Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
4.3 MEDIUM
CVE-2026-48102 — GHSL-2026-118: 7-Zip UDF Field OOB Read

7-Zip is a file archiver with a high compression ratio. Versions 9.11 through 26.00 contain a heap out-of-bounds read of up to 3 bytes in the UDF disc image handler's File Identifier Descriptor parse…

7-zip | Remote | Memory Corruption
Jun 05, 2026 Jun 17, 2026
Jun 05, 2026
Jun 17, 2026
6.5 MEDIUM
CVE-2026-48101 — GHSL-2026-117: 7-Zip UEFI Capsule uninitialized heap memory disclosure

7-Zip is a file archiver with a high compression ratio. Versions 9.21 through 26.00 contain an An uninitialized memory disclosure vulnerability in the UEFI capsule (.scap) parser in 7-Zip. The OpenCa…

7-zip | Remote | Memory Corruption
Jun 05, 2026 Jun 17, 2026
Jun 05, 2026
Jun 17, 2026
9.8 CRITICAL
CVE-2026-11362 — DataDog::DogStatsd versions through 0.07 for Perl allow metric injections from event tags

DataDog::DogStatsd versions through 0.07 for Perl allow metric injections from event tags. DataDog::DogStatsd does not properly sanitise input, allowing metric injections of data from untrusted sour…

datadog\ | Remote | Injection
Jun 05, 2026 Jun 17, 2026
Jun 05, 2026
Jun 17, 2026
6.5 MEDIUM
CVE-2026-11336 — tittuvarghese CollegeManagementSystem Admin admin_page.php improper authorization

A vulnerability has been found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. Affected is an unknown function of the file …

collegemanagementsystem | Remote | Authorization
Jun 05, 2026 Jun 17, 2026
Jun 05, 2026
Jun 17, 2026
8.8 HIGH
CVE-2026-48095 — GHSL-2026-140_7-Zip: 7-Zip has a heap buffer overflow via NTFS compressed stream buffer u…

7-Zip is a file archiver with a high compression ratio. Versions 26.00 and prior contain a heap buffer overflow vulnerability caused by an under-allocation in the NTFS compressed stream buffer (GetCu…

7-zip | Remote | Memory Corruption
Jun 05, 2026 Jun 17, 2026
Jun 05, 2026
Jun 17, 2026
8.1 HIGH
CVE-2026-48092 — 7-Zip SquashFS Fragment Offset Overflow (GHSL-2026-116)

7-Zip is a file archiver with a high compression ratio. Versions 9.34 through 26.00 contain a heap memory disclosure via SquashFS fragment offset integer overflow on 32-bit builds. 32-bit integer ove…

7-zip | Remote | Memory Corruption
Jun 05, 2026 Jun 17, 2026
Jun 05, 2026
Jun 17, 2026
6.1 MEDIUM
CVE-2026-38579 — Damasac thaipalliative_lte Reflected Cross-Site Scripting

Multiple reflected Cross-Site Scripting (XSS) vulnerabilities in damasac thaipalliative_lte through version 3.0 allow remote attackers to inject arbitrary web script or HTML via the idFormMain parame…

Remote | Cross-Site Scripting
Jun 05, 2026 Jun 17, 2026
Jun 05, 2026
Jun 17, 2026
6.5 MEDIUM
CVE-2026-37737 — Sanic-CORS Regex Bypass Vulnerability

sanic-cors version 2.2.0 and prior contains an improper regular expression in the try_match() function in sanic_cors/core.py that uses re.match without end-anchoring. This allows an attacker to bypas…

Remote | Authorization
Jun 05, 2026 Jun 17, 2026
Jun 05, 2026
Jun 17, 2026
7.5 HIGH
CVE-2026-11335 — tittuvarghese CollegeManagementSystem login-form.php session_start session fixiation

A flaw has been found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. This impacts the function session_start of the file /…

collegemanagementsystem | Remote | Authentication
Jun 05, 2026 Jun 17, 2026
Jun 05, 2026
Jun 17, 2026
7.5 HIGH
CVE-2026-11334 — tittuvarghese CollegeManagementSystem fetch.php sql injection

A vulnerability was detected in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. This affects an unknown function of the file d…

collegemanagementsystem | Remote | Injection
Jun 05, 2026 Jun 17, 2026
Jun 05, 2026
Jun 17, 2026
6.5 MEDIUM
CVE-2026-11333 — tittuvarghese CollegeManagementSystem Student Data Upload Endpoint upload_student_data.ph…

A security vulnerability has been detected in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. The impacted element is an unkno…

collegemanagementsystem | Remote | Misconfiguration
Jun 05, 2026 Jun 17, 2026
Jun 05, 2026
Jun 17, 2026
9.8 CRITICAL
CVE-2026-10879 — DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements wi…

DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders. The preparse method expands SQL placeholder characters to numbered binders of the for…

dbi | Remote | Memory Corruption
Jun 05, 2026 Jun 17, 2026
Jun 05, 2026
Jun 17, 2026
7.1 HIGH
CVE-2025-59174 — Ericsson Packet Core Controller Denial of Service

Ericsson Packet Core Controller (PCC) versions prior to 1.39 contain a vulnerability where an attacker sending a large volume of specially crafted messages may cause service degradation.

packet_core_controller | Denial of Service
Jun 05, 2026 Jun 17, 2026
Jun 05, 2026
Jun 17, 2026
5.3 MEDIUM
CVE-2020-25900 — HelloTalk GPS Data Leak

HelloTalk through 3.4.1 stores full-precision GPS coordinates even when the user had intended to share only a country or city. Furthermore, these coordinates are placed into a database on the client …

Remote | Information Disclosure
Jun 05, 2026 Jun 17, 2026
Jun 05, 2026
Jun 17, 2026
Showing 20 of 7454 Results