Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
3.3 LOW
CVE-2026-9564 — SourceCodester/oretnom23 Hospitals Patient Records Management System view_patient cross s…

A vulnerability was found in SourceCodester/oretnom23 Hospitals Patient Records Management System 1.0. The impacted element is an unknown function of the file /admin/?page=patients/view_patient. Perf…

May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
7.5 HIGH
CVE-2026-9562 — sambitraj STUDENT-MANAGEMENT-SYSTEM Dashboard access control

A vulnerability has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM up to 56ba287f2e9031523ccb4244cb6e3fe530e4e5d5. The affected element is an unknown function of the component Dashboard. Such mani…

student-management-system | Remote | Authorization
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
7.5 HIGH
CVE-2026-8852 — IBM HTTP Server is affected by multiple vulnerabilities

IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod_fastcgi module.

linux_kernel aix windows http_server z\/os | Remote | Denial of Service
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
7.5 HIGH
CVE-2026-8850 — IBM HTTP Server is affected by multiple vulnerabilities

IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod_ibm_upload.

linux_kernel aix windows http_server z\/os | Remote | Denial of Service
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
6.9 MEDIUM
CVE-2026-48905 — Joomla! Framework - [20260520] - Inadequate content filtering within the cleanAttributes …

Lack of input filtering leads to an XSS vector in the HTML filter code.

joomla\! | Remote | Cross-Site Scripting
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
9.8 CRITICAL
CVE-2026-48904 — Joomla! Core - [20260514] - Privilege escalation through com_users webservice endpoints

An improper access check allows privelege escalation through the com_users group editing webservice endpoint.

joomla\! | Remote | Authorization
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
6.9 MEDIUM
CVE-2026-48903 — Joomla! Framework - [20260519] - Inadequate content filtering within the checkAttribute f…

Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in various components.

joomla\! | Remote | Cross-Site Scripting
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
0.0 NA
CVE-2026-48902 — Joomla! Core - [20260518] - Transport encryption downgrade for password and username rese…

The password and username reset features created plain http links for https connections if the "Force SSL" flag wasn't explicitly set.

joomla\! | Misconfiguration
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
0.0 NA
CVE-2026-48901 — Joomla! Core - [20260517] - Incorrect Cache Key Construction for InputFilter objects

The InputFilter::getInstance() method omitted a security sensitive parameter from the instance cache key.

joomla\! | Misconfiguration
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
6.4 MEDIUM
CVE-2026-48900 — Joomla! Core - [20260516] - Incorrect Access Control in com_scheduler

An improper access check allowed low privileged users to edit the task types of existing scheduler tasks.

joomla\! | Remote | Authorization
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
9.8 CRITICAL
CVE-2026-48899 — Joomla! Core - [20260515] - Incorrect Access Control in sample data plugins

An improper access check allows privilege escalation through the com_users batch task.

joomla\! | Remote | Authorization
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
9.8 CRITICAL
CVE-2026-48898 — Joomla! Core - [20260513] - Privilege escalation through com_users batch task

An improper access check allows privilege escalation through the com_users batch task.

joomla\! | Remote | Authorization
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
8.2 HIGH
CVE-2026-48897 — Joomla! Core - [20260512] - MFA Authentication Bypass

Insufficient state checks lead to a vector that allows to bypass 2FA checks.

joomla\! | Remote | Authentication
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
8.2 HIGH
CVE-2026-48896 — Joomla! Core - [20260511] - MFA Authentication Bypass

Insufficient state checks lead to a vector that allows to bypass 2FA checks.

joomla\! | Remote | Authentication
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
7.8 HIGH
CVE-2026-48864 — Libsolv: heap buffer overflow in libsolv repopagestore via unchecked decompression of mal…

A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker-controlled compressed data within `.solv` files due to insufficient input validation. An attacker ca…

| Memory Corruption
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
7.4 HIGH
CVE-2026-48697 — FastNetMon Community Edition TLS Certificate Verification Bypass

FastNetMon Community Edition through 1.2.9 does not verify TLS certificates on outbound HTTPS connections. The execute_web_request_secure() function in src/fast_library.cpp creates a boost::asio::ssl…

Remote | Misconfiguration
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
5.5 MEDIUM
CVE-2026-48693 — FastNetMon Local Symlink Attack

FastNetMon Community Edition through 1.2.9 is vulnerable to a local symlink attack via predictable file paths in /tmp. The statistics file path defaults to '/tmp/fastnetmon.dat' (src/fastnetmon.cpp l…

| Path Traversal
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
0.0 NA
CVE-2026-48691 — FastNetMon Community Edition Heap Buffer Overflow Vulnerability

FastNetMon Community Edition through 1.2.9 contains an integer overflow in the BGP AS_PATH attribute encoder. In src/bgp_protocol.hpp, the IPv4UnicastAnnounce::get_attributes() function computes attr…

| Memory Corruption
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
7.1 HIGH
CVE-2026-48690 — FastNetMon Community Edition Integer Overflow Heap Corruption Vulnerability

FastNetMon Community Edition through 1.2.9 contains an integer overflow vulnerability in the packet capture buffer allocation. In src/packet_storage.hpp, the allocate_buffer() function computes memor…

| Memory Corruption
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
8.2 HIGH
CVE-2026-48126 — Algernon: Host header path traversal in --domain mode reads files and runs Lua from paren…

Algernon is a small self-contained pure-Go web server. Prior to 1.17.8, when algernon is started with --domain (or --letsencrypt, which silently turns on --domain at engine/flags.go:372), the request…

Remote | Path Traversal
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
Showing 20 of 6057 Results