Total CVEs

145,459

Critical Severity

4,246

High Severity

15,641

Last 7 Days

2,333
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 5,081 - 5,100 of 41,864 CVEs
CVE-2026-13540 MEDIUM - 6.3

A security flaw has been discovered in GitBucket up to 4.46.1. This affects the function Git.cloneRepository.setURI of the file src/main/scala/gitbucket/core/service/RepositoryCreationService.scala. Performing a manipulation of the argument url results in server-side request forgery. The attack is p...

Product: GitBucket
Published: Jun 29, 2026
Source: NVD
CVE-2026-13539 HIGH - 8.8

A vulnerability was identified in Wavlink WL-NU516U1-A M16U1_V240425. The impacted element is the function sub_407504 of the file /cgi-bin/wireless.cgi of the component POST Parameter Handler. Such manipulation of the argument Guest_ssid leads to stack-based buffer overflow. The attack can be execut...

Vendor: Wavlink
Product: WL-NU516U1-A
Published: Jun 29, 2026
Source: NVD
CVE-2026-10083 HIGH - 7.5

The APCu Manager WordPress plugin before 4.5.0 does not escape APCu object-cache keys before rendering them in an admin-area page, leading to a Stored Cross-Site Scripting vulnerability. When a persistent object cache is enabled, cache keys derived from unsanitised user input (e.g. a transient name ...

Vendor: Unknown
Product: APCu Manager
Published: Jun 29, 2026
Source: NVD
CVE-2025-7386 MEDIUM - 6.8

Information exposure vulnerability in Hitachi Storage Navigator. This issue affects Hitachi Virtual Storage Platform 5100, 5200, 5500, 5600, 5100H, 5200H, 5500H, 5600H, VX8: before DKCMAIN Ver. 90-09-24-00/00, SVP Ver. 90-09-24/00, before DKCMAIN Ver. 90-08-86-00/00, SVP Ver. 90-08-86/00; Hitachi V...

Published: Jun 29, 2026
Source: NVD
CVE-2025-2902 HIGH - 8.3

Improper Authorization Vulnerability of Maintenance Utility in Hitachi Virtual Storage Platform. This issue affects Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H: before DKCMAIN Ver. 93-07-26-xx/00, GUM Ver. 93-07-26/00; Hitachi Virtual Storage Platform...

Published: Jun 29, 2026
Source: NVD
CVE-2025-0824 LOW - 3.7

Lack of validation for firmware updateย in Hitachi Hitachi Virtual Storage Platform One Block 23, 24, 26, 28. This issue affects Hitachi Virtual Storage Platform One Block 23, 24, 26, 28: before DKCMAIN A3-04-21-40/00, ESM A3-04-21/00.

Published: Jun 29, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: agp/amd64: Fix broken error propagation in agp_amd64_probe() A NULL pointer dereference was observed in the AMD64 AGP driver when running in a virtualized environment (e.g. qemu/kvm) without a physical AMD northbridge. The crash o...

Vendor: Linux
Product: Linux
Published: Jun 29, 2026
Source: NVD
CVE-2026-13538 MEDIUM - 6.3

A vulnerability was determined in Wavlink WL-NU516U1-A M16U1_V240425. The affected element is the function sub_401D68 of the file /cgi-bin/wireless.cgi of the component POST Parameter Handler. This manipulation of the argument SSID2G2/SSID5G2/AuthMethod2/WPAPSK12 causes command injection. Remote exp...

Vendor: Wavlink
Product: WL-NU516U1-A
Published: Jun 29, 2026
Source: NVD
CVE-2026-13537 MEDIUM - 4.3

A vulnerability was found in CodeAstro Human Resource Management System 1.0. Impacted is an unknown function. The manipulation results in cross-site request forgery. The attack may be launched remotely. The exploit has been made public and could be used.

Vendor: CodeAstro
Product: Human Resource Management System
Published: Jun 29, 2026
Source: NVD
CVE-2026-13536 MEDIUM - 4.3

A vulnerability has been found in GotoHTTP up to 10.2. This issue affects some unknown processing of the file /reg.12x. The manipulation of the argument sn leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor ex...

