Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
7.5 HIGH
CVE-2026-11490 — code-projects Online Music Site Search.php sql injection

A vulnerability was determined in code-projects Online Music Site 1.0. This issue affects some unknown processing of the file /Frontend/Search.php. This manipulation of the argument Category causes s…

online_music_site | Remote | Injection
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
7.5 HIGH
CVE-2026-11489 — code-projects Online Music Site AdminDeleteAlbum.php sql injection

A vulnerability was found in code-projects Online Music Site 1.0. This vulnerability affects unknown code of the file /Administrator/PHP/AdminDeleteAlbum.php. The manipulation of the argument ID resu…

online_music_site | Remote | Injection
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
7.5 HIGH
CVE-2026-11488 — code-projects Simple Flight Ticket Booking System POST Parameter checkUser.php sql inject…

A vulnerability has been found in code-projects Simple Flight Ticket Booking System 1.0. This affects an unknown part of the file checkUser.php of the component POST Parameter Handler. The manipulati…

simple_flight_ticket_booking_system | Remote | Injection
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
5.3 MEDIUM
CVE-2026-11487 — Neovim View Branch secure.lua M.read command injection

A flaw has been found in Neovim up to 0.12.2. Affected by this issue is the function M.read of the file runtime/lua/vim/secure.lua of the component View Branch. Executing a manipulation of the argume…

neovim | Injection
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
7.5 HIGH
CVE-2026-11486 — SourceCodester Class and Exam Timetabling System archive1.php sql injection

A vulnerability was detected in SourceCodester Class and Exam Timetabling System 1.0. Affected by this vulnerability is an unknown functionality of the file /archive1.php. Performing a manipulation o…

class_and_exam_timetabling_system | Remote | Injection
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
7.5 HIGH
CVE-2026-11485 — SourceCodester Class and Exam Timetabling System archive2.php sql injection

A security vulnerability has been detected in SourceCodester Class and Exam Timetabling System 1.0. Affected is an unknown function of the file /archive2.php. Such manipulation of the argument sy lea…

class_and_exam_timetabling_system | Remote | Injection
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
7.5 HIGH
CVE-2026-11484 — SourceCodester Class and Exam Timetabling System archive3.php sql injection

A weakness has been identified in SourceCodester Class and Exam Timetabling System 1.0. This impacts an unknown function of the file /archive3.php. This manipulation of the argument sy causes sql inj…

class_and_exam_timetabling_system | Remote | Injection
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
7.5 HIGH
CVE-2026-11483 — SourceCodester Class and Exam Timetabling System archive4.php sql injection

A security flaw has been discovered in SourceCodester Class and Exam Timetabling System 1.0. This affects an unknown function of the file /archive4.php. The manipulation of the argument sy results in…

class_and_exam_timetabling_system | Remote | Injection
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
7.5 HIGH
CVE-2026-11482 — SourceCodester Class and Exam Timetabling System archive5.php sql injection

A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. The impacted element is an unknown function of the file /archive5.php. The manipulation of the argument sy lead…

class_and_exam_timetabling_system | Remote | Injection
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
2.5 LOW
CVE-2026-11481 — yoanbernabeu grepai Postgres Embedding Cache chunker.go PostgresStore.LookupByContentHash…

A vulnerability was determined in yoanbernabeu grepai up to 0.35.0. The affected element is the function PostgresStore.LookupByContentHash of the file indexer/chunker.go of the component Postgres Emb…

grepai | Cryptography
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
6.5 MEDIUM
CVE-2026-11480 — Chengdu Everbrite Network Technology BeikeShop Admin Design Builder Endpoint admin.php sq…

A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.6.0.22. Impacted is an unknown function of the file beike/Admin/Routes/admin.php of the component Admin Design Buil…

beikeshop | Remote | Injection
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
4.2 MEDIUM
CVE-2026-11479 — yoanbernabeu grepai Qdrant Backend chunker.go weak hash

A vulnerability has been found in yoanbernabeu grepai 0.35.0. This issue affects some unknown processing of the file indexer/chunker.go of the component Qdrant Backend. Such manipulation leads to use…

grepai | Remote | Cryptography
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
3.3 LOW
CVE-2026-11478 — kokke tiny-regex-c Pattern re.c matchstar redos

A flaw has been found in kokke tiny-regex-c up to f2632c6d9ed25272987471cdb8b70395c2460bdb. This vulnerability affects the function matchstar of the file re.c of the component Pattern Handler. This m…

tiny-regex-c | Denial of Service
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
5.0 MEDIUM
CVE-2026-11477 — hs-web hsweb-framework OAuth2 Client OAuth2Client.java OAuth2Client redirect

A vulnerability was detected in hs-web hsweb-framework up to 5.0.1. This affects the function OAuth2Client of the file hsweb-authorization/hsweb-authorization-oauth2/src/main/java/org/hswebframework/…

hsweb-framework | Remote | Misconfiguration
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
6.5 MEDIUM
CVE-2026-11476 — Kushan2k student-management-system Profile Update Endpoint AdminController.php edit-admin…

A security vulnerability has been detected in Kushan2k student-management-system up to f16a4ceaddd6729c4b306ed4641cda3176c1ef2a. Affected by this issue is the function edit-admin of the file controll…

student-management-system | Remote | Authorization
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
6.5 MEDIUM
CVE-2026-11475 — Kushan2k student-management-system Certificate Verification Endpoint GradeController.php …

A weakness has been identified in Kushan2k student-management-system up to f16a4ceaddd6729c4b306ed4641cda3176c1ef2a. Affected by this vulnerability is the function getStatus of the file controllers/G…

student-management-system | Remote | Injection
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
9.8 CRITICAL
CVE-2024-58349 — WordPress Theme Travelscape 1.0.3 Arbitrary File Upload

WordPress Theme Travelscape 1.0.3 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by exploiting insufficient validation in the theme's …

Remote | Authentication
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
9.8 CRITICAL
CVE-2024-58348 — WordPress Background Image Cropper 1.2 Remote Code Execution

WordPress Background Image Cropper version 1.2 contains a remote code execution vulnerability that allows unauthenticated attackers to upload arbitrary files by accessing the ups.php endpoint. Attack…

Remote | Injection
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
9.8 CRITICAL
CVE-2023-54352 — WordPress Seotheme Remote Code Execution Unauthenticated

WordPress Seotheme contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by uploading malicious files to the theme directory. Attackers ca…

Remote | Misconfiguration
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
7.2 HIGH
CVE-2023-54351 — WordPress Sonaar Music Plugin 4.7 Stored XSS via Comments

WordPress Sonaar Music Plugin 4.7 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the comment functionality. Attackers c…

Remote | Cross-Site Scripting
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
Showing 20 of 6723 Results