Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
9.0 HIGH
CVE-2026-6012 — D-Link DIR-513 POST Request formSetPassword buffer overflow

A security vulnerability has been detected in D-Link DIR-513 1.10. This affects the function formSetPassword of the file /goform/formSetPassword of the component POST Request Handler. The manipulatio…

dir-513_firmware | Remote | Memory Corruption
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
6.3 MEDIUM
CVE-2026-6011 — OpenClaw assertPublicHostname web-fetch.ts server-side request forgery

A weakness has been identified in OpenClaw up to 2026.1.26. Affected by this issue is some unknown functionality of the file src/agents/tools/web-fetch.ts of the component assertPublicHostname Handle…

openclaw | Remote | Server-Side Request Forgery
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
6.8 MEDIUM
CVE-2026-4482 — Insight Agent Private Key Information Disclosure via Inherited File Permissions

The installer certificate files in the …/bootstrap/common/ssl folder do not seem to have restricted permissions on Windows systems (users have read and execute access). For the client.key file in par…

insight_agent | Misconfiguration
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
6.5 MEDIUM
CVE-2026-6010 — CodeAstro Online Classroom takeassessment2.php sql injection

A security flaw has been discovered in CodeAstro Online Classroom 1.0/2.php. Affected by this vulnerability is an unknown functionality of the file /OnlineClassroom/takeassessment2.php?exid=14. Perfo…

Remote | Injection
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
6.5 MEDIUM
CVE-2026-6007 — itsourcecode Construction Management System del.php sql injection

A vulnerability was found in itsourcecode Construction Management System 1.0. This affects an unknown function of the file /del.php. The manipulation of the argument equipname results in sql injectio…

Remote | Injection
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
6.5 MEDIUM
CVE-2026-6006 — code-projects Patient Record Management System edit_hpatient.php sql injection

A vulnerability has been found in code-projects Patient Record Management System 1.0. The impacted element is an unknown function of the file /edit_hpatient.php. The manipulation of the argument ID l…

patient_record_management_system | Remote | Injection
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
6.5 MEDIUM
CVE-2026-6005 — code-projects Patient Record Management System hematology_print.php sql injection

A flaw has been found in code-projects Patient Record Management System 1.0. The affected element is an unknown function of the file /hematology_print.php. Executing a manipulation of the argument he…

patient_record_management_system | Remote | Injection
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
8.6 HIGH
CVE-2026-5501 — Improper Certificate Signature Verification in X.509 Chain Validation Allows Forged Leaf …

wolfSSL_X509_verify_cert in the OpenSSL compatibility layer accepts a certificate chain in which the leaf's signature is not checked, if the attacker supplies an untrusted intermediate with Basic Con…

wolfssl | Remote | Authorization
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
8.7 HIGH
CVE-2026-5500 — Improper Validation of AES-GCM Authentication Tag Length in PKCS#7 Envelope Allows Authen…

wolfSSL's wc_PKCS7_DecodeAuthEnvelopedData() does not properly sanitize the AES-GCM authentication tag length received and has no lower bounds check. A man-in-the-middle can therefore truncate the ma…

wolfssl | Remote | Cryptography
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
7.6 HIGH
CVE-2026-5479 — wolfSSL EVP ChaCha20-Poly1305 AEAD authentication tag

In wolfSSL's EVP layer, the ChaCha20-Poly1305 AEAD decryption path in wolfSSL_EVP_CipherFinal (and related EVP cipher finalization functions) fails to verify the authentication tag before returning p…

wolfssl | Cryptography
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
7.6 HIGH
CVE-2026-5466 — wc_VerifyEccsiHash missing sanity check

wolfSSL's ECCSI signature verifier `wc_VerifyEccsiHash` decodes the `r` and `s` scalars from the signature blob via `mp_read_unsigned_bin` with no check that they lie in `[1, q-1]`. A crafted forged …

wolfssl | Cryptography
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
2.3 LOW
CVE-2026-5188 — Integer underflow in X.509 SAN parsing in wolfSSL

An integer underflow issue exists in wolfSSL when parsing the Subject Alternative Name (SAN) extension of X.509 certificates. A malformed certificate can specify an entry length larger than the enclo…

wolfssl | Remote | Memory Corruption
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
6.4 MEDIUM
CVE-2026-2305 — AddFunc Head & Footer Code <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Script…

The AddFunc Head & Footer Code plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `aFhfc_head_code`, `aFhfc_body_code`, and `aFhfc_footer_code` post meta values in all versions…

Remote | Cross-Site Scripting
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
7.5 HIGH
CVE-2026-6004 — code-projects Simple IT Discussion Forum delete-category.php sql injection

A vulnerability was detected in code-projects Simple IT Discussion Forum 1.0. Impacted is an unknown function of the file /delete-category.php. Performing a manipulation of the argument cat_id result…

Remote | Injection
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
4.8 MEDIUM
CVE-2026-6003 — code-projects Simple IT Discussion Forum user.php cross site scripting

A security vulnerability has been detected in code-projects Simple IT Discussion Forum 1.0. This issue affects some unknown processing of the file /admin/user.php. Such manipulation of the argument f…

Remote | Cross-Site Scripting
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
5.0 MEDIUM
CVE-2026-6000 — code-projects Online Library Management System SQL Database Backup File library.sql infor…

A vulnerability was found in code-projects Online Library Management System 1.0. Affected is an unknown function of the file /sql/library.sql of the component SQL Database Backup File Handler. Perfor…

Remote | Information Disclosure
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
6.5 MEDIUM
CVE-2026-5999 — JeecgBoot SysAnnouncementController improper authorization

A vulnerability has been found in JeecgBoot up to 3.9.1. This impacts an unknown function of the component SysAnnouncementController. Such manipulation leads to improper authorization. The attack can…

jeecg_boot | Remote | Authorization
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
3.5 LOW
CVE-2026-33551 — OpenStack Keystone EC2/S3 Permission Escalation Vulnerability

An issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.0, 28.0.0, and 29.0.0. Restricted application credentials can create EC2 credentials. By using a restricted application…

keystone | Remote | Authorization
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
5.5 MEDIUM
CVE-2026-5998 — zhayujie chatgpt-on-wechat CowAgent API Memory Content Endpoint service.py dispatch path …

A flaw has been found in zhayujie chatgpt-on-wechat CowAgent up to 2.0.4. This affects the function dispatch of the file agent/memory/service.py of the component API Memory Content Endpoint. This man…

Remote | Path Traversal
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
10.0 HIGH
CVE-2026-5997 — Totolink A7100RU CGI cstecgi.cgi setLoginPasswordCfg os command injection

A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function setLoginPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The mani…

a7100ru_firmware | Remote | Injection
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
Showing 20 of 6451 Results