Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
6.5 MEDIUM
CVE-2026-16223 — 1Panel-dev CordysCRM Third Party Edit Endpoint IntegrationConfigService.java getSqlBotSrc…

A vulnerability was determined in 1Panel-dev CordysCRM up to 1.4.1. Impacted is the function getSqlBotSrc of the file backend/crm/src/main/java/cn/cordys/crm/system/service/IntegrationConfigService.j…

cordyscrm | Remote | Server-Side Request Forgery
Jul 19, 2026 Jul 19, 2026
Jul 19, 2026
Jul 19, 2026
6.5 MEDIUM
CVE-2026-16222 — 1Panel-dev CordysCRM Third Party Endpoint TokenService.java server-side request forgery

A vulnerability was found in 1Panel-dev CordysCRM up to 1.4.1. This issue affects some unknown processing of the file backend/crm/src/main/java/cn/cordys/crm/integration/sso/service/TokenService.java…

cordyscrm | Remote | Server-Side Request Forgery
Jul 19, 2026 Jul 19, 2026
Jul 19, 2026
Jul 19, 2026
5.0 MEDIUM
CVE-2026-16220 — code-projects Online Examination System account.php cross site scripting

A vulnerability has been found in code-projects Online Examination System 1.0. This vulnerability affects unknown code of the file /account.php?q=quiz. Such manipulation of the argument eid/n/t leads…

Remote | Cross-Site Scripting
Jul 19, 2026 Jul 19, 2026
Jul 19, 2026
Jul 19, 2026
6.5 MEDIUM
CVE-2026-16219 — Croogo CMS Admin File Manager FileManager.php isEditable path traversal

A flaw has been found in Croogo CMS up to 4.0.7. This affects the function FileManager::isEditable of the file FileManager/src/Utility/FileManager.php of the component Admin File Manager. This manipu…

Remote | Path Traversal
Jul 19, 2026 Jul 19, 2026
Jul 19, 2026
Jul 19, 2026
2.6 LOW
CVE-2026-16218 — hunvreus devpush Storage Reset Failure storage.py reset_storage improper check or handlin…

A vulnerability was detected in hunvreus devpush up to 0.4.6. Affected by this issue is the function reset_storage of the file app/workers/tasks/storage.py of the component Storage Reset Failure Hand…

| Misconfiguration
Jul 19, 2026 Jul 19, 2026
Jul 19, 2026
Jul 19, 2026
6.5 MEDIUM
CVE-2026-16217 — guohongze adminset Delivery Deployment Endpoint deli.py authorization

A security vulnerability has been detected in guohongze adminset up to 0.61. Affected by this vulnerability is an unknown functionality of the file delivery/deli.py of the component Delivery Deployme…

Remote | Authorization
Jul 19, 2026 Jul 19, 2026
Jul 19, 2026
Jul 19, 2026
5.0 MEDIUM
CVE-2026-16216 — geex-arts django-jet OAuth cross-site request forgery

A weakness has been identified in geex-arts django-jet up to 1.0.8. Affected is an unknown function of the component OAuth Handler. Executing a manipulation can lead to cross-site request forgery. Th…

Remote | Cross-Site Request Forgery
Jul 19, 2026 Jul 19, 2026
Jul 19, 2026
Jul 19, 2026
6.5 MEDIUM
CVE-2026-16215 — geex-arts django-jet OAuth Credential Revoke authorization

A security flaw has been discovered in geex-arts django-jet up to 1.0.8. This impacts an unknown function of the component OAuth Credential Revoke Handler. Performing a manipulation results in missin…

Remote | Authorization
Jul 19, 2026 Jul 19, 2026
Jul 19, 2026
Jul 19, 2026
6.5 MEDIUM
CVE-2026-16214 — geex-arts django-jet Dashboard views.py authorization

A vulnerability was identified in geex-arts django-jet up to 1.0.8. This affects an unknown function of the file jet/dashboard/views.py of the component Dashboard Module. Such manipulation leads to a…

Remote | Authorization
Jul 19, 2026 Jul 19, 2026
Jul 19, 2026
Jul 19, 2026
4.8 MEDIUM
CVE-2026-16213 — Fantomas42 django-blog-zinnia Protected Entry Password entry_protection.py cleartext stor…

A security flaw has been discovered in Fantomas42 django-blog-zinnia up to 0.20. Affected by this vulnerability is an unknown functionality of the file zinnia/views/mixins/entry_protection.py of the …

| Cryptography
Jul 19, 2026 Jul 19, 2026
Jul 19, 2026
Jul 19, 2026
4.2 MEDIUM
CVE-2026-16212 — awesto django-shop Purchase Stock inventory.py race condition

