Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
0.0 NA
CVE-2026-5553 — itsourcecode Online Cellphone System Parameter available.php sql injection

A vulnerability was identified in itsourcecode Online Cellphone System 1.0. Affected by this vulnerability is an unknown functionality of the file /cp/available.php of the component Parameter Handler…

| Injection
Apr 05, 2026 Apr 05, 2026
Apr 05, 2026
Apr 05, 2026
0.0 NA
CVE-2026-5552 — PHPGurukul Online Shopping Portal Project Parameter sub-category.php sql injection

A weakness has been identified in PHPGurukul Online Shopping Portal Project 2.1. This issue affects some unknown processing of the file /sub-category.php of the component Parameter Handler. This mani…

| Injection
Apr 05, 2026 Apr 05, 2026
Apr 05, 2026
Apr 05, 2026
9.0 HIGH
CVE-2026-5550 — Tenda AC10 httpd fromSysToolChangePwd stack-based overflow

A vulnerability was identified in Tenda AC10 16.03.10.10_multi_TDE01. This affects the function fromSysToolChangePwd of the file /bin/httpd. The manipulation leads to stack-based buffer overflow. The…

Remote | Memory Corruption
Apr 05, 2026 Apr 05, 2026
Apr 05, 2026
Apr 05, 2026
5.5 MEDIUM
CVE-2026-5549 — Tenda AC10 RSA 2048-bit Private Key privkeySrv.pem hard-coded key

A vulnerability was determined in Tenda AC10 16.03.10.10_multi_TDE01. Affected by this issue is some unknown functionality of the file /webroot_ro/pem/privkeySrv.pem of the component RSA 2048-bit Pri…

Remote | Cryptography
Apr 05, 2026 Apr 05, 2026
Apr 05, 2026
Apr 05, 2026
9.0 HIGH
CVE-2026-5548 — Tenda AC10 httpd fromSysToolChangePwd stack-based overflow

A vulnerability was found in Tenda AC10 16.03.10.10_multi_TDE01. Affected by this vulnerability is the function fromSysToolChangePwd of the file /bin/httpd. Performing a manipulation of the argument …

Remote | Memory Corruption
Apr 05, 2026 Apr 05, 2026
Apr 05, 2026
Apr 05, 2026
6.5 MEDIUM
CVE-2026-5547 — Tenda AC10 httpd formAddMacfilterRule os command injection

A vulnerability has been found in Tenda AC10 16.03.10.10_multi_TDE01. Affected is the function formAddMacfilterRule of the file /bin/httpd. Such manipulation leads to os command injection. It is poss…

Remote | Injection
Apr 05, 2026 Apr 05, 2026
Apr 05, 2026
Apr 05, 2026
0.0 NA
CVE-2026-5551 — itsourcecode Free Hotel Reservation System Parameter login.php sql injection

A security flaw has been discovered in itsourcecode Free Hotel Reservation System 1.0. This vulnerability affects unknown code of the file /hotel/admin/login.php of the component Parameter Handler. T…

| Injection
Apr 05, 2026 Apr 05, 2026
Apr 05, 2026
Apr 05, 2026
6.5 MEDIUM
CVE-2026-5546 — Campcodes Complete Online Learning Management System Crud_model.php add_lesson unrestrict…

A flaw has been found in Campcodes Complete Online Learning Management System 1.0. This impacts the function add_lesson of the file /application/models/Crud_model.php. This manipulation causes unrest…

Remote | Misconfiguration
Apr 05, 2026 Apr 05, 2026
Apr 05, 2026
Apr 05, 2026
9.0 HIGH
CVE-2026-5544 — UTT HiPER 1250GW formRemoteControl stack-based overflow

A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. The impacted element is an unknown function of the file /goform/formRemoteControl. The manipulation of the argument …

Remote | Memory Corruption
Apr 05, 2026 Apr 05, 2026
Apr 05, 2026
Apr 05, 2026
6.5 MEDIUM
CVE-2026-5543 — PHPGurukul User Registration & Login and User Management System yesterday-reg-users.php s…

A vulnerability was identified in PHPGurukul User Registration & Login and User Management System 3.3. The affected element is an unknown function of the file /admin/yesterday-reg-users.php. The mani…

Remote | Injection
Apr 05, 2026 Apr 05, 2026
Apr 05, 2026
Apr 05, 2026
5.3 MEDIUM
CVE-2026-5542 — code-projects Simple Laundry System Parameter modstaffinfo.php cross site scripting

