Total CVEs

145,521

Critical Severity

4,252

High Severity

15,657

Last 7 Days

2,367
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 5,161 - 5,180 of 41,926 CVEs
CVE-2026-13527 HIGH - 7.3

A vulnerability has been found in SourceCodester Class and Exam Timetabling System 1.0. The affected element is an unknown function of the file /preview4.php. Such manipulation of the argument course_year_section leads to sql injection. The attack may be launched remotely. The exploit has been discl...

Vendor: SourceCodester
Product: Class and Exam Timetabling System
Published: Jun 29, 2026
Source: NVD
CVE-2026-13526 HIGH - 7.3

A flaw has been found in SourceCodester Class and Exam Timetabling System 1.0. Impacted is an unknown function of the file /edit_class.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used.

Vendor: SourceCodester
Product: Class and Exam Timetabling System
Published: Jun 29, 2026
Source: NVD
CVE-2026-13525 MEDIUM - 6.3

A vulnerability was detected in CodeAstro Human Resource Management System 1.0. This issue affects the function emselectByCode of the file application/models/Employee_model.php of the component Update_Earn_Leave Endpoint. The manipulation of the argument emid results in sql injection. The attack can...

Vendor: CodeAstro
Product: Human Resource Management System
Published: Jun 29, 2026
Source: NVD
CVE-2026-13524 MEDIUM - 5.6

A security vulnerability has been detected in CherryHQ cherry-studio up to 1.9.6. This vulnerability affects unknown code of the file src/main/services/mcp/oauth/callback.ts of the component MCP OAuth Local Callback Server. The manipulation of the argument code leads to improper authorization. The a...

Vendor: CherryHQ
Product: cherry-studio
Published: Jun 29, 2026
Source: NVD

A weakness has been identified in GPAC up to 26.02.0. This affects an unknown part of the file src/utils/base_encoding.c of the component ISOBMFF Parser. Executing a manipulation can lead to highly compressed data. The attack needs to be launched locally. The exploit has been made available to the p...

Product: GPAC
Published: Jun 29, 2026
Source: NVD
CVE-2026-13522 MEDIUM - 4.3

A security flaw has been discovered in Investintech SlimPDFReader up to 2.0.14. Affected by this issue is the function SlimPDFReader!Investintech::PCV::TeighaDo+0x25cde0 of the file SlimPDFReader.exe of the component PDF File Handler. Performing a manipulation results in out-of-bounds read. It is po...

Vendor: Investintech
Product: SlimPDFReader
Published: Jun 29, 2026
Source: NVD
CVE-2026-13521 HIGH - 7.3

A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0/5.php. Affected by this vulnerability is an unknown functionality of the file /preview5.php. Such manipulation of the argument course_year_section leads to sql injection. The attack may be performed from remote. T...

Vendor: SourceCodester
Product: Class and Exam Timetabling System
Published: Jun 29, 2026
Source: NVD
CVE-2026-13520 MEDIUM - 6.3

A vulnerability was determined in itsourcecode Hospital Management System 1.0. Affected is an unknown function of the file /appointmentapproval.php of the component Appointment Handler. This manipulation of the argument editid causes sql injection. The attack is possible to be carried out remotely. ...

Vendor: itsourcecode
Product: Hospital Management System
Published: Jun 29, 2026
Source: NVD
CVE-2026-13519 HIGH - 8.8

A vulnerability was found in Tenda JD12L 16.03.53.23. This impacts the function fromNatStaticSetting of the file /goform/NatStaticSetting. The manipulation of the argument page results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been made public and could be ...

Vendor: Tenda
Product: JD12L
Published: Jun 29, 2026
Source: NVD
CVE-2026-13518 HIGH - 8.8

A vulnerability has been found in Tenda JD12L 16.03.53.23. This affects the function fromAddressNat of the file /goform/addressNat. The manipulation of the argument page leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public ...

