Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
7.5 HIGH
CVE-2026-3238 — Samba: denial of service against ad dc wins server

A flaw was found in Samba’s WINS server component when running as an Active Directory Domain Controller. The WINS protocol handlers for certain request types did not properly validate incoming packet…

enterprise_linux openshift_container_platform enterprise_linux | Remote | Denial of Service
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
6.5 MEDIUM
CVE-2026-11495 — CodeAstro Ingredients Stock Management System add_stock.php sql injection

A vulnerability was detected in CodeAstro Ingredients Stock Management System 1.0. This impacts an unknown function of the file /Ingredients-Stock/add_stock.php. The manipulation of the argument ID r…

ingredients_stock_management_system | Remote | Injection
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
4.3 MEDIUM
CVE-2026-11494 — TOTOLINK AC1200 T8 vsftpd vsftpd.conf least privilege violation

A security vulnerability has been detected in TOTOLINK AC1200 T8 4.1.5cu.8611. This affects an unknown function of the file /etc/vsftpd.conf of the component vsftpd. The manipulation leads to least p…

ac1200_t8 | Remote | Misconfiguration
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
5.0 MEDIUM
CVE-2026-11493 — Tenda AC15 Samba smb.conf weak password

A weakness has been identified in Tenda AC15 15.03.05.19. The impacted element is an unknown function of the file /etc_ro/smb.conf of the component Samba. Executing a manipulation can lead to weak pa…

ac15 | Authentication
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
4.3 MEDIUM
CVE-2026-11492 — D-Link DIR-823G vsftpd vsftpd.conf least privilege violation

A security flaw has been discovered in D-Link DIR-823G 1.0.2B05. The affected element is an unknown function of the file /etc/vsftpd.conf of the component vsftpd. Performing a manipulation results in…

Remote | Misconfiguration
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
3.3 LOW
CVE-2026-11491 — CodeAstro Human Resource Management System Notice Board Management All_notice cross site …

A vulnerability was identified in CodeAstro Human Resource Management System 1.0. Impacted is an unknown function of the file /notice/All_notice of the component Notice Board Management. Such manipul…

Remote | Cross-Site Scripting
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
7.5 HIGH
CVE-2026-11490 — code-projects Online Music Site Search.php sql injection

A vulnerability was determined in code-projects Online Music Site 1.0. This issue affects some unknown processing of the file /Frontend/Search.php. This manipulation of the argument Category causes s…

online_music_site | Remote | Injection
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
8.0 HIGH
CVE-2026-41724 — VMSA-2026-0004: VMware Cloud Foundation Operations updates address multiple vulnerabiliti…

VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets may be able to inject scri…

aria_operations telco_cloud_platform | Remote | Cross-Site Scripting
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
8.0 HIGH
CVE-2026-41723 — VMSA-2026-0004: VMware Cloud Foundation Operations updates address multiple vulnerabiliti…

VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets may be able to inject scri…

aria_operations telco_cloud_platform | Remote | Cross-Site Scripting
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
8.0 HIGH
CVE-2026-41722 — VMSA-2026-0004: VMware Cloud Foundation Operations updates address multiple vulnerabiliti…

VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets may be able to inject scri…

aria_operations telco_cloud_platform | Remote | Cross-Site Scripting
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
0.0 NA
CVE-2026-11499 — Tenda HG7HG9/HG10 formDOMAINBLK stack-based overflow

A vulnerability was determined in Tenda HG7HG9 and HG10 300001138_en_xpon. This affects the function formDOMAINBLK of the file /boaform/formDOMAINBLK. Executing a manipulation of the argument blkDoma…

hg10 | Memory Corruption
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
0.0 NA
CVE-2026-11498 — Tenda HG7HG9/HG10 Web Management voip_other_set asp_voip_OtherSet stack-based overflow

A vulnerability was found in Tenda HG7HG9 and HG10 300001138_en_xpon. Affected by this issue is the function asp_voip_OtherSet of the file /boaform/voip_other_set of the component Web Management Inte…

hg10 | Memory Corruption
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
0.0 NA
CVE-2026-11497 — D-Link DCS-5615 Boa Webserver boa.conf least privilege violation

A vulnerability has been found in D-Link DCS-5615 1.01.00. Affected by this vulnerability is an unknown functionality of the file /etc/conf.d/boa/boa.conf of the component Boa Webserver. Such manipul…

| Path Traversal
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
7.5 HIGH
CVE-2026-11489 — code-projects Online Music Site AdminDeleteAlbum.php sql injection

A vulnerability was found in code-projects Online Music Site 1.0. This vulnerability affects unknown code of the file /Administrator/PHP/AdminDeleteAlbum.php. The manipulation of the argument ID resu…

online_music_site | Remote | Injection
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
7.5 HIGH
CVE-2026-11488 — code-projects Simple Flight Ticket Booking System POST Parameter checkUser.php sql inject…

A vulnerability has been found in code-projects Simple Flight Ticket Booking System 1.0. This affects an unknown part of the file checkUser.php of the component POST Parameter Handler. The manipulati…

Remote | Injection
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
5.3 MEDIUM
CVE-2026-11487 — Neovim View Branch secure.lua M.read command injection

A flaw has been found in Neovim up to 0.12.2. Affected by this issue is the function M.read of the file runtime/lua/vim/secure.lua of the component View Branch. Executing a manipulation of the argume…

| Injection
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
7.5 HIGH
CVE-2026-11486 — SourceCodester Class and Exam Timetabling System archive1.php sql injection

A vulnerability was detected in SourceCodester Class and Exam Timetabling System 1.0. Affected by this vulnerability is an unknown functionality of the file /archive1.php. Performing a manipulation o…

Remote | Injection
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
7.5 HIGH
CVE-2026-11485 — SourceCodester Class and Exam Timetabling System archive2.php sql injection

A security vulnerability has been detected in SourceCodester Class and Exam Timetabling System 1.0. Affected is an unknown function of the file /archive2.php. Such manipulation of the argument sy lea…

Remote | Injection
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
7.5 HIGH
CVE-2026-11484 — SourceCodester Class and Exam Timetabling System archive3.php sql injection

A weakness has been identified in SourceCodester Class and Exam Timetabling System 1.0. This impacts an unknown function of the file /archive3.php. This manipulation of the argument sy causes sql inj…

Remote | Injection
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
7.5 HIGH
CVE-2026-11483 — SourceCodester Class and Exam Timetabling System archive4.php sql injection

A security flaw has been discovered in SourceCodester Class and Exam Timetabling System 1.0. This affects an unknown function of the file /archive4.php. The manipulation of the argument sy results in…

Remote | Injection
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
Showing 20 of 6699 Results