Total CVEs

145,459

Critical Severity

4,246

High Severity

15,641

Last 7 Days

2,353
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 5,021 - 5,040 of 41,864 CVEs
CVE-2026-13578 MEDIUM - 6.3

A security flaw has been discovered in itsourcecode Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /patientdetail.php. Performing a manipulation of the argument editid results in sql injection. The attack may be initiated remotely. The exploit ...

Vendor: itsourcecode
Product: Hospital Management System
Published: Jun 29, 2026
Source: NVD

A vulnerability was determined in llvm llvm-project up to 22.1.6. This impacts the function GCRelocateInst::getBasePtr in the library llvm/lib/IR/IntrinsicInst.cpp of the component Bitcode File Handler. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the l...

Vendor: llvm
Product: llvm-project
Published: Jun 29, 2026
Source: NVD

A vulnerability was found in llvm llvm-project up to 22.1.6. This affects the function llvm::StringMap::insert in the library /lib/IR/ValueSymbolTable.cpp of the component ValueSymbolTable Module. The manipulation results in stack-based buffer overflow. Attacking locally is a requirement. The exploi...

Vendor: llvm
Product: llvm-project
Published: Jun 29, 2026
Source: NVD
CVE-2026-13572 MEDIUM - 6.3

A vulnerability has been found in itsourcecode Hospital Management System 1.0. The impacted element is an unknown function of the file /insertbillingrecord.php. The manipulation of the argument patientid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been dis...

Vendor: itsourcecode
Product: Hospital Management System
Published: Jun 29, 2026
Source: NVD
CVE-2026-13571 MEDIUM - 5.3

A flaw has been found in SourceCodester Simple Food Ordering System 1.0. The affected element is an unknown function of the file /cart.php. Executing a manipulation of the argument item_price can lead to business logic errors. The attack may be performed from remote. The exploit has been published a...

Vendor: SourceCodester
Product: Simple Food Ordering System
Published: Jun 29, 2026
Source: NVD
CVE-2026-56457 MEDIUM - 4.3

HCL DevOps Deploy / HCL Launch is susceptible to an exposure of sensitive information vulnerability in output logs. This exposure could allow an attacker with access to the logs to potentially obtain sensitive values related to that step.

Vendor: HCLSoftware
Product: HCL DevOps Deploy / HCL Launch
Published: Jun 29, 2026
Source: NVD
CVE-2026-54371 HIGH - 7.1

attr before version 2.6.0 contains a symlink traversal vulnerability in the getfattr and setfattr utilities that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link during directory hierarchy traversal. Attackers who control a pathname component can r...

Vendor: attr project
Product: attr
Published: Jun 29, 2026
Source: NVD
CVE-2026-54370 MEDIUM - 6.3

acl before version 2.4.0 contains a time-of-check to time-of-use (TOCTOU) race condition vulnerability that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link between an lstat() check and subsequent symlink-following operations such as stat(), chown(...

Vendor: acl project
Product: acl
Published: Jun 29, 2026
Source: NVD
CVE-2026-54369 HIGH - 7.1

acl before version 2.4.0 contains a symlink traversal vulnerability in the libacl pathname-based functions acl_get_file(), acl_set_file(), acl_extended_file(), and acl_delete_def_file() that allows local attackers to escalate privileges by replacing any pathname component with a symbolic link. Attac...

Vendor: acl project
Product: acl
Published: Jun 29, 2026
Source: NVD
CVE-2026-40524 HIGH - 8.1

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the get_gl_transactions() function where the filter_type parameter is concatenated directly into a SQL IN() clause without parameterization. Attackers with SA_GLANALYTIC permission can inject arbitrary SQL by supplying a closing...

Vendor: FrontAccounting
Product: FrontAccounting
Published: Jun 29, 2026
Source: NVD
CVE-2026-40523 HIGH - 8.1

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the Audit Trail report handler that allows authenticated attackers with SA_GLANALYTIC permission to execute arbitrary SQL queries by injecting malicious code into the PARAM_2 and PARAM_3 POST parameters. Attackers can exploit ti...

Vendor: FrontAccounting
Product: FrontAccounting
Published: Jun 29, 2026
Source: NVD
CVE-2026-40522 HIGH - 7.1

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the Bank Statement report handler that allows authenticated attackers to extract arbitrary database data by injecting UNION SELECT payloads into the PARAM_0 POST parameter. Attackers can supply malicious SQL syntax through the u...

Vendor: FrontAccounting
Product: FrontAccounting
Published: Jun 29, 2026
Source: NVD
CVE-2026-40521 HIGH - 8.8

FrontAccounting before 2.4.20 contains a path traversal vulnerability in the attachment upload handler that allows authenticated attackers to execute arbitrary code by uploading files with traversal sequences in the unique_name parameter. Attackers can supply path traversal sequences ../../../shell....

Vendor: FrontAccounting
Product: FrontAccounting
Published: Jun 29, 2026
Source: NVD
CVE-2026-13676 HIGH - 7.5

fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode (IDN) hostnames for HTTP-family URLs. The IDN conversion path calls a helper that does not exist on the global URL constructor, silently leaving the host in its original Unicode form while normalize() and equal() still retu...

Vendor: fast-uri
Product: fast-uri
Published: Jun 29, 2026
Source: NVD

A vulnerability was detected in SourceCodester Inventory Management System 1.0. Impacted is an unknown function of the file /api/users_handler.php of the component User Registration Endpoint. Performing a manipulation of the argument full_name results in cross site scripting. The attack is possible ...

Vendor: SourceCodester
Product: Inventory Management System
Published: Jun 29, 2026
Source: NVD
CVE-2026-13569 MEDIUM - 4.7

A security vulnerability has been detected in weng-xianhu EyouCMS up to 1.7.1. This issue affects some unknown processing of the file /index.php of the component API. Such manipulation of the argument click_like leads to sql injection. The attack can be executed remotely. The exploit has been disclo...

Vendor: weng-xianhu
Product: EyouCMS
Published: Jun 29, 2026
Source: NVD
CVE-2026-13568 HIGH - 7.3

A weakness has been identified in SourceCodester Inventory Management System 1.0. This vulnerability affects unknown code of the file /api/users_handler.php of the component User Registration Endpoint. This manipulation of the argument role causes improper access controls. Remote exploitation of the...

Vendor: SourceCodester
Product: Inventory Management System
Published: Jun 29, 2026
Source: NVD
CVE-2026-13567 MEDIUM - 4.3

A security flaw has been discovered in code-projects Online Music Site 1.0. This affects an unknown part of the file /Frontend/Feedback.php of the component POST Request Handler. The manipulation of the argument fname/femail/faddress/fmessage results in cross site scripting. The attack may be launch...

Vendor: code-projects
Product: Online Music Site
Published: Jun 29, 2026
Source: NVD
CVE-2026-13566 HIGH - 7.3

A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. Affected by this issue is some unknown functionality of the file /preview3.php. The manipulation of the argument course_year_section leads to sql injection. The attack may be initiated remotely. The exploit is pu...

Vendor: SourceCodester
Product: Class and Exam Timetabling System
Published: Jun 29, 2026
Source: NVD
CVE-2026-13565 HIGH - 7.3

A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0/1.php. Affected by this vulnerability is an unknown functionality of the file /edit_class1.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The explo...

Vendor: SourceCodester
Product: Class and Exam Timetabling System
Published: Jun 29, 2026
Source: NVD