Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
0.0 NA
CVE-2026-10559 — SourceCodester Pizzafy Ecommerce System index.php file inclusion

A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. The affected element is an unknown function of the file /index.php. Executing a manipulation of the argument page can lead to fil…

| Path Traversal
Jun 02, 2026 Jun 02, 2026
Jun 02, 2026
Jun 02, 2026
0.0 NA
CVE-2026-10558 — SourceCodester Pizzafy Ecommerce System index.php file inclusion

A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Impacted is an unknown function of the file /admin/index.php. Performing a manipulation of the argument page results in fi…

| Path Traversal
Jun 02, 2026 Jun 02, 2026
Jun 02, 2026
Jun 02, 2026
0.0 NA
CVE-2026-10550 — elunez eladmin Application Deployment App.java command injection

A weakness has been identified in elunez eladmin up to 2.7. This vulnerability affects unknown code of the file App.java of the component Application Deployment Module. This manipulation of the argum…

| Injection
Jun 02, 2026 Jun 02, 2026
Jun 02, 2026
Jun 02, 2026
0.0 NA
CVE-2026-10548 — NousResearch hermes-agent Credential Pool Synchronization credential_pool.py _sync_anthro…

A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.23. This affects the function _sync_anthropic_entry_from_credentials_file of the file agent/credential_pool.py of the com…

hermes-agent | Authentication
Jun 02, 2026 Jun 02, 2026
Jun 02, 2026
Jun 02, 2026
4.3 MEDIUM
CVE-2026-9050 — Slider Revolution 6.0.0-6.7.55 and 7.0.0-7.0.14 - Missing Authorization to Authenticated …

The Slider Revolution plugin for WordPress in versions 6.0.0-6.7.55 and 7.0.0-7.0.14 is vulnerable to unauthorized modification of data. This is due to the plugin not properly verifying that a user i…

Remote | Authorization
Jun 02, 2026 Jun 02, 2026
Jun 02, 2026
Jun 02, 2026
4.3 MEDIUM
CVE-2026-9048 — Slider Revolution 7.0.0 - 7.0.14 - Incorrect Authorization to Authenticated (Contributor+…

The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions 7.0.0 - 7.0.14, via the 'slider.get.full' AJAX Action. This makes it possible for authenticated …

Remote | Information Disclosure
Jun 02, 2026 Jun 02, 2026
Jun 02, 2026
Jun 02, 2026
3.3 LOW
CVE-2026-10528 — Orthanc DICOM Server DCMTK FromDcmtkBridge.cpp read stack-based overflow

A security flaw has been discovered in Orthanc DICOM Server up to 1.12.11. This issue affects the function DcmItem::read of the file OrthancFramework/Sources/DicomParsing/FromDcmtkBridge.cpp of the c…

| Memory Corruption
Jun 02, 2026 Jun 02, 2026
Jun 02, 2026
Jun 02, 2026
3.3 LOW
CVE-2026-10514 — 1Panel-dev CordysCRM RequestParamTrimConfig.java cross site scripting

A vulnerability has been found in 1Panel-dev CordysCRM up to 1.6.2. This affects an unknown function of the file backend/framework/src/main/java/cn/cordys/config/RequestParamTrimConfig.java. The mani…

Remote | Cross-Site Scripting
Jun 02, 2026 Jun 02, 2026
Jun 02, 2026
Jun 02, 2026
6.5 MEDIUM
CVE-2026-10302 — itsourcecode Fees Management System manage_fee.php sql injection

A flaw has been found in itsourcecode Fees Management System 1.0. The impacted element is an unknown function of the file /manage_fee.php. Executing a manipulation of the argument ID can lead to sql …

Remote | Injection
Jun 02, 2026 Jun 02, 2026
Jun 02, 2026
Jun 02, 2026
5.0 MEDIUM
CVE-2026-10301 — itsourcecode Fees Management System index.php cross site scripting

A vulnerability was detected in itsourcecode Fees Management System 1.0. The affected element is an unknown function of the file index.php. Performing a manipulation of the argument page results in c…

Remote | Cross-Site Scripting
Jun 02, 2026 Jun 02, 2026
Jun 02, 2026
Jun 02, 2026
0.0 NA
CVE-2026-10529 — westboy CicadasCMS Task Scheduling Management ScheduleJobController.java cross site scrip…

A weakness has been identified in westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab. Impacted is an unknown function of the file src/main/java/com/zhiliao/module/web/system/ScheduleJo…

cicadascms | Cross-Site Scripting
Jun 02, 2026 Jun 02, 2026
Jun 02, 2026
Jun 02, 2026
4.3 MEDIUM
CVE-2026-28511 — elabftw has entry title leakage through autocompletion search

eLabFTW is an open source electronic lab notebook. Prior to version 5.4.2, in certain cases, an authenticated user performing a numeric reference/search can return results that include resources the …

Remote | Authorization
Jun 01, 2026 Jun 01, 2026
Jun 01, 2026
Jun 01, 2026
9.8 CRITICAL
CVE-2026-25879 — Langroid has Prompt to SQL Injection, Leading to RCE

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.63.0, SQLChatAgent executes SQL produced by an LLM, which is influenceable by prompt injection. When…

langroid | Remote | Injection
Jun 01, 2026 Jun 01, 2026
Jun 01, 2026
Jun 01, 2026
8.8 HIGH
CVE-2026-25277 — Buffer Copy Without Checking Size of Input in Secure Processor

Memory corruption while using Strongbox due to buffer overflow.

| Memory Corruption
Jun 01, 2026 Jun 01, 2026
Jun 01, 2026
Jun 01, 2026
8.8 HIGH
CVE-2026-25276 — Improper Validation of Array Index in Secure Processor

Memory corruption while using Strongbox due to missing bounds check.

| Memory Corruption
Jun 01, 2026 Jun 01, 2026
Jun 01, 2026
Jun 01, 2026
7.8 HIGH
CVE-2026-25260 — Time-of-check Time-of-use (TOCTOU) Race Condition in DSP Service

Memory Corruption when accessing shared buffers without validation of concurrent user-mode input modifications.

| Memory Corruption
Jun 01, 2026 Jun 01, 2026
Jun 01, 2026
Jun 01, 2026
7.8 HIGH
CVE-2026-25259 — Out-of-bounds Write in DSP Service

Memory corruption while processing multiple IOCTL command for escape operations.

| Memory Corruption
Jun 01, 2026 Jun 01, 2026
Jun 01, 2026
Jun 01, 2026
7.8 HIGH
CVE-2026-25258 — Out-of-bounds Read in DSP Service

Memory corruption while processing IOCTL calls for escape operations.

| Memory Corruption
Jun 01, 2026 Jun 01, 2026
Jun 01, 2026
Jun 01, 2026
7.6 HIGH
CVE-2026-24782 — Kiteworks Secure Data Forms has a SQL Injection vulnerability

Kiteworks is a private data network (PDN). Prior to version 9.3.0,ultiple SQL Injection vulnerabilities in Kiteworks Secure Data Forms could be exploited by an authenticated attacker with the FormBui…

Remote | Injection
Jun 01, 2026 Jun 01, 2026
Jun 01, 2026
Jun 01, 2026
3.7 LOW
CVE-2026-24761 — Kiteworks Secure Data Forms is vulnerable to Authorization Bypass Through User-Controlled…

Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks Secure Data Forms allows an authenticated user to access metad…

Remote | Authorization
Jun 01, 2026 Jun 01, 2026
Jun 01, 2026
Jun 01, 2026
Showing 20 of 7000 Results