Total CVEs

145,845

Critical Severity

4,280

High Severity

15,756

Last 7 Days

2,177
Quick preset (or use dates below)
Clear Filters
Showing 5,461 - 5,480 of 145,845 CVEs
CVE-2026-13545 HIGH - 8.8

A vulnerability has been found in D-Link DCS-935L 1.10.01. This affects the function sub_400E40 of the file setconf.cgi of the component POST Parameter Handler. Such manipulation of the argument UID leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to...

Vendor: D-Link
Product: DCS-935L
Published: Jun 29, 2026
Source: NVD
CVE-2026-9676 MEDIUM - 4.3

The F4 Post Tree WordPress plugin before 2.0.5 does not perform capability checks or CSRF/nonce verification on one of its AJAX actions, allowing authenticated users with Subscriber-level access and above to modify the parent and menu order of arbitrary posts.

Published: Jun 29, 2026
Source: NVD
CVE-2026-13544 MEDIUM - 6.3

A flaw has been found in Feehi CMS up to 2.1.1. Affected by this issue is some unknown functionality of the file /api/users of the component API. This manipulation causes improper access controls. The attack can be initiated remotely. The exploit has been published and may be used. The project was i...

Vendor: Feehi
Product: CMS
Published: Jun 29, 2026
Source: NVD
CVE-2026-13543 MEDIUM - 5.6

A vulnerability was detected in Documenso up to 2.11.0. Affected by this vulnerability is an unknown functionality of the file packages/auth/server/lib/utils/handle-oauth-callback-url.ts of the component Google OAuth Login. The manipulation results in improper authentication. It is possible to launc...

Product: Documenso
Published: Jun 29, 2026
Source: NVD
CVE-2026-13542 MEDIUM - 6.3

A security vulnerability has been detected in itsourcecode Hospital Management System 1.0. Affected is an unknown function of the file /doctorprofile.php. The manipulation of the argument doctorname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclose...

Vendor: itsourcecode
Product: Hospital Management System
Published: Jun 29, 2026
Source: NVD
CVE-2026-13541 MEDIUM - 6.3

A weakness has been identified in itsourcecode Hospital Management System 1.0. This impacts an unknown function of the file /doctorchangepassword.php. Executing a manipulation of the argument newpassword can lead to sql injection. The attack may be performed from remote. The exploit has been made av...

Vendor: itsourcecode
Product: Hospital Management System
Published: Jun 29, 2026
Source: NVD
CVE-2026-13540 MEDIUM - 6.3

A security flaw has been discovered in GitBucket up to 4.46.1. This affects the function Git.cloneRepository.setURI of the file src/main/scala/gitbucket/core/service/RepositoryCreationService.scala. Performing a manipulation of the argument url results in server-side request forgery. The attack is p...

Product: GitBucket
Published: Jun 29, 2026
Source: NVD
CVE-2026-13539 HIGH - 8.8

A vulnerability was identified in Wavlink WL-NU516U1-A M16U1_V240425. The impacted element is the function sub_407504 of the file /cgi-bin/wireless.cgi of the component POST Parameter Handler. Such manipulation of the argument Guest_ssid leads to stack-based buffer overflow. The attack can be execut...

Vendor: Wavlink
Product: WL-NU516U1-A
Published: Jun 29, 2026
Source: NVD
CVE-2026-10083 HIGH - 7.5

The APCu Manager WordPress plugin before 4.5.0 does not escape APCu object-cache keys before rendering them in an admin-area page, leading to a Stored Cross-Site Scripting vulnerability. When a persistent object cache is enabled, cache keys derived from unsanitised user input (e.g. a transient name ...

Vendor: Unknown
Product: APCu Manager
Published: Jun 29, 2026
Source: NVD
CVE-2025-7386 MEDIUM - 6.8

Information exposure vulnerability in Hitachi Storage Navigator. This issue affects Hitachi Virtual Storage Platform 5100, 5200, 5500, 5600, 5100H, 5200H, 5500H, 5600H, VX8: before DKCMAIN Ver. 90-09-24-00/00, SVP Ver. 90-09-24/00, before DKCMAIN Ver. 90-08-86-00/00, SVP Ver. 90-08-86/00; Hitachi V...

