Total CVEs

145,845

Critical Severity

4,280

High Severity

15,756

Last 7 Days

2,189
Quick preset (or use dates below)
Clear Filters
Showing 5,421 - 5,440 of 145,845 CVEs

A vulnerability was detected in SourceCodester Inventory Management System 1.0. Impacted is an unknown function of the file /api/users_handler.php of the component User Registration Endpoint. Performing a manipulation of the argument full_name results in cross site scripting. The attack is possible ...

Vendor: SourceCodester
Product: Inventory Management System
Published: Jun 29, 2026
Source: NVD
CVE-2026-13569 MEDIUM - 4.7

A security vulnerability has been detected in weng-xianhu EyouCMS up to 1.7.1. This issue affects some unknown processing of the file /index.php of the component API. Such manipulation of the argument click_like leads to sql injection. The attack can be executed remotely. The exploit has been disclo...

Vendor: weng-xianhu
Product: EyouCMS
Published: Jun 29, 2026
Source: NVD
CVE-2026-13568 HIGH - 7.3

A weakness has been identified in SourceCodester Inventory Management System 1.0. This vulnerability affects unknown code of the file /api/users_handler.php of the component User Registration Endpoint. This manipulation of the argument role causes improper access controls. Remote exploitation of the...

Vendor: SourceCodester
Product: Inventory Management System
Published: Jun 29, 2026
Source: NVD
CVE-2026-13567 MEDIUM - 4.3

A security flaw has been discovered in code-projects Online Music Site 1.0. This affects an unknown part of the file /Frontend/Feedback.php of the component POST Request Handler. The manipulation of the argument fname/femail/faddress/fmessage results in cross site scripting. The attack may be launch...

Vendor: code-projects
Product: Online Music Site
Published: Jun 29, 2026
Source: NVD
CVE-2026-13566 HIGH - 7.3

A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. Affected by this issue is some unknown functionality of the file /preview3.php. The manipulation of the argument course_year_section leads to sql injection. The attack may be initiated remotely. The exploit is pu...

Vendor: SourceCodester
Product: Class and Exam Timetabling System
Published: Jun 29, 2026
Source: NVD
CVE-2026-13565 HIGH - 7.3

A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0/1.php. Affected by this vulnerability is an unknown functionality of the file /edit_class1.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The explo...

Vendor: SourceCodester
Product: Class and Exam Timetabling System
Published: Jun 29, 2026
Source: NVD

SzafirHost verifies the downloaded native library archive with one JarFile parser (reading the Central Directory) but extracts native libraries with JarInputStream parser (reading sequentially from local file headers).ย An attacker who controls the served archive can insert a malicious DLL/SO/DYLIB a...

Vendor: Krajowa Izba Rozliczeniowa
Product: SzafirHost
Published: Jun 29, 2026
Source: NVD
CVE-2026-12856 HIGH - 8.8

A flaw was found in the vscode-java extension, which provides Java language support for Visual Studio Code. The extension incorrectly trusts all Markdown content in JavaDoc hovers, allowing a malicious Java file to include hidden commands. If a user clicks a specially crafted link within a JavaDoc h...

Vendor: Red Hat
Product: Red Hat OpenShift Dev Spaces
Published: Jun 29, 2026
Source: NVD

The /v1/upload/sbom endpoint extracts the iss claim from the attacker-supplied JWT with signature verification disabled, then interpolates that string into three log statements before any validation gate. Because the configured log format ("%(asctime)s - %(name)s - %(levelname)s - %(message)s&q...

Vendor: Eclipse Foundation
Product: Eclipse CSI - PIA
Published: Jun 29, 2026
Source: NVD
CVE-2026-11979 HIGH - 7.8

libxml2 is vulnerable to multiple stack-based buffer overflows in the xmlcatalog utility when running in --shell mode. The usershell() function processes user input using fixed-size stack buffers without proper bounds checking. By supplying an overly long input line, an attacker can overflow interna...

