Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
3.7 LOW
CVE-2026-10169 — OUSL-GROUP-BrinaryBrains School Student Management System Forgot Password Endpoint Login.…

A vulnerability was detected in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. Affected by this vulnerability is the function ajax_forgot_pa…

Remote | Authentication
May 31, 2026 May 31, 2026
May 31, 2026
May 31, 2026
6.5 MEDIUM
CVE-2026-10168 — OUSL-GROUP-BrinaryBrains School Student Management System Parents.php marks resource inje…

A security vulnerability has been detected in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. Affected is the function marks of the file appl…

Remote | Path Traversal
May 31, 2026 May 31, 2026
May 31, 2026
May 31, 2026
7.5 HIGH
CVE-2026-10167 — OUSL-GROUP-BrinaryBrains School Student Management System MY_Controller Login.php sign_au…

A weakness has been identified in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. This impacts the function sign_auth_cookie of the file appl…

Remote | Authentication
May 31, 2026 May 31, 2026
May 31, 2026
May 31, 2026
5.3 MEDIUM
CVE-2026-8382 — Advanced Custom Fields (ACF®) <= 6.8.1 - Unauthenticated Arbitrary Post Modification via …

The Advanced Custom Fields (ACF®) plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.8.1. This is due to the plugin not properly verifying that a user …

Remote | Authorization
May 31, 2026 May 31, 2026
May 31, 2026
May 31, 2026
6.5 MEDIUM
CVE-2026-10166 — Edimax BR-6478AC POST Request formWlbasic command injection

A vulnerability was determined in Edimax BR-6478AC 1.23. The affected element is the function formWlbasic of the file /goform/formWlbasic of the component POST Request Handler. This manipulation of t…

Remote | Injection
May 31, 2026 May 31, 2026
May 31, 2026
May 31, 2026
9.0 HIGH
CVE-2026-10165 — Edimax BR-6478AC POST Request formWanTcpipSetup stack-based overflow

A vulnerability was identified in Edimax BR-6478AC 1.23. The impacted element is the function formWanTcpipSetup of the file /goform/formWanTcpipSetup of the component POST Request Handler. Such manip…

Remote | Memory Corruption
May 31, 2026 May 31, 2026
May 31, 2026
May 31, 2026
9.0 HIGH
CVE-2026-10164 — Edimax BR-6478AC POST Request formUSBFolder buffer overflow

A vulnerability was found in Edimax BR-6478AC 1.23. Impacted is the function formUSBFolder of the file /goform/formUSBFolder of the component POST Request Handler. The manipulation of the argument Sh…

Remote | Memory Corruption
May 31, 2026 May 31, 2026
May 31, 2026
May 31, 2026
9.0 HIGH
CVE-2026-10163 — Edimax BR-6478AC POST Request formUSBAccount buffer overflow

A vulnerability has been found in Edimax BR-6478AC 1.23. This issue affects the function formUSBAccount of the file /goform/formUSBAccount of the component POST Request Handler. The manipulation of t…

Remote | Memory Corruption
May 31, 2026 May 31, 2026
May 31, 2026
May 31, 2026
9.0 HIGH
CVE-2026-10162 — TRENDnet TEW-432BRP formSetPassword stack-based overflow

A flaw has been found in TRENDnet TEW-432BRP 3.10B20. This vulnerability affects the function formSetPassword of the file /goform/formSetPassword. Executing a manipulation of the argument webpage can…

Remote | Memory Corruption
May 31, 2026 May 31, 2026
May 31, 2026
May 31, 2026
9.0 HIGH
CVE-2026-10161 — TRENDnet TEW-432BRP formResetStatistic stack-based overflow

A vulnerability was detected in TRENDnet TEW-432BRP 3.10B20. This affects the function formResetStatistic of the file /goform/formResetStatistic. Performing a manipulation of the argument status_stat…

Remote | Memory Corruption
May 31, 2026 May 31, 2026
May 31, 2026
May 31, 2026
9.0 HIGH
CVE-2026-10160 — TRENDnet TEW-432BRP formSetEnableWizard stack-based overflow

