Total CVEs

144,714

Critical Severity

4,191

High Severity

15,264

Last 7 Days

1,858
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 4,381 - 4,400 of 41,119 CVEs
CVE-2026-13499 MEDIUM - 4.3

A security flaw has been discovered in yashpokharna2555 restaurent-management-system. This impacts an unknown function of the file login_register.php of the component Registration Handler. Performing a manipulation of the argument Username results in cross site scripting. The attack may be initiated...

Vendor: yashpokharna2555
Product: restaurent-management-system
Published: Jun 28, 2026
Source: NVD
CVE-2026-13498 HIGH - 7.3

A vulnerability was identified in yashpokharna2555 restaurent-management-system. This affects an unknown function of the file /forgotpassword.php of the component POST Parameter Handler. Such manipulation of the argument email leads to sql injection. The attack can be launched remotely. The exploit ...

Vendor: yashpokharna2555
Product: restaurent-management-system
Published: Jun 28, 2026
Source: NVD
CVE-2026-13497 MEDIUM - 6.3

A vulnerability was determined in itsourcecode Hospital Management System 1.0. The impacted element is an unknown function of the file /appointment.php. This manipulation of the argument editid causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and ma...

Vendor: itsourcecode
Product: Hospital Management System
Published: Jun 28, 2026
Source: NVD
CVE-2026-13496 MEDIUM - 6.3

A vulnerability was found in itsourcecode Hospital Management System 1.0. The affected element is an unknown function of the file /ajaxmedicine.php. The manipulation of the argument medicineid results in sql injection. It is possible to launch the attack remotely. The exploit has been made public an...

Vendor: itsourcecode
Product: Hospital Management System
Published: Jun 28, 2026
Source: NVD
CVE-2026-13495 MEDIUM - 4.7

A vulnerability has been found in itsourcecode Hospital Management System 1.0. Impacted is an unknown function of the file /adminprofile.php. The manipulation of the argument loginid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public ...

Vendor: itsourcecode
Product: Hospital Management System
Published: Jun 28, 2026
Source: NVD

A flaw has been found in AIDC-AI ComfyUI-Copilot up to 2.0.28. This issue affects some unknown processing of the file backend/controller/conversation_api.py of the component Workflow Checkpoint Restore Handler. Executing a manipulation can lead to improper control of resource identifiers. The attack...

Vendor: AIDC-AI
Product: ComfyUI-Copilot
Published: Jun 28, 2026
Source: NVD

A vulnerability was detected in 78 xiaozhi-esp32 up to 2.2.6. This vulnerability affects the function Application::GetInstance of the file main/protocols/mqtt_protocol.cc of the component MQTT Goodbye Handler. Performing a manipulation of the argument session_id results in denial of service. The att...

Vendor: 78
Product: xiaozhi-esp32
Published: Jun 28, 2026
Source: NVD

A security vulnerability has been detected in glpi-project glpi 11.0.5/11.0.6/11.0.7. This affects the function Document::canViewFile of the file front/document.send.php of the component Document Handler. Such manipulation of the argument docid leads to authorization bypass. The attack can be execut...

Vendor: glpi-project
Product: glpi
Published: Jun 28, 2026
Source: NVD

A weakness has been identified in 78 xiaozhi-esp32 up to 2.2.6. Affected by this issue is the function ParseMessage of the file main/mcp_server.cc of the component MCP Response Handler. This manipulation causes improper synchronization. Remote exploitation of the attack is possible. The attack'...

Vendor: 78
Product: xiaozhi-esp32
Published: Jun 28, 2026
Source: NVD
CVE-2026-13488 HIGH - 7.3

A security flaw has been discovered in SourceCodester Class and Exam Timetabling System 1.0/7.php. Affected by this vulnerability is an unknown functionality of the file /preview7.php. The manipulation of the argument course_year_section results in sql injection. The attack may be launched remotely....

Vendor: SourceCodester
Product: Class and Exam Timetabling System
Published: Jun 28, 2026
Source: NVD
CVE-2026-13487 HIGH - 7.3

A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. Affected is an unknown function of the file /archive.php. The manipulation of the argument sy leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used.

