Total CVEs

143,701

Critical Severity

4,088

High Severity

14,745

Last 7 Days

1,536
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 1,401 - 1,420 of 40,106 CVEs
CVE-2024-6228 HIGH - 7.5

The Notifications for Forms & WordPress Actions WordPress plugin before 2.6 does not validate a user-supplied value before using it to build a server-side file inclusion path, allowing authenticated users with subscriber-level access and above to include and execute arbitrary local PHP files on ...

Published: Jul 06, 2026
Source: NVD
CVE-2026-14799 MEDIUM - 6.3

A security flaw has been discovered in CodeAstro Ecommerce Website 1.0. Impacted is an unknown function of the file /customer/my_account.php?my_wishlist. The manipulation of the argument delete_wishlist results in sql injection. The attack can be launched remotely. The exploit has been released to t...

Vendor: CodeAstro
Product: Ecommerce Website
Published: Jul 06, 2026
Source: NVD
CVE-2026-14798 MEDIUM - 6.3

A vulnerability was identified in CodeAstro Apartment Visitor Management System 1.0. This issue affects some unknown processing of the file /apartment-visitor/visitor-entry.php. The manipulation of the argument visname leads to sql injection. The attack can be initiated remotely. The exploit is publ...

Vendor: CodeAstro
Product: Apartment Visitor Management System
Published: Jul 06, 2026
Source: NVD
CVE-2026-14797 MEDIUM - 6.3

A vulnerability was determined in CodeAstro Apartment Visitor Management System 1.0. This vulnerability affects unknown code of the file /apartment-visitor/edit-apartment.php. Executing a manipulation of the argument editid can lead to sql injection. It is possible to launch the attack remotely. The...

Vendor: CodeAstro
Product: Apartment Visitor Management System
Published: Jul 06, 2026
Source: NVD
CVE-2026-14796 MEDIUM - 6.3

A vulnerability was found in CodeAstro Apartment Visitor Management System 1.0. This affects an unknown part of the file /apartment-visitor/report.php. Performing a manipulation of the argument fromdate results in sql injection. It is possible to initiate the attack remotely. The exploit has been ma...

Vendor: CodeAstro
Product: Apartment Visitor Management System
Published: Jul 06, 2026
Source: NVD
CVE-2026-14795 MEDIUM - 6.3

A vulnerability has been found in CodeAstro Apartment Visitor Management System 1.0. Affected by this issue is some unknown functionality of the file /apartment-visitor/action-visitor.php. Such manipulation of the argument remark leads to sql injection. The attack may be performed from remote. The e...

Vendor: CodeAstro
Product: Apartment Visitor Management System
Published: Jul 06, 2026
Source: NVD
CVE-2026-14794 MEDIUM - 4.3

A flaw has been found in Craft CMS up to 4.18.0.1. Affected by this vulnerability is the function actionGetNewUsersData of the file src/controllers/ChartsController.php of the component Charts Endpoint. This manipulation of the argument userGroupId causes improper authorization. The attack is possib...

Vendor: Craft
Product: CMS
Published: Jul 06, 2026
Source: NVD
CVE-2026-14793 MEDIUM - 4.3

A vulnerability was detected in Craft CMS up to 4.18.0.1. Affected is the function actionReorderSets of the file src/controllers/GlobalsController.php of the component reorder-sets Endpoint. The manipulation results in authorization bypass. The attack can be executed remotely. Upgrading to version 4...

Vendor: Craft
Product: CMS
Published: Jul 06, 2026
Source: NVD
CVE-2026-14792 MEDIUM - 6.5

A security vulnerability has been detected in Formbricks 5.0.0. This impacts an unknown function of the file apps/web/modules/survey/link/actions.ts of the component Survey Handler. The manipulation leads to improper access controls. Remote exploitation of the attack is possible. Upgrading to versio...

Product: Formbricks
Published: Jul 06, 2026
Source: NVD

A weakness has been identified in crater-invoice-inc crater up to 6.0.6. This affects the function getFormattedString of the file app/Http/Requests/InvoicesRequest.php of the component Invoice Note Handler. Executing a manipulation of the argument notes can lead to cross site scripting. The attack m...

