Total CVEs

145,845

Critical Severity

4,280

High Severity

15,756

Last 7 Days

2,276
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 5,501 - 5,520 of 42,250 CVEs

A vulnerability was determined in VoltAgent up to 2.1.17. Affected by this issue is the function handleGetMemoryConversation of the file packages/server-core/src/handlers/memory.handlers.ts of the component Memory REST API. Executing a manipulation of the argument conversationId can lead to improper...

Product: VoltAgent
Published: Jun 28, 2026
Source: NVD

A vulnerability was found in SimStudioAI sim up to 0.6.92. Affected by this vulnerability is an unknown functionality in the library apps/sim/lib/core/security/deployment.ts of the component Password Protection Handler. Performing a manipulation results in use of weak hash. The attack is possible to...

Vendor: SimStudioAI
Product: sim
Published: Jun 28, 2026
Source: NVD
CVE-2026-13509 MEDIUM - 6.3

A vulnerability has been found in RAGapp up to 0.1.5. Affected is the function FileHandler.upload_file/FileHandler.remove_file of the file src/ragapp/backend/controllers/files.py of the component Knowledge File Handler. Such manipulation leads to path traversal. The attack can be executed remotely. ...

Product: RAGapp
Published: Jun 28, 2026
Source: NVD
CVE-2026-13508 MEDIUM - 5.5

A flaw has been found in khoj-ai khoj up to 2.0.0-beta.28. This impacts an unknown function of the file src/khoj/routers/api_chat.py of the component Conversation Sharing Handler. This manipulation of the argument conversation.agent causes incorrect authorization. Remote exploitation of the attack i...

Vendor: khoj-ai
Product: khoj
Published: Jun 28, 2026
Source: NVD
CVE-2026-13507 MEDIUM - 5.0

A vulnerability was detected in volcengine OpenViking up to 0.3.21. This affects the function str_to_uint64 of the file openviking/storage/vectordb/utils/str_to_uint64.py of the component Local VectorDB Primary-key Label Handler. The manipulation of the argument ID results in insufficient verificati...

Vendor: volcengine
Product: OpenViking
Published: Jun 28, 2026
Source: NVD
CVE-2026-49048 CRITICAL - 9.8

The Joomla extension JoomCCK exposes a front-end controller task, that builds two SQL statements by directly concatenating a user-supplied request parameter into the query string without escaping or parameterisation.

Vendor: joomcoder.com
Product: JoomCCK extension for Joomla
Published: Jun 28, 2026
Source: NVD

A vulnerability has been found in code-projects Project Management System 1.0. This vulnerability affects unknown code of the file /mail.php of the component Mail Compose Page. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed to...

Vendor: code-projects
Product: Project Management System
Published: Jun 28, 2026
Source: NVD
CVE-2026-13503 MEDIUM - 5.3

A vulnerability was detected in antlr ANTLR4 up to 4.13.2. Affected by this issue is the function getImportedVocabFile of the file tool/src/org/antlr/v4/parse/TokenVocabParser.java of the component tokenVocab Grammar Option Handler. The manipulation results in path traversal. The attack can be execu...

Vendor: antlr
Product: ANTLR4
Published: Jun 28, 2026
Source: NVD
CVE-2026-13502 MEDIUM - 4.5

A flaw has been found in antlr ANTLR4 up to 4.13.2. This affects the function ObjectInputStream.readObject of the file antlr4-maven-plugin/src/main/java/org/antlr/mojo/antlr4/GrammarDependencies.java of the component Maven Plugin. This manipulation causes time-of-check time-of-use. The attack is res...

Vendor: antlr
Product: ANTLR4
Published: Jun 28, 2026
Source: NVD
CVE-2026-13501 MEDIUM - 5.3

A security vulnerability has been detected in antlr ANTLR4 up to 4.13.2. Affected by this vulnerability is the function GoTarget of the file tool/src/org/antlr/v4/codegen/target/GoTarget.java of the component gofmt. The manipulation leads to command injection. The attack can only be performed from a...