Vendor: SourceCodester
Product: Class and Exam Timetabling System
Published: Jun 28, 2026
Source: NVD
CVE-2026-13486 HIGH - 7.3

A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0/6.php. This impacts an unknown function of the file /preview6.php. Executing a manipulation of the argument course_year_section can lead to sql injection. The attack can be launched remotely. The exploit has been ...

Vendor: SourceCodester
Product: Class and Exam Timetabling System
Published: Jun 28, 2026
Source: NVD
CVE-2026-13485 HIGH - 7.3

A vulnerability was found in SourceCodester Class and Exam Timetabling System 1.0. This affects an unknown function of the file /preview.php. Performing a manipulation of the argument course_year_section results in sql injection. The attack can be initiated remotely. The exploit has been made public...

Vendor: SourceCodester
Product: Class and Exam Timetabling System
Published: Jun 28, 2026
Source: NVD
CVE-2026-13484 MEDIUM - 5.0

A vulnerability has been found in MLflow up to 4666cffc7912ea606d592fc38d6a75e2935f65e7. The impacted element is an unknown function of the component Experiment-scoped Label Schema CRUD API. Such manipulation leads to missing authorization. It is possible to launch the attack remotely. A high comple...

Vendor: lfprojects
Product: MLflow
Published: Jun 28, 2026
Source: NVD

A flaw has been found in arc53 DocsGPT up to 0.18.0. The affected element is the function encrypt_credentials of the file application/security/encryption.py of the component Credential Storage. This manipulation causes insufficient verification of data authenticity. It is possible to initiate the at...

Vendor: arc53
Product: DocsGPT
Published: Jun 28, 2026
Source: NVD

A vulnerability was detected in skypilot-org skypilot up to 0.12.0. Impacted is the function username.encode of the file sky/users/server.py of the component User ID Handler. The manipulation results in use of weak hash. The attack may be performed from remote. This attack is characterized by high c...

Vendor: skypilot-org
Product: skypilot
Published: Jun 28, 2026
Source: NVD
CVE-2026-10646 HIGH - 7.4

Zephyr's BSD-sockets getaddrinfo() implementation (subsys/net/lib/sockets/getaddrinfo.c) passes a pointer to a stack-allocated state object (struct getaddrinfo_state ai_state) as the user_data of an asynchronous DNS resolver query. The socket layer waits on a semaphore with a timeout deliberate...

Vendor: zephyrproject
Product: zephyr
Published: Jun 28, 2026
Source: NVD
CVE-2026-10644 MEDIUM - 4.2

The Microchip SERCOM-G1 UART driver (drivers/serial/uart_mchp_sercom_g1.c), used by the PIC32CM-JH SoC family, contains an out-of-bounds write in its asynchronous (DMA) receive path. When uart_rx_enable() is invoked with a one-byte receive buffer (len == 1) and CONFIG_UART_MCHP_ASYNC is enabled, the...

Vendor: zephyrproject
Product: zephyr
Published: Jun 28, 2026
Source: NVD
CVE-2026-10593 MEDIUM - 6.5

The Zephyr Bluetooth LE Audio Basic Audio Profile (BAP) unicast client mishandles peer-supplied ASE state notifications. In unicast_client_ep_qos_state() (subsys/bluetooth/audio/bap_unicast_client.c), the handler writes attacker-controlled QoS fields (interval, framing, phy, sdu, rtn, latency, pd) t...

Vendor: zephyrproject
Product: zephyr
Published: Jun 28, 2026
Source: NVD
CVE-2026-58058 MEDIUM - 6.5

Nmap through 7.99 does not keep the IPv6 extension-header walk within the captured packet in ipv6_get_data_primitive (libnetutil/netutil.cc), so the pointer advances past the buffer and the remaining-length computation underflows to a large value. A scanned target or on-path attacker returning a cra...

Vendor: Nmap
Product: Nmap
Published: Jun 28, 2026
Source: NVD