A vulnerability was identified in awesto django-shop up to 1.2.4. Affected is an unknown function of the file shop/models/inventory.py of the component Purchase Stock Handler. The manipulation leads …

Remote | Race Condition
Jul 19, 2026 Jul 19, 2026
Jul 19, 2026
Jul 19, 2026
2.6 LOW
CVE-2026-16211 — allegro Hostname Allocation assets.py AssetLastHostname.increment_hostname race condition

A vulnerability was determined in allegro up to bcf65b994ef29fb3fc2e10b660e6288723d5209e. This impacts the function AssetLastHostname.increment_hostname of the file src/ralph/assets/models/assets.py …

| Race Condition
Jul 19, 2026 Jul 19, 2026
Jul 19, 2026
Jul 19, 2026
7.5 HIGH
CVE-2026-16210 — newpanjing simpleui AjaxAdmin AJAX Endpoint admin.py self.get_action missing authenticati…

A vulnerability was found in newpanjing simpleui 2026.01.13. This affects the function self.get_action of the file simpleui/admin.py of the component AjaxAdmin AJAX Endpoint. Performing a manipulatio…

Remote | Authentication
Jul 19, 2026 Jul 19, 2026
Jul 19, 2026
Jul 19, 2026
7.5 HIGH
CVE-2026-16209 — Gerapy Project Upload Endpoint views.py missing authentication

A vulnerability has been found in Gerapy up to 0.9.13. The impacted element is an unknown function of the file gerapy/server/core/views.py of the component Project Upload Endpoint. Such manipulation …

Remote | Authentication
Jul 19, 2026 Jul 19, 2026
Jul 19, 2026
Jul 19, 2026
5.0 MEDIUM
CVE-2026-16208 — django-tastypie throttle.py CacheDBThrottle race condition

A flaw has been found in django-tastypie up to 0.15.1. The affected element is the function CacheThrottle/CacheDBThrottle of the file tastypie/throttle.py. This manipulation causes race condition. Th…

Remote | Race Condition
Jul 19, 2026 Jul 19, 2026
Jul 19, 2026
Jul 19, 2026
6.3 MEDIUM
CVE-2026-16207 — django-tastypie authentication.py ApiKeyAuthentication get request method with sensitive …

A vulnerability was detected in django-tastypie up to 0.15.1. Impacted is the function ApiKeyAuthentication of the file tastypie/authentication.py. The manipulation results in use of get request meth…

Remote | Information Disclosure
Jul 19, 2026 Jul 19, 2026
Jul 19, 2026
Jul 19, 2026
6.5 MEDIUM
CVE-2026-16206 — django-oauth django-oauth-toolkit oauth2_validators.py _load_id_token session expiration

A security vulnerability has been detected in django-oauth django-oauth-toolkit 3.3.0. This issue affects the function _load_id_token of the file oauth2_provider/oauth2_validators.py. The manipulatio…

Remote | Information Disclosure
Jul 19, 2026 Jul 19, 2026
Jul 19, 2026
Jul 19, 2026
3.3 LOW
CVE-2026-16205 — Pluck CMS Albums albums.admin.php htmlspecialchars_decode cross site scripting

A weakness has been identified in Pluck CMS up to 4.7.21. This vulnerability affects the function htmlspecialchars_decode of the file data/modules/albums/albums.admin.php of the component Albums Modu…

Remote | Cross-Site Scripting
Jul 19, 2026 Jul 19, 2026
Jul 19, 2026
Jul 19, 2026
7.5 HIGH
CVE-2026-16204 — zevorn rt-claw Telegram-to-AI Tool Execution Flow script.c tool_run_script_execute code i…

A security flaw has been discovered in zevorn rt-claw up to 0.2.0. This affects the function tool_run_script_execute of the file claw/services/tools/script.c of the component Telegram-to-AI Tool Exec…

Remote | Injection
Jul 19, 2026 Jul 19, 2026
Jul 19, 2026
Jul 19, 2026
4.0 MEDIUM
CVE-2026-16203 — SourceCodester Class and Exam Timetabling System forCYS.php cross site scripting

A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. Affected by this issue is some unknown functionality of the file /forCYS.php. Such manipulation of the argument…

class_and_exam_timetabling_system | Remote | Cross-Site Scripting
Jul 19, 2026 Jul 19, 2026
Jul 19, 2026
Jul 19, 2026
Showing 20 of 7788 Results