Total CVEs

143,744

Critical Severity

4,091

High Severity

14,757

Last 7 Days

1,573
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 1,461 - 1,480 of 40,149 CVEs
CVE-2026-14783 MEDIUM - 4.3

A vulnerability was determined in NousResearch hermes-agent 2026.5.29.2. The impacted element is the function skill_view of the file tools/skills_tool.py. Executing a manipulation of the argument Name can lead to path traversal. The attack can be launched remotely. The exploit has been publicly disc...

Vendor: NousResearch
Product: hermes-agent
Published: Jul 06, 2026
Source: NVD
CVE-2026-14778 HIGH - 7.3

A security vulnerability has been detected in SourceCodester Onlne Examination & Learning Management System 1.0. This affects an unknown part of the file /ajax_enroll.php of the component Enrollment Management. The manipulation of the argument student_id/schedule_id/action leads to improper auth...

Vendor: SourceCodester
Product: Onlne Examination & Learning Management System
Published: Jul 06, 2026
Source: NVD
CVE-2026-14777 MEDIUM - 6.3

A weakness has been identified in SourceCodester Onlne Examination & Learning Management System 1.0. Affected by this issue is some unknown functionality of the file /announcements.php. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit has...

Vendor: SourceCodester
Product: Onlne Examination & Learning Management System
Published: Jul 06, 2026
Source: NVD
CVE-2026-14776 MEDIUM - 6.3

A security flaw has been discovered in SourceCodester Onlne Examination & Learning Management System 1.0. Affected by this vulnerability is the function pathinfo of the file /upload_files.php of the component Filename Extension. Performing a manipulation results in unrestricted upload. Remote ex...

Vendor: SourceCodester
Product: Onlne Examination & Learning Management System
Published: Jul 05, 2026
Source: NVD
CVE-2026-14775 MEDIUM - 6.3

A vulnerability was identified in SourceCodester Onlne Examination & Learning Management System 1.0. Affected is an unknown function of the file /process_lesson.php. Such manipulation of the argument user_id leads to unrestricted upload. The attack may be launched remotely. The exploit is public...

Vendor: SourceCodester
Product: Onlne Examination & Learning Management System
Published: Jul 05, 2026
Source: NVD
CVE-2026-14774 MEDIUM - 6.3

A vulnerability was determined in itsourcecode Hospital Management System 1.0. This impacts an unknown function of the file /paymentdischarge.php. This manipulation of the argument patientid causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may b...

Vendor: itsourcecode
Product: Hospital Management System
Published: Jul 05, 2026
Source: NVD
CVE-2026-14773 MEDIUM - 6.3

A vulnerability was found in itsourcecode Hospital Management System 1.0. This affects an unknown function of the file /payment.php. The manipulation of the argument patientid results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used.

Vendor: itsourcecode
Product: Hospital Management System
Published: Jul 05, 2026
Source: NVD

Zephyr's DNS resolver detects mDNS (.local) queries in dns_resolve_name_internal() (subsys/net/lib/dns/resolve.c) with memcmp(strrchr(query, '.'), ".local", 7), which always reads a fixed 7 bytes from the suffix pointer. When the resolved hostname's final label is short...

Vendor: zephyrproject
Product: zephyr
Published: Jul 05, 2026
Source: NVD
CVE-2026-10656 MEDIUM - 4.6

The MAX32xxx USB device controller driver (drivers/usb/udc/udc_max32.c, compatible adi_max32_usbhs) dereferenced an endpoint buffer in its OUT and IN transfer-completion handlers without checking it for NULL. udc_event_xfer_out_done() called net_buf_add(buf, ep_request->actlen) immediately after ...

Vendor: zephyrproject
Product: zephyr
Published: Jul 05, 2026
Source: NVD
CVE-2026-59520 MEDIUM - 4.3

Cross-Site Request Forgery (CSRF) vulnerability in properfraction CrawlWP SEO allows Cross Site Request Forgery. This issue affects CrawlWP SEO: from n/a through 3.0.16.

Vendor: properfraction
Product: CrawlWP SEO
Published: Jul 05, 2026
Source: NVD
CVE-2026-59519 MEDIUM - 5.3

Insertion of Sensitive Information Into Sent Data vulnerability in Softaculous FormLayer allows Retrieve Embedded Sensitive Data. This issue affects FormLayer: from n/a through 1.0.6.

Vendor: Softaculous
Product: FormLayer
Published: Jul 05, 2026
Source: NVD
CVE-2026-59511 MEDIUM - 5.3

Insertion of Sensitive Information Into Sent Data vulnerability in Tim Strifler Exclusive Addons Elementor allows Retrieve Embedded Sensitive Data. This issue affects Exclusive Addons Elementor: from n/a through 2.7.9.9.

Vendor: Tim Strifler
Product: Exclusive Addons Elementor
Published: Jul 05, 2026
Source: NVD
CVE-2026-14772 HIGH - 7.3

A vulnerability has been found in SourceCodester Class and Exam Timetabling System 1.0/1.php. The impacted element is an unknown function of the file /edit_course1.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to...

Vendor: SourceCodester
Product: Class and Exam Timetabling System
Published: Jul 05, 2026
Source: NVD
CVE-2026-14771 HIGH - 7.3

A flaw has been found in SourceCodester Class and Exam Timetabling System 1.0/1.php. The affected element is an unknown function of the file /edit_exam1.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been publ...

Vendor: SourceCodester
Product: Class and Exam Timetabling System
Published: Jul 05, 2026
Source: NVD
CVE-2026-14770 HIGH - 7.3

A vulnerability was detected in SourceCodester Class and Exam Timetabling System 1.0. Impacted is an unknown function of the file /edit_room.php. Performing a manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may b...

Vendor: SourceCodester
Product: Class and Exam Timetabling System
Published: Jul 05, 2026
Source: NVD
CVE-2026-14769 HIGH - 7.3

A security vulnerability has been detected in code-projects Real State Services 1.0. This issue affects some unknown processing of the file /pay.php. Such manipulation of the argument Bankname leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publicly an...

Vendor: code-projects
Product: Real State Services
Published: Jul 05, 2026
Source: NVD
CVE-2026-14768 HIGH - 7.3

A weakness has been identified in code-projects Real State Services 1.0. This vulnerability affects unknown code of the file /builderHome.php. This manipulation of the argument loc causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available to the pub...

Vendor: code-projects
Product: Real State Services
Published: Jul 05, 2026
Source: NVD
CVE-2026-14767 MEDIUM - 6.3

A security flaw has been discovered in CodeAstro Ecommerce Website 1.0. This affects an unknown part of the file /ecommerce-website-php/customer/confirm.php of the component POST Parameter Handler. The manipulation of the argument invoice_no results in sql injection. The attack can be executed remot...

Vendor: CodeAstro
Product: Ecommerce Website
Published: Jul 05, 2026
Source: NVD
CVE-2026-14766 MEDIUM - 6.3

A vulnerability was identified in CodeAstro Apartment Visitor Management System 1.0. Affected by this issue is some unknown functionality of the file /apartment-visitor/search-result.php of the component POST Parameter Handler. The manipulation of the argument searchdata leads to sql injection. Remo...

Vendor: CodeAstro
Product: Apartment Visitor Management System
Published: Jul 05, 2026
Source: NVD

AIL Framework contains a path traversal vulnerability in its PDF object handling. Prior to commit 14c618fce4d1df02358717c48ea903706abecdf2, the PDF.get_filepath() function constructed a file path by joining the configured PDF storage directory with a path derived from a PDF object identifier, withou...

Vendor: ail-project
Product: ail-framework
Published: Jul 05, 2026
Source: NVD