Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
6.5 MEDIUM
CVE-2026-10209 — code-projects Online Hospital Management System Appointment appointmentdetail.php sql inj…

A vulnerability has been found in code-projects Online Hospital Management System 1.0. Affected is an unknown function of the file appointmentdetail.php of the component Appointment Handler. The mani…

online_hospital_management_system | Remote | Injection
Jun 01, 2026 Jun 01, 2026
Jun 01, 2026
Jun 01, 2026
7.5 HIGH
CVE-2026-10208 — code-projects Online Hospital Management System login_1.php login_user sql injection

A flaw has been found in code-projects Online Hospital Management System 1.php. This impacts the function login_user of the file login_1.php. Executing a manipulation of the argument Username can lea…

online_hospital_management_system | Remote | Injection
Jun 01, 2026 Jun 01, 2026
Jun 01, 2026
Jun 01, 2026
9.0 HIGH
CVE-2026-10206 — D-Link DI-8400 dbsrv.asp stack-based overflow

A vulnerability was detected in D-Link DI-8400 up to 16.07.26A1. This affects an unknown function of the file /dbsrv.asp. Performing a manipulation of the argument str results in stack-based buffer o…

di-8400_firmware | Remote | Memory Corruption
Jun 01, 2026 Jun 01, 2026
Jun 01, 2026
Jun 01, 2026
6.5 MEDIUM
CVE-2026-10205 — Metasoft 美特软件 MetaCRM upload.jsp unrestricted upload

A security vulnerability has been detected in Metasoft 美特软件 MetaCRM 6.4.0. The impacted element is an unknown function of the file develop/systparam/softlogo/upload.jsp. Such manipulation leads to un…

metacrm metacrm | Remote | Misconfiguration
Jun 01, 2026 Jun 01, 2026
Jun 01, 2026
Jun 01, 2026
6.5 MEDIUM
CVE-2026-10204 — OFCMS JSON Query SysUserController.java query sql injection

A weakness has been identified in OFCMS 1.1.3. The affected element is the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SysUserController.java of the c…

ofcms | Remote | Injection
Jun 01, 2026 Jun 01, 2026
Jun 01, 2026
Jun 01, 2026
6.5 MEDIUM
CVE-2026-10203 — OFCMS JSON Query SystemParamController.java query sql injection

A security flaw has been discovered in OFCMS 1.1.3. Impacted is the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SystemParamController.java of the comp…

ofcms | Remote | Injection
Jun 01, 2026 Jun 01, 2026
Jun 01, 2026
Jun 01, 2026
6.5 MEDIUM
CVE-2026-10202 — OFCMS JSON Query SystemDictController.java query sql injection

A vulnerability was identified in OFCMS 1.1.3. This issue affects the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SystemDictController.java of the com…

ofcms | Remote | Injection
Jun 01, 2026 Jun 01, 2026
Jun 01, 2026
Jun 01, 2026
3.3 LOW
CVE-2026-10201 — Assimp UV Channel FBXExporter.cpp WriteObjects divide by zero

A vulnerability was determined in Assimp up to 6.0.4. This vulnerability affects the function FBXExporter::WriteObjects of the file FBXExporter.cpp of the component UV Channel Handler. Executing a ma…

assimp | Denial of Service
Jun 01, 2026 Jun 01, 2026
Jun 01, 2026
Jun 01, 2026
5.3 MEDIUM
CVE-2026-10200 — Assimp 4x4 Matrix glTFCommon.h CopyValue heap-based overflow

A vulnerability was found in Assimp up to 6.0.4. This affects the function glTFCommon::CopyValue in the library glTFCommon.h of the component 4x4 Matrix Parser. Performing a manipulation results in h…

assimp | Memory Corruption
May 31, 2026 May 31, 2026
May 31, 2026
May 31, 2026
3.3 LOW
CVE-2026-10199 — Assimp glTF2Asset.h LazyDict null pointer dereference

A vulnerability has been found in Assimp up to 6.0.4. Affected by this issue is the function glTF2::LazyDict in the library glTF2Asset.h. Such manipulation of the argument operator[] leads to null po…

assimp | Memory Corruption
May 31, 2026 May 31, 2026
May 31, 2026
May 31, 2026
3.3 LOW
CVE-2026-10198 — Assimp glTFImporter glTFImporter.cpp ImportMeshes null pointer dereference

