Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
0.0 NA
CVE-2026-32316 — jq: Integer overflow in jvp_string_append() allows Heap-based Buffer Overflow

jq is a command-line JSON processor. An integer overflow vulnerability exists through version 1.8.1 within the jvp_string_append() and jvp_string_copy_replace_bad functions, where concatenating strin…

| Memory Corruption
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
0.0 NA
CVE-2026-6196 — Tenda F456 exeCommand fromexeCommand stack-based overflow

A vulnerability was detected in Tenda F456 1.0.0.5. This affects the function fromexeCommand of the file /goform/exeCommand. Performing a manipulation of the argument cmdinput results in stack-based …

| Memory Corruption
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
0.0 NA
CVE-2026-6195 — Totolink A7100RU CGI cstecgi.cgi setPasswordCfg os command injection

A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handle…

| Injection
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
7.5 HIGH
CVE-2026-6193 — PHPGurukul Daily Expense Tracking System register.php sql injection

A security flaw has been discovered in PHPGurukul Daily Expense Tracking System 1.1. Affected is an unknown function of the file /register.php. The manipulation of the argument email results in sql i…

Remote | Injection
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
4.8 MEDIUM
CVE-2026-6192 — uclouvain openjpeg pi.c opj_pi_initialise_encode integer overflow

A vulnerability was identified in uclouvain openjpeg up to 2.5.4. This impacts the function opj_pi_initialise_encode in the library src/lib/openjp2/pi.c. The manipulation leads to integer overflow. T…

| Memory Corruption
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
6.5 MEDIUM
CVE-2026-6191 — itsourcecode Construction Management System equipments.php sql injection

A vulnerability was determined in itsourcecode Construction Management System 1.0. This affects an unknown function of the file /equipments.php. Executing a manipulation of the argument Name can lead…

Remote | Injection
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
6.5 MEDIUM
CVE-2026-6190 — itsourcecode Construction Management System employees.php sql injection

A vulnerability was found in itsourcecode Construction Management System 1.0. The impacted element is an unknown function of the file /employees.php. Performing a manipulation of the argument Name re…

Remote | Injection
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
7.5 HIGH
CVE-2026-6189 — SourceCodester Pharmacy Sales and Inventory System ajax.php sql injection

A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. The affected element is an unknown function of the file /ajax.php?action=login. Such manipulation of the argu…

Remote | Injection
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
5.3 MEDIUM
CVE-2026-39940 — ChurchCRM has an Open Redirect via the ‘linkBack’ URL Parameter in DonatedItemEditor.php

ChurchCRM is an open-source church management system. Prior to 7.0.0, it was possible in many places across the ChurchCRM application to create a link that, when visited by an authenticated user, wou…

Remote | Authentication
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
0.0 NA
CVE-2026-36952 — Sourcecodester Online Thesis Archiving System SQL Injection Vulnerability

Sourcecodester Online Thesis Archiving System v1.0 is vulnerable to SQL injection in the file /otas/admin/curriculum/manage_curriculum.php.

| Injection
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
0.0 NA
CVE-2026-36950 — Sourcecodester Online Thesis Archiving System SQL Injection

Sourcecodester Online Thesis Archiving System v1.0 is vulnerable to SQL injection in /otas/projects_per_department.php.

| Injection
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
0.0 NA
CVE-2026-36948 — Sourcecodester Online Thesis Archiving System SQL Injection Vulnerability

Sourcecodester Online Thesis Archiving System v1.0 is vulnerale to SQL injection in the file /otas/view_archive.php.

| Injection
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
4.0 MEDIUM
CVE-2026-33555 — HAProxy HTTP/3 Request Smuggling Vulnerability

An issue was discovered in HAProxy before 3.3.6. The HTTP/3 parser does not check that the received body length matches a previously announced content-length when the stream is closed via a frame wit…

Remote | Misconfiguration
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
9.3 CRITICAL
CVE-2026-23891 — Decidim has a Cross-site scripting (XSS) vulnerability via user name field

Decidim is a participatory democracy framework. In versions below 0.30.5 and 0.31.0.rc1 through 0.31.0, a stored code execution vulnerability in the user name field allows a low-privileged attacker t…

Remote | Injection
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
9.1 CRITICAL
CVE-2026-6100 — Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-…

Use-after-free (UAF) was possible in the `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile` when a memory allocation fails with a `MemoryError` and the decompression instance is re-u…

Remote | Memory Corruption
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
0.0 NA
CVE-2026-6194 — Totolink A3002MU HTTP Request formWlanSetup sub_410188 stack-based overflow

A weakness has been identified in Totolink A3002MU B20211125.1046. Affected by this vulnerability is the function sub_410188 of the file /boafrm/formWlanSetup of the component HTTP Request Handler. T…

| Memory Corruption
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
0.0 NA
CVE-2026-28291 — simple-git has Command Execution via Option-Parsing Bypass

simple-git enables running native Git commands from JavaScript. Versions up to and including 3.31.1 allow execution of arbitrary commands through Git option manipulation, bypassing safety checks mean…

| Injection
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
7.1 HIGH
CVE-2025-3756 — Denial of Service Vulnerabilities in System 800xA, Symphony® Plus IEC 61850

A vulnerability exists in the command handling of the IEC 61850 communication stack included in the product revisions listed as affected in this CVE. An attacker with access to IEC 61850 networks cou…

| Denial of Service
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
5.3 MEDIUM
CVE-2026-6231 — bson_validate may skip validation when processing certain inputs

The bson_validate function may return early on specific inputs and incorrectly report success. This behavior could result in skipping validation for BSON data, allowing malformed or invalid UTF-8 seq…

Remote | Misconfiguration
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
7.5 HIGH
CVE-2026-6188 — SourceCodester Pharmacy Sales and Inventory System ajax.php sql injection

A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Impacted is an unknown function of the file /ajax.php?action=delete_sales. This manipulation of the argument ID causes…

Remote | Injection
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
Showing 20 of 6186 Results