Total CVEs

145,743

Critical Severity

4,268

High Severity

15,733

Last 7 Days

2,316
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 5,301 - 5,320 of 42,148 CVEs
CVE-2026-55844 HIGH - 7.5

Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2025.5.0, The iOS companion app ignores the SSID allowlist for internal networks. The app uses SSID to detect when to use the internal URL, but whenever the app cannot find any other URL to be ...

Vendor: home-assistant
Product: core
Published: Jun 29, 2026
Source: NVD
CVE-2026-55607 HIGH - 8.8

Claude Code is an agentic coding tool. From 2.1.38 until 2.1.163, Claude Code's worktree handling allowed creation of worktrees named ".git" and navigation to worktrees outside the sandbox context, enabling git directory confusion attacks. By exploiting symlink manipulation and git f...

Vendor: anthropic
Product: claude_code
Published: Jun 29, 2026
Source: NVD
CVE-2026-49049 HIGH - 7.5

The Helix3 plugin for Joomla exposes an ajax handler task, that allows unauthenticated attackers to delete arbitrary files, write arbitrary JSON files and update template parameters.

Vendor: ollyo
Product: helix3
Published: Jun 29, 2026
Source: NVD
CVE-2026-13579 MEDIUM - 6.3

A weakness has been identified in itsourcecode Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /patientchangepassword.php. Executing a manipulation of the argument newpassword can lead to sql injection. The attack may be launched remotely. The exploit...

Vendor: itsourcecode
Product: Hospital Management System
Published: Jun 29, 2026
Source: NVD
CVE-2026-13578 MEDIUM - 6.3

A security flaw has been discovered in itsourcecode Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /patientdetail.php. Performing a manipulation of the argument editid results in sql injection. The attack may be initiated remotely. The exploit ...

Vendor: itsourcecode
Product: Hospital Management System
Published: Jun 29, 2026
Source: NVD

A vulnerability was determined in llvm llvm-project up to 22.1.6. This impacts the function GCRelocateInst::getBasePtr in the library llvm/lib/IR/IntrinsicInst.cpp of the component Bitcode File Handler. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the l...

Vendor: llvm
Product: llvm-project
Published: Jun 29, 2026
Source: NVD

A vulnerability was found in llvm llvm-project up to 22.1.6. This affects the function llvm::StringMap::insert in the library /lib/IR/ValueSymbolTable.cpp of the component ValueSymbolTable Module. The manipulation results in stack-based buffer overflow. Attacking locally is a requirement. The exploi...

Vendor: llvm
Product: llvm-project
Published: Jun 29, 2026
Source: NVD
CVE-2026-13572 MEDIUM - 6.3

A vulnerability has been found in itsourcecode Hospital Management System 1.0. The impacted element is an unknown function of the file /insertbillingrecord.php. The manipulation of the argument patientid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been dis...

Vendor: itsourcecode
Product: Hospital Management System
Published: Jun 29, 2026
Source: NVD
CVE-2026-13571 MEDIUM - 5.3

A flaw has been found in SourceCodester Simple Food Ordering System 1.0. The affected element is an unknown function of the file /cart.php. Executing a manipulation of the argument item_price can lead to business logic errors. The attack may be performed from remote. The exploit has been published a...

Vendor: SourceCodester
Product: Simple Food Ordering System
Published: Jun 29, 2026
Source: NVD
CVE-2026-56457 MEDIUM - 4.3

HCL DevOps Deploy / HCL Launch is susceptible to an exposure of sensitive information vulnerability in output logs. This exposure could allow an attacker with access to the logs to potentially obtain sensitive values related to that step.

Vendor: HCLSoftware
Product: HCL DevOps Deploy / HCL Launch
Published: Jun 29, 2026
Source: NVD
CVE-2026-54371 HIGH - 7.1

attr before version 2.6.0 contains a symlink traversal vulnerability in the getfattr and setfattr utilities that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link during directory hierarchy traversal. Attackers who control a pathname component can r...

Vendor: attr project
Product: attr
Published: Jun 29, 2026
Source: NVD
CVE-2026-54370 MEDIUM - 6.3

acl before version 2.4.0 contains a time-of-check to time-of-use (TOCTOU) race condition vulnerability that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link between an lstat() check and subsequent symlink-following operations such as stat(), chown(...

Vendor: acl project
Product: acl
Published: Jun 29, 2026
Source: NVD
CVE-2026-54369 HIGH - 7.1

acl before version 2.4.0 contains a symlink traversal vulnerability in the libacl pathname-based functions acl_get_file(), acl_set_file(), acl_extended_file(), and acl_delete_def_file() that allows local attackers to escalate privileges by replacing any pathname component with a symbolic link. Attac...

Vendor: acl project
Product: acl
Published: Jun 29, 2026
Source: NVD
CVE-2026-40524 HIGH - 8.1

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the get_gl_transactions() function where the filter_type parameter is concatenated directly into a SQL IN() clause without parameterization. Attackers with SA_GLANALYTIC permission can inject arbitrary SQL by supplying a closing...

Vendor: FrontAccounting
Product: FrontAccounting
Published: Jun 29, 2026
Source: NVD
CVE-2026-40523 HIGH - 8.1

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the Audit Trail report handler that allows authenticated attackers with SA_GLANALYTIC permission to execute arbitrary SQL queries by injecting malicious code into the PARAM_2 and PARAM_3 POST parameters. Attackers can exploit ti...

Vendor: FrontAccounting
Product: FrontAccounting
Published: Jun 29, 2026
Source: NVD
CVE-2026-40522 HIGH - 7.1

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the Bank Statement report handler that allows authenticated attackers to extract arbitrary database data by injecting UNION SELECT payloads into the PARAM_0 POST parameter. Attackers can supply malicious SQL syntax through the u...

Vendor: FrontAccounting
Product: FrontAccounting
Published: Jun 29, 2026
Source: NVD
CVE-2026-40521 HIGH - 8.8

FrontAccounting before 2.4.20 contains a path traversal vulnerability in the attachment upload handler that allows authenticated attackers to execute arbitrary code by uploading files with traversal sequences in the unique_name parameter. Attackers can supply path traversal sequences ../../../shell....

Vendor: FrontAccounting
Product: FrontAccounting
Published: Jun 29, 2026
Source: NVD
CVE-2026-13676 HIGH - 7.5

fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode (IDN) hostnames for HTTP-family URLs. The IDN conversion path calls a helper that does not exist on the global URL constructor, silently leaving the host in its original Unicode form while normalize() and equal() still retu...

Vendor: fast-uri
Product: fast-uri
Published: Jun 29, 2026
Source: NVD

A vulnerability was detected in SourceCodester Inventory Management System 1.0. Impacted is an unknown function of the file /api/users_handler.php of the component User Registration Endpoint. Performing a manipulation of the argument full_name results in cross site scripting. The attack is possible ...

Vendor: SourceCodester
Product: Inventory Management System
Published: Jun 29, 2026
Source: NVD
CVE-2026-13569 MEDIUM - 4.7

A security vulnerability has been detected in weng-xianhu EyouCMS up to 1.7.1. This issue affects some unknown processing of the file /index.php of the component API. Such manipulation of the argument click_like leads to sql injection. The attack can be executed remotely. The exploit has been disclo...

Vendor: weng-xianhu
Product: EyouCMS
Published: Jun 29, 2026
Source: NVD