A security vulnerability has been detected in TRENDnet TEW-432BRP 3.10B20. Affected by this issue is the function formSetEnableWizard of the file /goform/formSetEnableWizard. Such manipulation of the…

Remote | Memory Corruption
May 31, 2026 May 31, 2026
May 31, 2026
May 31, 2026
9.0 HIGH
CVE-2026-10159 — TRENDnet TEW-432BRP formSysLog stack-based overflow

A weakness has been identified in TRENDnet TEW-432BRP 3.10B20. Affected by this vulnerability is the function formSysLog of the file /goform/formSysLog. This manipulation of the argument current_page…

Remote | Memory Corruption
May 31, 2026 May 31, 2026
May 31, 2026
May 31, 2026
9.0 HIGH
CVE-2026-10158 — TRENDnet TEW-432BRP formPortFw stack-based overflow

A security flaw has been discovered in TRENDnet TEW-432BRP 3.10B20. Affected is the function formPortFw of the file /goform/formPortFw. The manipulation of the argument server_name results in stack-b…

Remote | Memory Corruption
May 31, 2026 May 31, 2026
May 31, 2026
May 31, 2026
7.5 HIGH
CVE-2026-10157 — Open5GS NGAP PathSwitchRequest Message ngap-handler.c improper authentication

A vulnerability was identified in Open5GS up to 2.7.6. This impacts an unknown function of the file src/amf/ngap-handler.c of the component NGAP PathSwitchRequest Message Handler. The manipulation le…

Remote | Authentication
May 31, 2026 May 31, 2026
May 31, 2026
May 31, 2026
4.3 MEDIUM
CVE-2026-10156 — Open5GS nf-instances Endpoint nnrf-handler.c handle_amf_info resource consumption

A vulnerability was determined in Open5GS up to 2.7.7. This affects the function handle_amf_info in the library /lib/sbi/nnrf-handler.c of the component nf-instances Endpoint. Executing a manipulatio…

Remote | Denial of Service
May 31, 2026 May 31, 2026
May 31, 2026
May 31, 2026
5.8 MEDIUM
CVE-2026-10155 — Bdtask Multi-Store Inventory Management System Accounts Report Accounts.php accounts_repo…

A vulnerability was found in Bdtask Multi-Store Inventory Management System 1.0. The impacted element is the function accounts_report_search of the file application/modules/accounts/controllers/Accou…

Remote | Injection
May 31, 2026 May 31, 2026
May 31, 2026
May 31, 2026
5.3 MEDIUM
CVE-2026-10154 — Dolibarr ERP CRM messaging.php authorization

A vulnerability has been found in Dolibarr ERP CRM 23.0.0/23.0.1/23.0.2. The affected element is an unknown function of the file htdocs/user/messaging.php. Such manipulation of the argument ID leads …

Remote | Authorization
May 31, 2026 May 31, 2026
May 31, 2026
May 31, 2026
5.0 MEDIUM
CVE-2026-10153 — westboy CicadasCMS AbstractCacheManager.java search cross site scripting

A flaw has been found in westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab. Impacted is the function Search of the file org/springframework/cache/support/AbstractCacheManager.java. Th…

Remote | Cross-Site Scripting
May 30, 2026 May 30, 2026
May 30, 2026
May 30, 2026
6.5 MEDIUM
CVE-2026-10152 — TaleLin lin-cms-spring-boot book Endpoint BookController.java access control

A vulnerability was detected in TaleLin lin-cms-spring-boot up to 0.2.1. This issue affects some unknown processing of the file src/main/java/io/github/talelin/latticy/controller/v1/BookController.ja…

Remote | Authorization
May 30, 2026 May 30, 2026
May 30, 2026
May 30, 2026
6.5 MEDIUM
CVE-2026-10127 — Edimax BR-6478AC POST Request formStaDrvSetup command injection

A weakness has been identified in Edimax BR-6478AC 1.23. This affects the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component POST Request Handler. This manipulation of the …

br-6478ac_firmware | Remote | Injection
May 30, 2026 May 30, 2026
May 30, 2026
May 30, 2026
Showing 20 of 6896 Results