Published: Jun 29, 2026
Source: NVD
CVE-2025-2902 HIGH - 8.3

Improper Authorization Vulnerability of Maintenance Utility in Hitachi Virtual Storage Platform. This issue affects Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H: before DKCMAIN Ver. 93-07-26-xx/00, GUM Ver. 93-07-26/00; Hitachi Virtual Storage Platform...

Published: Jun 29, 2026
Source: NVD
CVE-2025-0824 LOW - 3.7

Lack of validation for firmware update in Hitachi Hitachi Virtual Storage Platform One Block 23, 24, 26, 28. This issue affects Hitachi Virtual Storage Platform One Block 23, 24, 26, 28: before DKCMAIN A3-04-21-40/00, ESM A3-04-21/00.

Published: Jun 29, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: agp/amd64: Fix broken error propagation in agp_amd64_probe() A NULL pointer dereference was observed in the AMD64 AGP driver when running in a virtualized environment (e.g. qemu/kvm) without a physical AMD northbridge. The crash o...

Vendor: Linux
Product: Linux
Published: Jun 29, 2026
Source: NVD
CVE-2026-13538 MEDIUM - 6.3

A vulnerability was determined in Wavlink WL-NU516U1-A M16U1_V240425. The affected element is the function sub_401D68 of the file /cgi-bin/wireless.cgi of the component POST Parameter Handler. This manipulation of the argument SSID2G2/SSID5G2/AuthMethod2/WPAPSK12 causes command injection. Remote exp...

Vendor: Wavlink
Product: WL-NU516U1-A
Published: Jun 29, 2026
Source: NVD
CVE-2026-13537 MEDIUM - 4.3

A vulnerability was found in CodeAstro Human Resource Management System 1.0. Impacted is an unknown function. The manipulation results in cross-site request forgery. The attack may be launched remotely. The exploit has been made public and could be used.

Vendor: CodeAstro
Product: Human Resource Management System
Published: Jun 29, 2026
Source: NVD
CVE-2026-13536 MEDIUM - 4.3

A vulnerability has been found in GotoHTTP up to 10.2. This issue affects some unknown processing of the file /reg.12x. The manipulation of the argument sn leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor ex...

Product: GotoHTTP
Published: Jun 29, 2026
Source: NVD
CVE-2026-13535 MEDIUM - 6.3

A flaw has been found in CodeAstro Human Resource Management System 1.0. This vulnerability affects the function GetFileInfo of the file hrsystem/application/models/Employee_model.php of the component View Endpoint. Executing a manipulation of the argument ID can lead to sql injection. The attack ca...

Vendor: CodeAstro
Product: Human Resource Management System
Published: Jun 29, 2026
Source: NVD
CVE-2026-13534 MEDIUM - 5.0

A vulnerability was detected in CherryHQ cherry-studio up to 1.9.7. This affects the function sha256 of the file src/main/services/memory/MemoryService.ts of the component CherryIN Preload API. Performing a manipulation of the argument state results in authorization bypass. The attack can be initiat...

Vendor: CherryHQ
Product: cherry-studio
Published: Jun 29, 2026
Source: NVD
CVE-2026-13533 MEDIUM - 5.3

A security vulnerability has been detected in agentejo Cockpit CMS up to 0.12.2. Affected by this issue is the function Spyc::YAMLLoad of the file /config/config.yaml of the component htaccess Handler. Such manipulation leads to files or directories accessible. It is possible to launch the attack re...

Vendor: agentejo
Product: Cockpit CMS
Published: Jun 29, 2026
Source: NVD
CVE-2026-13532 MEDIUM - 6.3

A weakness has been identified in itsourcecode Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /departmentDoctor.php. This manipulation of the argument deptid causes sql injection. It is possible to initiate the attack remotely. The exploit has ...

Vendor: itsourcecode
Product: Hospital Management System
Published: Jun 29, 2026
Source: NVD