Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
7.5 HIGH
CVE-2026-30078 — OpenAirInterface AMF NGAP Message Validation Crash

OpenAirInterface V2.2.0 AMF crashes when it receives an NGAP message with invalid procedure code or invalid PDU-type. For example when the message specification requires InitiatingMessage but sent wi…

Remote | Denial of Service
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
8.8 HIGH
CVE-2026-3524 — Authorization Bypass in Mattermost Legal Hold Plugin Due to Missing Return After Permissi…

Mattermost Plugin Legal Hold versions <=1.1.4 fail to halt request processing after a failed authorization check in ServeHTTP which allows an authenticated attacker to access, create, download, and d…

Remote | Authorization
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
5.5 MEDIUM
CVE-2026-5650 — code-projects Online Application System for Admission oas.sql sensitive information

A vulnerability was found in code-projects Online Application System for Admission 1.0. Impacted is an unknown function of the file /enrollment/database/oas.sql. Performing a manipulation results in …

Remote | Information Disclosure
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
6.5 MEDIUM
CVE-2026-5649 — code-projects Online Application System for Admission Endpoint admsnform.php sql injection

A vulnerability has been found in code-projects Online Application System for Admission 1.0. This issue affects some unknown processing of the file /enrollment/admsnform.php of the component Endpoint…

Remote | Injection
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
7.5 HIGH
CVE-2026-5648 — code-projects Simple Laundry System Parameter userfinishregister.php sql injection

A flaw has been found in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /userfinishregister.php of the component Parameter Handler. This manipulation of …

Remote | Injection
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
4.8 MEDIUM
CVE-2026-5647 — code-projects Online Shoe Store Add Product admin_feature.php cross site scripting

A vulnerability was detected in code-projects Online Shoe Store 1.0. This affects an unknown part of the file /admin/admin_feature.php of the component Add Product Page. The manipulation of the argum…

Remote | Cross-Site Scripting
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
7.5 HIGH
CVE-2026-5646 — code-projects Easy Blog Site login.php sql injection

A security vulnerability has been detected in code-projects Easy Blog Site 1.0. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument username/p…

Remote | Injection
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
7.5 HIGH
CVE-2026-5645 — projectworlds Car Rental System Parameter pay.php sql injection

A weakness has been identified in projectworlds Car Rental System 1.0. Affected by this vulnerability is an unknown functionality of the file /pay.php of the component Parameter Handler. Executing a …

Remote | Injection
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
5.6 MEDIUM
CVE-2026-5673 — Libtheora: libtheora: denial of service or information disclosure via malformed avi file …

A flaw was found in libtheora. This heap-based out-of-bounds read vulnerability exists within the AVI (Audio Video Interleave) parser, specifically in the avi_parse_input_file() function. A local att…

| Memory Corruption
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
4.8 MEDIUM
CVE-2026-5644 — Cyber-III Student-Management-System batch-notice.php cross site scripting

A security flaw has been discovered in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. Affected is an unknown function of the file /admin/Add%20notice/batch-notice…

Remote | Cross-Site Scripting
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
4.8 MEDIUM
CVE-2026-5643 — Cyber-III Student-Management-System Admin Add Endpoint notice.php cross site scripting

A vulnerability was identified in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This impacts an unknown function of the file /admin/Add%20notice/notice.php of th…

Remote | Cross-Site Scripting
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
7.5 HIGH
CVE-2026-5642 — Cyber-III Student-Management-System HTTP POST Request update.php improper authorization

A vulnerability was determined in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This affects an unknown function of the file /viva/update.php of the component HT…

Remote | Authorization
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
6.5 MEDIUM
CVE-2026-5641 — PHPGurukul Online Shopping Portal Project Parameter update-image1.php sql injection

A vulnerability was found in PHPGurukul Online Shopping Portal Project 2.1. The impacted element is an unknown function of the file /admin/update-image1.php of the component Parameter Handler. The ma…

Remote | Injection
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
6.5 MEDIUM
CVE-2026-5640 — PHPGurukul Online Shopping Portal Project Parameter update-image2.php sql injection

A vulnerability has been found in PHPGurukul Online Shopping Portal Project 2.1. The affected element is an unknown function of the file /admin/update-image2.php of the component Parameter Handler. T…

Remote | Injection
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
6.5 MEDIUM
CVE-2026-5639 — PHPGurukul Online Shopping Portal Project Parameter update-image3.php sql injection

A flaw has been found in PHPGurukul Online Shopping Portal Project 2.1. Impacted is an unknown function of the file /admin/update-image3.php of the component Parameter Handler. Executing a manipulati…

Remote | Injection
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
5.5 MEDIUM
CVE-2026-5638 — HerikLyma CPPWebFramework path traversal

A vulnerability was detected in HerikLyma CPPWebFramework up to 3.1. This issue affects some unknown processing. Performing a manipulation results in path traversal. Remote exploitation of the attack…

Remote | Path Traversal
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
7.5 HIGH
CVE-2026-5637 — projectworlds Car Rental System Parameter message_admin.php sql injection

A security vulnerability has been detected in projectworlds Car Rental System 1.0. This vulnerability affects unknown code of the file /message_admin.php of the component Parameter Handler. Such mani…

Remote | Injection
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
3.7 LOW
CVE-2026-37977 — Keycloak: org.keycloak.protocol.oidc.grants.ciba: keycloak: information disclosure via co…

A flaw was found in Keycloak. A remote attacker can exploit a Cross-Origin Resource Sharing (CORS) header injection vulnerability in Keycloak's User-Managed Access (UMA) token endpoint. This flaw occ…

Remote | Misconfiguration
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
6.5 MEDIUM
CVE-2026-5636 — PHPGurukul Online Shopping Portal Project Parameter cancelorder.php sql injection

A weakness has been identified in PHPGurukul Online Shopping Portal Project 2.1. This affects an unknown part of the file /cancelorder.php of the component Parameter Handler. This manipulation of the…

Remote | Injection
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
6.5 MEDIUM
CVE-2026-5635 — PHPGurukul Online Shopping Portal Project Parameter categorywise-products.php sql injecti…

A security flaw has been discovered in PHPGurukul Online Shopping Portal Project 2.1. Affected by this issue is some unknown functionality of the file /categorywise-products.php of the component Para…

Remote | Injection
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
Showing 20 of 6010 Results