Vendor: antlr
Product: ANTLR4
Published: Jun 28, 2026
Source: NVD
CVE-2026-13500 HIGH - 7.3

A weakness has been identified in antlr ANTLR4 up to 4.13.2. Affected is an unknown function of the file tool/src/org/antlr/v4/codegen/model/OutputFile.java of the component Grammar Action Block Handler. Executing a manipulation can lead to code injection. The attack may be launched remotely. The ex...

Vendor: antlr
Product: ANTLR4
Published: Jun 28, 2026
Source: NVD
CVE-2026-13499 MEDIUM - 4.3

A security flaw has been discovered in yashpokharna2555 restaurent-management-system. This impacts an unknown function of the file login_register.php of the component Registration Handler. Performing a manipulation of the argument Username results in cross site scripting. The attack may be initiated...

Vendor: yashpokharna2555
Product: restaurent-management-system
Published: Jun 28, 2026
Source: NVD
CVE-2026-13498 HIGH - 7.3

A vulnerability was identified in yashpokharna2555 restaurent-management-system. This affects an unknown function of the file /forgotpassword.php of the component POST Parameter Handler. Such manipulation of the argument email leads to sql injection. The attack can be launched remotely. The exploit ...

Vendor: yashpokharna2555
Product: restaurent-management-system
Published: Jun 28, 2026
Source: NVD
CVE-2026-13497 MEDIUM - 6.3

A vulnerability was determined in itsourcecode Hospital Management System 1.0. The impacted element is an unknown function of the file /appointment.php. This manipulation of the argument editid causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and ma...

Vendor: itsourcecode
Product: Hospital Management System
Published: Jun 28, 2026
Source: NVD
CVE-2026-13496 MEDIUM - 6.3

A vulnerability was found in itsourcecode Hospital Management System 1.0. The affected element is an unknown function of the file /ajaxmedicine.php. The manipulation of the argument medicineid results in sql injection. It is possible to launch the attack remotely. The exploit has been made public an...

Vendor: itsourcecode
Product: Hospital Management System
Published: Jun 28, 2026
Source: NVD
CVE-2026-13495 MEDIUM - 4.7

A vulnerability has been found in itsourcecode Hospital Management System 1.0. Impacted is an unknown function of the file /adminprofile.php. The manipulation of the argument loginid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public ...

Vendor: itsourcecode
Product: Hospital Management System
Published: Jun 28, 2026
Source: NVD

A flaw has been found in AIDC-AI ComfyUI-Copilot up to 2.0.28. This issue affects some unknown processing of the file backend/controller/conversation_api.py of the component Workflow Checkpoint Restore Handler. Executing a manipulation can lead to improper control of resource identifiers. The attack...

Vendor: AIDC-AI
Product: ComfyUI-Copilot
Published: Jun 28, 2026
Source: NVD

A vulnerability was detected in 78 xiaozhi-esp32 up to 2.2.6. This vulnerability affects the function Application::GetInstance of the file main/protocols/mqtt_protocol.cc of the component MQTT Goodbye Handler. Performing a manipulation of the argument session_id results in denial of service. The att...

Vendor: 78
Product: xiaozhi-esp32
Published: Jun 28, 2026
Source: NVD

A security vulnerability has been detected in glpi-project glpi 11.0.5/11.0.6/11.0.7. This affects the function Document::canViewFile of the file front/document.send.php of the component Document Handler. Such manipulation of the argument docid leads to authorization bypass. The attack can be execut...

Vendor: glpi-project
Product: glpi
Published: Jun 28, 2026
Source: NVD

A weakness has been identified in 78 xiaozhi-esp32 up to 2.2.6. Affected by this issue is the function ParseMessage of the file main/mcp_server.cc of the component MCP Response Handler. This manipulation causes improper synchronization. Remote exploitation of the attack is possible. The attack'...

Vendor: 78
Product: xiaozhi-esp32
Published: Jun 28, 2026
Source: NVD