A flaw has been found in Assimp up to 6.0.4. Affected by this vulnerability is the function Assimp::glTFImporter::ImportMeshes of the file glTFImporter.cpp of the component glTFImporter. This manipul…

assimp | Memory Corruption
May 31, 2026 May 31, 2026
May 31, 2026
May 31, 2026
5.7 MEDIUM
CVE-2026-48210 — Possible information disclosure via External Interface

An improper default configuration in OTRS 2026.3.1 causes ticket article forwarding actions to enforce the “Is visible for customer” flag by default and prevent users from disabling it via the UI. Th…

otrs | Remote | Misconfiguration
May 31, 2026 May 31, 2026
May 31, 2026
May 31, 2026
3.3 LOW
CVE-2026-10197 — Assimp TF File glTF2Importer.cpp ImportEmbeddedTextures null pointer dereference

A vulnerability was detected in Assimp up to 6.0.4. Affected is the function glTF2Importer::ImportEmbeddedTextures in the library code/AssetLib/glTF2/glTF2Importer.cpp of the component TF File Handle…

assimp | Memory Corruption
May 31, 2026 May 31, 2026
May 31, 2026
May 31, 2026
0.0 NA
CVE-2026-8796 — Sereal::Decoder versions before 5.005 for Perl allow heap out-of-bounds read via crafted …

Sereal::Decoder versions before 5.005 for Perl allow heap out-of-bounds read via crafted input. In Perl/Decoder/srl_decoder.c, srl_read_object() and srl_read_hash() process a COPY tag, a back-refere…

sereal\ | Memory Corruption
May 31, 2026 May 31, 2026
May 31, 2026
May 31, 2026
6.5 MEDIUM
CVE-2026-10194 — OFFIS DCMTK dcmqrscp dcmqrdbi.cc deleteOldestImages heap-based overflow

A weakness has been identified in OFFIS DCMTK 3.7.0. This affects the function DcmQueryRetrieveIndexDatabaseHandle::deleteOldestImages of the file dcmqrdb/libsrc/dcmqrdbi.cc of the component dcmqrscp…

dcmtk | Remote | Memory Corruption
May 31, 2026 May 31, 2026
May 31, 2026
May 31, 2026
6.5 MEDIUM
CVE-2026-10193 — OFCMS ComnController ComnController.java query sql injection

A security flaw has been discovered in OFCMS up to 1.1.3. The impacted element is the function Query of the file ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\ComnController.java of the c…

ofcms | Remote | Injection
May 31, 2026 May 31, 2026
May 31, 2026
May 31, 2026
9.0 HIGH
CVE-2026-10192 — Tenda W12 httpd set_local_time_0 stack-based overflow

A vulnerability was identified in Tenda W12 3.0.0.7(4763). The affected element is the function set_local_time_0 of the file /bin/httpd. Such manipulation of the argument Time leads to stack-based bu…

w12_firmware w12 | Remote | Memory Corruption
May 31, 2026 May 31, 2026
May 31, 2026
May 31, 2026
9.0 HIGH
CVE-2026-10191 — Tenda W12 httpd cgiWifiMacFilterSet stack-based overflow

A vulnerability was determined in Tenda W12 3.0.0.7(4763). Impacted is the function cgiWifiMacFilterSet of the file /bin/httpd. This manipulation of the argument wifiMacFilterSet.macList.mac causes s…

w12_firmware w12 | Remote | Memory Corruption
May 31, 2026 May 31, 2026
May 31, 2026
May 31, 2026
6.8 MEDIUM
CVE-2026-10190 — Tenda W12 Web Management httpd cgiSysWebTimeoutSet denial of service

A vulnerability was found in Tenda W12 3.0.0.7(4763). This issue affects the function cgiSysWebTimeoutSet of the file /bin/httpd of the component Web Management Interface. The manipulation of the arg…

w12_firmware w12 | Remote | Denial of Service
May 31, 2026 May 31, 2026
May 31, 2026
May 31, 2026
9.0 HIGH
CVE-2026-10189 — Tenda W12 httpd cgiSysTimeInfoSet stack-based overflow

A vulnerability has been found in Tenda W12 3.0.0.7(4763). This vulnerability affects the function cgiSysTimeInfoSet of the file /bin/httpd. The manipulation of the argument sec leads to stack-based …

w12_firmware w12 | Remote | Memory Corruption
May 31, 2026 May 31, 2026
May 31, 2026
May 31, 2026
Showing 20 of 6709 Results