Product: GotoHTTP
Published: Jun 29, 2026
Source: NVD
CVE-2026-13535 MEDIUM - 6.3

A flaw has been found in CodeAstro Human Resource Management System 1.0. This vulnerability affects the function GetFileInfo of the file hrsystem/application/models/Employee_model.php of the component View Endpoint. Executing a manipulation of the argument ID can lead to sql injection. The attack ca...

Vendor: CodeAstro
Product: Human Resource Management System
Published: Jun 29, 2026
Source: NVD
CVE-2026-13534 MEDIUM - 5.0

A vulnerability was detected in CherryHQ cherry-studio up to 1.9.7. This affects the function sha256 of the file src/main/services/memory/MemoryService.ts of the component CherryIN Preload API. Performing a manipulation of the argument state results in authorization bypass. The attack can be initiat...

Vendor: CherryHQ
Product: cherry-studio
Published: Jun 29, 2026
Source: NVD
CVE-2026-13533 MEDIUM - 5.3

A security vulnerability has been detected in agentejo Cockpit CMS up to 0.12.2. Affected by this issue is the function Spyc::YAMLLoad of the file /config/config.yaml of the component htaccess Handler. Such manipulation leads to files or directories accessible. It is possible to launch the attack re...

Vendor: agentejo
Product: Cockpit CMS
Published: Jun 29, 2026
Source: NVD
CVE-2026-13532 MEDIUM - 6.3

A weakness has been identified in itsourcecode Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /departmentDoctor.php. This manipulation of the argument deptid causes sql injection. It is possible to initiate the attack remotely. The exploit has ...

Vendor: itsourcecode
Product: Hospital Management System
Published: Jun 29, 2026
Source: NVD
CVE-2026-13531 MEDIUM - 6.3

A security flaw has been discovered in itsourcecode Hospital Management System 1.0. Affected is an unknown function of the file /department.php. The manipulation of the argument editid results in sql injection. The attack may be performed from remote. The exploit has been released to the public and ...

Vendor: itsourcecode
Product: Hospital Management System
Published: Jun 29, 2026
Source: NVD
CVE-2026-13530 MEDIUM - 6.3

A vulnerability was identified in itsourcecode Hospital Management System 1.0. This impacts an unknown function of the file /appointmentdetail.php of the component Appointment Handler. The manipulation of the argument editid leads to sql injection. The attack is possible to be carried out remotely. ...

Vendor: itsourcecode
Product: Hospital Management System
Published: Jun 29, 2026
Source: NVD
CVE-2026-13529 MEDIUM - 5.6

A vulnerability was determined in YzmCMS up to 7.5. This affects an unknown function of the file /application/install/index.php. Executing a manipulation of the argument siteurl can lead to sql injection. The attack can be executed remotely. A high complexity level is associated with this attack. Th...

Product: YzmCMS
Published: Jun 29, 2026
Source: NVD
CVE-2026-13528 HIGH - 7.3

A vulnerability was found in YunaiV/zhijiantianya ruoyi-vue-pro up to 2026.04-jdk8-SNAPSHOT. The impacted element is the function generateUploadPath of the file yudao-module-infra/src/main/java/cn/iocoder/yudao/module/infra/service/file/FileServiceImpl.java of the component AppFileController File Up...

Vendor: YunaiV, zhijiantianya
Product: ruoyi-vue-pro
Published: Jun 29, 2026
Source: NVD
CVE-2026-13527 HIGH - 7.3

A vulnerability has been found in SourceCodester Class and Exam Timetabling System 1.0. The affected element is an unknown function of the file /preview4.php. Such manipulation of the argument course_year_section leads to sql injection. The attack may be launched remotely. The exploit has been discl...

Vendor: SourceCodester
Product: Class and Exam Timetabling System
Published: Jun 29, 2026
Source: NVD
CVE-2026-13526 HIGH - 7.3

A flaw has been found in SourceCodester Class and Exam Timetabling System 1.0. Impacted is an unknown function of the file /edit_class.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used.

Vendor: SourceCodester
Product: Class and Exam Timetabling System
Published: Jun 29, 2026
Source: NVD