Vendor: Tenda
Product: JD12L
Published: Jun 29, 2026
Source: NVD
CVE-2026-13517 HIGH - 8.8

A flaw has been found in Tenda JD12L 16.03.53.23. The impacted element is the function formWifiBasicSet of the file /goform/WifiBasicSet. Executing a manipulation of the argument security_5g can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been published ...

Vendor: Tenda
Product: JD12L
Published: Jun 29, 2026
Source: NVD
CVE-2026-13516 HIGH - 8.8

A vulnerability was detected in Tenda JD12L 16.03.53.23. The affected element is the function fromSetWifiGusetBasic of the file /goform/WifiGuestSet. Performing a manipulation of the argument shareSpeed results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now ...

Vendor: Tenda
Product: JD12L
Published: Jun 29, 2026
Source: NVD
CVE-2026-13515 HIGH - 8.8

A security vulnerability has been detected in Tenda JD12L 16.03.53.23. Impacted is the function formSetPPTPServer of the file /goform/SetPptpServerCfg. Such manipulation of the argument startIp leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed ...

Vendor: Tenda
Product: JD12L
Published: Jun 29, 2026
Source: NVD

A weakness has been identified in Chess Play and Learn App up to 4.9.42 on Android. This issue affects some unknown processing of the file AndroidManifest.xml of the component com.chess. This manipulation causes exposure of backup file to an unauthorized control sphere. It is feasible to perform the...

Vendor: Chess
Product: Play and Learn App
Published: Jun 29, 2026
Source: NVD
CVE-2026-13513 MEDIUM - 5.0

A security flaw has been discovered in MyScale MyScaleDB up to 1.8.0. This vulnerability affects the function SegmentId::getCacheKey in the library src/VectorIndex/Common/SegmentId.h. The manipulation results in insufficient verification of data authenticity. It is possible to launch the attack remo...

Vendor: MyScale
Product: MyScaleDB
Published: Jun 29, 2026
Source: NVD
CVE-2026-13512 MEDIUM - 6.3

A vulnerability was identified in Databend up to 1.2.881 on HTTP. This affects the function ClientSessionManager::state_key of the file src/query/service/src/servers/http/v1/session/client_session_manager.rs of the component Tenant Handler. The manipulation leads to authorization bypass. It is possi...

Product: Databend
Published: Jun 28, 2026
Source: NVD

A vulnerability was determined in VoltAgent up to 2.1.17. Affected by this issue is the function handleGetMemoryConversation of the file packages/server-core/src/handlers/memory.handlers.ts of the component Memory REST API. Executing a manipulation of the argument conversationId can lead to improper...

Product: VoltAgent
Published: Jun 28, 2026
Source: NVD

A vulnerability was found in SimStudioAI sim up to 0.6.92. Affected by this vulnerability is an unknown functionality in the library apps/sim/lib/core/security/deployment.ts of the component Password Protection Handler. Performing a manipulation results in use of weak hash. The attack is possible to...

Vendor: SimStudioAI
Product: sim
Published: Jun 28, 2026
Source: NVD
CVE-2026-13509 MEDIUM - 6.3

A vulnerability has been found in RAGapp up to 0.1.5. Affected is the function FileHandler.upload_file/FileHandler.remove_file of the file src/ragapp/backend/controllers/files.py of the component Knowledge File Handler. Such manipulation leads to path traversal. The attack can be executed remotely. ...

Product: RAGapp
Published: Jun 28, 2026
Source: NVD
CVE-2026-13508 MEDIUM - 5.5

A flaw has been found in khoj-ai khoj up to 2.0.0-beta.28. This impacts an unknown function of the file src/khoj/routers/api_chat.py of the component Conversation Sharing Handler. This manipulation of the argument conversation.agent causes incorrect authorization. Remote exploitation of the attack i...

Vendor: khoj-ai
Product: khoj
Published: Jun 28, 2026
Source: NVD