Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
4.3 MEDIUM
CVE-2026-3568 — MStore API <= 4.18.3 - Authenticated (Subscriber+) Insecure Direct Object Reference to Ar…

The MStore API plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.18.3. This is due to the update_user_profile() function in controllers/f…

mstore_api | Remote | Authorization
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
7.5 HIGH
CVE-2026-5832 — atototo api-lab-mcp HTTP http-server.ts test_http_endpoint server-side request forgery

A weakness has been identified in atototo api-lab-mcp up to 0.2.1. This affects the function analyze_api_spec/generate_test_scenarios/test_http_endpoint of the file src/mcp/http-server.ts of the comp…

Remote | Server-Side Request Forgery
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
6.5 MEDIUM
CVE-2026-5831 — Agions taskflow-ai terminal_execute handlers.ts os command injection

A security flaw has been discovered in Agions taskflow-ai up to 2.1.8. This impacts an unknown function of the file src/mcp/server/handlers.ts of the component terminal_execute. Performing a manipula…

Remote | Injection
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
9.0 HIGH
CVE-2026-5830 — Tenda AC15 SysToolChangePwd websGetVar stack-based overflow

A vulnerability was identified in Tenda AC15 15.03.05.18. This affects the function websGetVar of the file /goform/SysToolChangePwd. Such manipulation of the argument oldPwd/newPwd/cfmPwd leads to st…

ac15_firmware | Remote | Memory Corruption
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
7.5 HIGH
CVE-2026-5829 — code-projects Simple IT Discussion Forum content.php sql injection

A vulnerability was determined in code-projects Simple IT Discussion Forum 1.0. The impacted element is an unknown function of the file /pages/content.php. This manipulation of the argument post_id c…

Remote | Injection
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
7.5 HIGH
CVE-2026-5828 — code-projects Simple IT Discussion Forum addcomment.php sql injection

A vulnerability was found in code-projects Simple IT Discussion Forum 1.0. The affected element is an unknown function of the file /functions/addcomment.php. The manipulation of the argument postid r…

Remote | Injection
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
8.8 HIGH
CVE-2026-4326 — Vertex Addons for Elementor <= 1.6.4 - Missing Authorization to Authenticated (Subscriber…

The Vertex Addons for Elementor plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.6.4. This is due to improper authorization enforcement in the activat…

Remote | Authorization
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
7.5 HIGH
CVE-2026-5827 — code-projects Simple IT Discussion Forum question-function.php sql injection

A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. Impacted is an unknown function of the file /question-function.php. The manipulation of the argument content leads to s…

Remote | Injection
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
5.3 MEDIUM
CVE-2026-5826 — code-projects Simple IT Discussion Forum edit-category.php cross site scripting

A flaw has been found in code-projects Simple IT Discussion Forum 1.0. This issue affects some unknown processing of the file /edit-category.php. Executing a manipulation of the argument Category can…

Remote | Cross-Site Scripting
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
5.3 MEDIUM
CVE-2026-5825 — code-projects Simple Laundry System delmemberinfo.php cross site scripting

A vulnerability was detected in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /delmemberinfo.php. Performing a manipulation of the argument userid resul…

simple_laundry_system | Remote | Cross-Site Scripting
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
7.5 HIGH
CVE-2026-5824 — code-projects Simple Laundry System userchecklogin.php sql injection

A security vulnerability has been detected in code-projects Simple Laundry System 1.0. This affects an unknown part of the file /userchecklogin.php. Such manipulation of the argument userid leads to …

simple_laundry_system | Remote | Injection
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
6.5 MEDIUM
CVE-2026-5823 — itsourcecode Construction Management System borrowed_tool_report.php sql injection

A weakness has been identified in itsourcecode Construction Management System 1.0. Affected by this issue is some unknown functionality of the file /borrowed_tool_report.php. This manipulation of the…

Remote | Injection
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
9.0 HIGH
CVE-2026-5815 — D-Link DIR-645 hedwig.cgi hedwigcgi_main stack-based overflow

A vulnerability was detected in D-Link DIR-645 1.01/1.02/1.03. Impacted is the function hedwigcgi_main of the file /cgi-bin/hedwig.cgi. The manipulation results in stack-based buffer overflow. The at…

dir-645_firmware | Remote | Memory Corruption
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
7.5 HIGH
CVE-2026-5814 — PHPGurukul Online Course Registration check_availability.php sql injection

A security vulnerability has been detected in PHPGurukul Online Course Registration 3.1. This issue affects some unknown processing of the file /admin/check_availability.php. The manipulation of the …

online_course_registration | Remote | Injection
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
7.5 HIGH
CVE-2026-5813 — PHPGurukul Online Course Registration check_availability.php sql injection

A weakness has been identified in PHPGurukul Online Course Registration 3.1. This vulnerability affects unknown code of the file /check_availability.php. Executing a manipulation of the argument cid …

online_course_registration | Remote | Injection
Apr 08, 2026 Apr 08, 2026
Apr 08, 2026
Apr 08, 2026
5.5 MEDIUM
CVE-2026-5812 — SourceCodester Pharmacy Product Management System POST Parameter add-sales.php logic error

A security flaw has been discovered in SourceCodester Pharmacy Product Management System 1.0. This affects an unknown part of the file add-sales.php of the component POST Parameter Handler. Performin…

Remote | Injection
Apr 08, 2026 Apr 08, 2026
Apr 08, 2026
Apr 08, 2026
5.5 MEDIUM
CVE-2026-5811 — SourceCodester Online Food Ordering System POST Parameter Actions.php save_product logic …

A vulnerability was identified in SourceCodester Online Food Ordering System 1.0. Affected by this issue is the function save_product of the file /Actions.php of the component POST Parameter Handler.…

online_food_ordering_system | Remote | Injection
Apr 08, 2026 Apr 08, 2026
Apr 08, 2026
Apr 08, 2026
8.5 HIGH
CVE-2026-5173 — Exposed Dangerous Method or Function in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.9.6 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user to invoke u…

gitlab | Remote | Authorization
Apr 08, 2026 Apr 08, 2026
Apr 08, 2026
Apr 08, 2026
2.7 LOW
CVE-2026-4916 — Missing Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with custom r…

gitlab | Remote | Authorization
Apr 08, 2026 Apr 08, 2026
Apr 08, 2026
Apr 08, 2026
5.4 MEDIUM
CVE-2026-4332 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in G…

GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that, in customizable analytics dashboards, could have allowed…

gitlab | Remote | Cross-Site Scripting
Apr 08, 2026 Apr 08, 2026
Apr 08, 2026
Apr 08, 2026
Showing 20 of 6620 Results