A vulnerability was determined in code-projects Simple Laundry System 1.0. Impacted is an unknown function of the file /modstaffinfo.php of the component Parameter Handler. Executing a manipulation o…

Remote | Cross-Site Scripting
Apr 05, 2026 Apr 05, 2026
Apr 05, 2026
Apr 05, 2026
5.3 MEDIUM
CVE-2026-5541 — code-projects Simple Laundry System Parameter modmemberinfo.php cross site scripting

A vulnerability was found in code-projects Simple Laundry System 1.0. This issue affects some unknown processing of the file /modmemberinfo.php of the component Parameter Handler. Performing a manipu…

Remote | Cross-Site Scripting
Apr 05, 2026 Apr 05, 2026
Apr 05, 2026
Apr 05, 2026
7.5 HIGH
CVE-2026-5540 — code-projects Simple Laundry System Parameter modifymember.php sql injection

A vulnerability has been found in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /modifymember.php of the component Parameter Handler. Such manipulation …

Remote | Injection
Apr 05, 2026 Apr 05, 2026
Apr 05, 2026
Apr 05, 2026
6.4 MEDIUM
CVE-2026-5590 — net: ip/tcp: Null pointer dereference can be triggered by a race condition

A race condition during TCP connection teardown can cause tcp_recv() to operate on a connection that has already been released. If tcp_conn_search() returns NULL while processing a SYN packet, a NULL…

Remote | Race Condition
Apr 05, 2026 Apr 05, 2026
Apr 05, 2026
Apr 05, 2026
5.3 MEDIUM
CVE-2026-5539 — code-projects Simple Laundry System Parameter modifymember.php cross site scripting

A flaw has been found in code-projects Simple Laundry System 1.0. This affects an unknown part of the file /modifymember.php of the component Parameter Handler. This manipulation of the argument firs…

Remote | Cross-Site Scripting
Apr 05, 2026 Apr 05, 2026
Apr 05, 2026
Apr 05, 2026
6.5 MEDIUM
CVE-2026-5538 — QingdaoU OnlineJudge judge_server_heartbeat Endpoint JudgeServer.service_url server-side …

A vulnerability was detected in QingdaoU OnlineJudge up to 1.6.1. Affected by this issue is the function service_url of the file JudgeServer.service_url of the component judge_server_heartbeat Endpoi…

Remote | Server-Side Request Forgery
Apr 05, 2026 Apr 05, 2026
Apr 05, 2026
Apr 05, 2026
6.5 MEDIUM
CVE-2026-5537 — halex CourseSEL HTTP GET Parameter IndexController.class.php check_sel sql injection

A security vulnerability has been detected in halex CourseSEL up to 1.1.0. Affected by this vulnerability is the function check_sel of the file Apps/Index/Controller/IndexController.class.php of the …

Remote | Injection
Apr 05, 2026 Apr 05, 2026
Apr 05, 2026
Apr 05, 2026
7.5 HIGH
CVE-2026-5536 — FedML-AI FedML gRPC server grpc_server.py sendMessage deserialization

A weakness has been identified in FedML-AI FedML up to 0.8.9. Affected is the function sendMessage of the file grpc_server.py of the component gRPC server. Executing a manipulation can lead to deseri…

Remote | Injection
Apr 05, 2026 Apr 05, 2026
Apr 05, 2026
Apr 05, 2026
5.3 MEDIUM
CVE-2026-5535 — FedML-AI FedML MQTT Message FileUtils.java path traversal

A security flaw has been discovered in FedML-AI FedML up to 0.8.9. This impacts an unknown function of the file FileUtils.java of the component MQTT Message Handler. Performing a manipulation of the …

Remote | Path Traversal
Apr 05, 2026 Apr 05, 2026
Apr 05, 2026
Apr 05, 2026
7.5 HIGH
CVE-2026-5534 — itsourcecode Online Enrollment System Parameter index.php sql injection

A vulnerability was identified in itsourcecode Online Enrollment System 1.0. This affects an unknown function of the file /sms/user/index.php?view=edit&id=10 of the component Parameter Handler. Such …

Remote | Injection
Apr 05, 2026 Apr 05, 2026
Apr 05, 2026
Apr 05, 2026
Showing 20 of 5905 Results