Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
9.0 HIGH
CVE-2026-13563 — Edimax EW-7478APC POST Request formL2TPSetup stack-based overflow

A vulnerability has been found in Edimax EW-7478APC 1.04. This impacts the function formL2TPSetup of the file /goform/formL2TPSetup of the component POST Request Handler. Such manipulation of the arg…

ew-7478apc | Remote | Memory Corruption
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
9.0 HIGH
CVE-2026-13562 — Edimax EW-7478APC POST Request formiNICSiteSurvey buffer overflow

A flaw has been found in Edimax EW-7478APC 1.04. This affects the function formiNICSiteSurvey of the file /goform/formiNICSiteSurvey of the component POST Request Handler. This manipulation of the ar…

ew-7478apc | Remote | Memory Corruption
Jun 29, 2026 Jul 01, 2026
Jun 29, 2026
Jul 01, 2026
6.5 MEDIUM
CVE-2026-13561 — Edimax EW-7478APC POST Request formiNICbasic os command injection

A vulnerability was detected in Edimax EW-7478APC 1.04. The impacted element is the function formiNICbasic of the file /goform/formiNICbasic of the component POST Request Handler. The manipulation of…

ew-7478apc | Remote | Injection
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
6.5 MEDIUM
CVE-2026-13560 — Edimax EW-7478APC POST Request formAccept os command injection

A security vulnerability has been detected in Edimax EW-7478APC 1.04. The affected element is the function formAccept of the file /goform/formAccept of the component POST Request Handler. The manipul…

ew-7478apc | Remote | Injection
Jun 29, 2026 Jun 30, 2026
Jun 29, 2026
Jun 30, 2026
7.5 HIGH
CVE-2026-13559 — code-projects Real State Services single-list_sale.php add sql injection

A weakness has been identified in code-projects Real State Services 1.0. Impacted is an unknown function of the file /single-list_sale.php?action=add. Executing a manipulation of the argument ID can …

real_state_services | Remote | Injection
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
4.0 MEDIUM
CVE-2026-13558 — CodeAstro Complaint Management System Report addreport cross site scripting

A security flaw has been discovered in CodeAstro Complaint Management System 1.0. This issue affects some unknown processing of the file /report/addreport of the component Report Handler. Performing …

complaint_management_system | Remote | Cross-Site Scripting
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
7.1 HIGH
CVE-2026-57346 — WordPress Embed Privacy plugin <= 1.12.3 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Epiphyt Embed Privacy allows Path Traversal. This issue affects Embed Privacy: from n/a through 1.12.3.

embed_privacy | Remote | Path Traversal
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
8.8 HIGH
CVE-2026-25707 — Handcrafted repo metadata may cause arbitrary local files to be overwritten by libzypp

A relative path traversal bug problem when processing repository metadata in libzypp before 17.38.10 could be used by remote attackers supplying repositories to overwrite files on the system, leading…

libzypp | Remote | Path Traversal
Jun 29, 2026 Jun 30, 2026
Jun 29, 2026
Jun 30, 2026
7.1 HIGH
CVE-2026-13601 — Yelp: yelp-xsl: overly permissive content security policy in yelp allows host file disclo…

A flaw was found in Yelp due to an overly permissive Content Security Policy (CSP) implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenU…

enterprise_linux enterprise_linux | Misconfiguration
Jun 29, 2026 Jun 30, 2026
Jun 29, 2026
Jun 30, 2026
5.0 MEDIUM
CVE-2026-13557 — itsourcecode Online Hotel Management System POST Request controller.php add cross site sc…

A vulnerability was identified in itsourcecode Online Hotel Management System 1.0. This vulnerability affects unknown code of the file /admin/mod_room/controller.php?action=add of the component POST …

online_hotel_management_system | Remote | Cross-Site Scripting
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
5.0 MEDIUM
CVE-2026-13556 — itsourcecode Online Hotel Management System POST Request controller.php edit cross site s…

A vulnerability was determined in itsourcecode Online Hotel Management System 1.0. This affects an unknown part of the file /admin/mod_users/controller.php?action=edit of the component POST Request H…

online_hotel_management_system | Remote | Cross-Site Scripting
Jun 29, 2026 Jul 01, 2026
Jun 29, 2026
Jul 01, 2026
7.5 HIGH
CVE-2026-13555 — itsourcecode Online Hotel Management System controller.php add sql injection

A vulnerability was found in itsourcecode Online Hotel Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/mod_users/controller.php?action=add. The manipula…

online_hotel_management_system | Remote | Injection
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
5.0 MEDIUM
CVE-2026-13554 — itsourcecode Online Hotel Management System POST Request controller.php add cross site sc…

A vulnerability has been found in itsourcecode Online Hotel Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/mod_amenities/controller.php?action=ad…

online_hotel_management_system | Remote | Cross-Site Scripting
Jun 29, 2026 Jun 30, 2026
Jun 29, 2026
Jun 30, 2026
7.5 HIGH
CVE-2026-13553 — itsourcecode Online Hotel Management System controller.php add unrestricted upload

A flaw has been found in itsourcecode Online Hotel Management System 1.0. Affected is an unknown function of the file /admin/mod_amenities/controller.php?action=add. Executing a manipulation of the a…

online_hotel_management_system | Remote | Misconfiguration
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
7.5 HIGH
CVE-2026-13552 — itsourcecode Online Hotel Management System controller.php edit sql injection

A vulnerability was detected in itsourcecode Online Hotel Management System 1.0. This impacts an unknown function of the file /admin/mod_amenities/controller.php?action=edit. Performing a manipulatio…

online_hotel_management_system | Remote | Injection
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
6.9 MEDIUM
CVE-2026-9267 — tinydtls Out-of-Bounds Read in Certificate Handling

Eclipse tinydtls before commit b3efd41ad111a4920f599f51ffa4f5e9f1e72221 contains an out-of-bounds read vulnerability in the check_server_certificate() function that allows unauthenticated attackers t…

tinydtls | Remote | Memory Corruption
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
4.4 MEDIUM
CVE-2026-57966 — Spice-vdagent: path traversal in file transfer via unsanitized filename

A path traversal vulnerability was found in spice-vdagent. This flaw allows a malicious or compromised SPICE host to write arbitrary files to any location on the guest operating system. This occurs b…

Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
5.1 MEDIUM
CVE-2026-57965 — Spice-vdagent: integer overflow in udscs_write() leading to heap buffer overflow

A flaw was found in spice-vdagent. A malicious or compromised SPICE host can trigger an integer overflow by sending a specially crafted message. This vulnerability can lead to a heap buffer overflow,…

enterprise_linux enterprise_linux | Denial of Service
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
4.3 MEDIUM
CVE-2026-57676 — WordPress Simple User Avatar plugin <= 4.9 - Insecure Direct Object References (IDOR) vul…

Authorization Bypass Through User-Controlled Key vulnerability in Matteo Manna Simple User Avatar allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Simple U…

Remote | Authorization
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
7.3 HIGH
CVE-2026-22078 — O+ Connect's lack of authentication for IPC channels led to a local privilege escalation …

Because O+ Connect's IPC service does not authenticate clients, external applications can escalate privileges and perform sensitive actions through the IPC channel.

| Authentication
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
Showing 20 of 7989 Results