Vendor: crater-invoice-inc
Product: crater
Published: Jul 06, 2026
Source: NVD

A flaw has been found in GPAC 26.02.0. This affects the function nhmldump_send_frame of the file src/filters/write_nhml.c of the component Media File Handler. Executing a manipulation can lead to null pointer dereference. The attack requires local access. The exploit has been published and may be us...

Product: GPAC
Published: Jul 06, 2026
Source: NVD

A vulnerability was detected in radareorg radare2 up to 6.1.6. Affected by this issue is some unknown functionality of the file libr/bin/format/mdmp/mdmp.c of the component Memory64ListStream Parser. Performing a manipulation results in stack-based buffer overflow. The attack requires a local approa...

Vendor: radareorg
Product: radare2
Published: Jul 06, 2026
Source: NVD
CVE-2026-14803 MEDIUM - 6.5

Mojo::JSON versions before 9.47 for Perl allow memory exhaustion via unbounded recursion in the pure-Perl decoder. The pure-Perl decode path (`_decode_value` dispatching to `_decode_array` and `_decode_object`) recurses with no depth limit, so a small deeply nested JSON document can consume excessi...

Vendor: SRI
Product: Mojo::JSON
Published: Jul 06, 2026
Source: NVD

A security vulnerability has been detected in radareorg radare2 up to 6.1.6. Affected by this vulnerability is the function r_core_bin_load of the file libr/core/cfile.c. Such manipulation leads to use after free. The attack needs to be performed locally. The exploit has been disclosed publicly and ...

Vendor: radareorg
Product: radare2
Published: Jul 06, 2026
Source: NVD

A weakness has been identified in radareorg radare2 up to 6.1.6. Affected is the function cmd_print in the library libr/core/cmd_print.inc of the component pb Print Command Handler. This manipulation causes integer overflow. The attack needs to be launched locally. The exploit has been made availabl...

Vendor: radareorg
Product: radare2
Published: Jul 06, 2026
Source: NVD

A security flaw has been discovered in radareorg radare2 up to 6.1.6. This impacts the function r_str_word_get0set of the file libr/util/str.c. The manipulation results in integer overflow. The attack must be initiated from a local position. The exploit has been released to the public and may be use...

Vendor: radareorg
Product: radare2
Published: Jul 06, 2026
Source: NVD
CVE-2026-14784 MEDIUM - 6.3

A vulnerability was identified in vxcontrol PentAGI up to 2.1.0. This affects an unknown function of the file backend/pkg/docker/client.go of the component Docker API. The manipulation leads to sandbox issue. The attack may be initiated remotely. The pull request to fix this issue awaits acceptance.

Vendor: vxcontrol
Product: PentAGI
Published: Jul 06, 2026
Source: NVD
CVE-2026-14783 MEDIUM - 4.3

A vulnerability was determined in NousResearch hermes-agent 2026.5.29.2. The impacted element is the function skill_view of the file tools/skills_tool.py. Executing a manipulation of the argument Name can lead to path traversal. The attack can be launched remotely. The exploit has been publicly disc...

Vendor: NousResearch
Product: hermes-agent
Published: Jul 06, 2026
Source: NVD
CVE-2026-14778 HIGH - 7.3

A security vulnerability has been detected in SourceCodester Onlne Examination & Learning Management System 1.0. This affects an unknown part of the file /ajax_enroll.php of the component Enrollment Management. The manipulation of the argument student_id/schedule_id/action leads to improper auth...

Vendor: SourceCodester
Product: Onlne Examination & Learning Management System
Published: Jul 06, 2026
Source: NVD
CVE-2026-14777 MEDIUM - 6.3

A weakness has been identified in SourceCodester Onlne Examination & Learning Management System 1.0. Affected by this issue is some unknown functionality of the file /announcements.php. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit has...

Vendor: SourceCodester
Product: Onlne Examination & Learning Management System
Published: Jul 06, 2026
Source: NVD