Vendor: xmlsoft
Product: libxml2
Published: Jun 29, 2026
Source: NVD
CVE-2026-41992 HIGH - 7.5

GNU gzip contains a global buffer overflow vulnerability in the LZH decompression logic caused by improper reuse of shared global state between different decompression formats within a single execution. GNU gzip maintains a global array that is shared across the LZ77, LZW, and LZH decompression rout...

Vendor: GNU
Product: gzip
Published: Jun 29, 2026
Source: NVD
CVE-2026-41991 MEDIUM - 4.7

GNU gzip contains a vulnerability in the gzexe utility related to insecure temporary file handling. When the mktemp utility is not available in the userโ€™s PATH, gzexe falls back to constructing a temporary file path based solely on the process ID (PID). This predictable filename is created without e...

Vendor: GNU
Product: gzip
Published: Jun 29, 2026
Source: NVD
CVE-2026-13564 HIGH - 8.8

A vulnerability was found in Edimax EW-7478APC 1.04. Affected is the function formPPPoESetup of the file /goform/formPPPoESetup of the component POST Request Handler. Performing a manipulation of the argument pppUserName results in stack-based buffer overflow. The attack can be initiated remotely. T...

Vendor: Edimax
Product: EW-7478APC
Published: Jun 29, 2026
Source: NVD
CVE-2026-13563 HIGH - 8.8

A vulnerability has been found in Edimax EW-7478APC 1.04. This impacts the function formL2TPSetup of the file /goform/formL2TPSetup of the component POST Request Handler. Such manipulation of the argument L2TPUserName leads to stack-based buffer overflow. It is possible to launch the attack remotely...

Vendor: Edimax
Product: EW-7478APC
Published: Jun 29, 2026
Source: NVD
CVE-2026-13562 HIGH - 8.8

A flaw has been found in Edimax EW-7478APC 1.04. This affects the function formiNICSiteSurvey of the file /goform/formiNICSiteSurvey of the component POST Request Handler. This manipulation of the argument selSSID causes buffer overflow. It is possible to initiate the attack remotely. The exploit ha...

Vendor: Edimax
Product: EW-7478APC
Published: Jun 29, 2026
Source: NVD
CVE-2026-13561 MEDIUM - 6.3

A vulnerability was detected in Edimax EW-7478APC 1.04. The impacted element is the function formiNICbasic of the file /goform/formiNICbasic of the component POST Request Handler. The manipulation of the argument rootAPmac results in os command injection. The attack may be performed from remote. The...

Vendor: Edimax
Product: EW-7478APC
Published: Jun 29, 2026
Source: NVD
CVE-2026-13560 MEDIUM - 6.3

A security vulnerability has been detected in Edimax EW-7478APC 1.04. The affected element is the function formAccept of the file /goform/formAccept of the component POST Request Handler. The manipulation of the argument submit-url leads to os command injection. The attack is possible to be carried ...

Vendor: Edimax
Product: EW-7478APC
Published: Jun 29, 2026
Source: NVD
CVE-2026-13559 HIGH - 7.3

A weakness has been identified in code-projects Real State Services 1.0. Impacted is an unknown function of the file /single-list_sale.php?action=add. Executing a manipulation of the argument ID can lead to sql injection. The attack can be executed remotely. The exploit has been made available to th...

Vendor: code-projects
Product: Real State Services
Published: Jun 29, 2026
Source: NVD

A security flaw has been discovered in CodeAstro Complaint Management System 1.0. This issue affects some unknown processing of the file /report/addreport of the component Report Handler. Performing a manipulation of the argument Report Title results in cross site scripting. Remote exploitation of t...

Vendor: CodeAstro
Product: Complaint Management System
Published: Jun 29, 2026
Source: NVD
CVE-2026-57346 HIGH - 7.1

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Epiphyt Embed Privacy allows Path Traversal. This issue affects Embed Privacy: from n/a through 1.12.3.

Vendor: Epiphyt
Product: Embed Privacy
Published: Jun 29, 2026
Source: NVD