28, 2026
Jun 28, 2026
6.5 MEDIUM
CVE-2026-13508 — khoj-ai khoj Conversation Sharing api_chat.py authorization

A flaw has been found in khoj-ai khoj up to 2.0.0-beta.28. This impacts an unknown function of the file src/khoj/routers/api_chat.py of the component Conversation Sharing Handler. This manipulation o…

Remote | Authorization
Jun 28, 2026 Jun 28, 2026
Jun 28, 2026
Jun 28, 2026
5.0 MEDIUM
CVE-2026-13507 — volcengine OpenViking Local VectorDB Primary-key Label str_to_uint64.py str_to_uint64 dat…

A vulnerability was detected in volcengine OpenViking up to 0.3.21. This affects the function str_to_uint64 of the file openviking/storage/vectordb/utils/str_to_uint64.py of the component Local Vecto…

openviking | Remote | Injection
Jun 28, 2026 Jun 28, 2026
Jun 28, 2026
Jun 28, 2026
Showing 20 of 7192 Results