Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

22332
Total
1596
Critical
6832
High
7160
Medium
CVE ID Severity Score Description Published
CVE-2026-15539 MEDIUM 4.7 A security vulnerability has been detected in SourceCodester Online Book Store System 1.0. Impacted is an unknown function of the file /admin/index.php?page=books of the component … Jul 13, 2026
CVE-2026-15538 MEDIUM 6.3 A weakness has been identified in primefaces primereact up to 10.9.8. This issue affects the function ObjectUtils.mutateFieldData of the component API. This manipulation of the … Jul 13, 2026
CVE-2026-15537 HIGH 7.3 A security flaw has been discovered in SourceCodester Online Book Store System 1.0. This vulnerability affects unknown code of the file admin/login.php. The manipulation of … Jul 13, 2026
CVE-2026-15536 MEDIUM 6.3 A vulnerability was identified in itsourcecode Hospital Management System 1.0. This affects an unknown part of the file /patviewprescription.php. The manipulation of the argument delid … Jul 13, 2026
CVE-2026-12582 HIGH 8.6 The Library Management System WordPress plugin before 3.5.8 does not sanitize and escape a user-supplied parameter before using it in a SQL statement, allowing unauthenticated … Jul 13, 2026
CVE-2026-12397 MEDIUM 4.3 The WP Job Portal WordPress plugin before 2.5.5 does not verify ownership when returning an employer's contact email for a given job, allowing authenticated users … Jul 13, 2026
CVE-2026-12396 MEDIUM 5.4 The WP Job Portal WordPress plugin before 2.5.5 does not perform capability or ownership checks before allowing job moderation actions, allowing authenticated users with a … Jul 13, 2026
CVE-2026-12275 HIGH 7.1 The Tutor LMS WordPress plugin before 3.9.13 does not, in its Droip and Kirki page-builder integration, perform the enrollment, purchase, and private-course capability checks it … Jul 13, 2026
CVE-2026-12274 MEDIUM 6.5 The Tutor LMS WordPress plugin before 3.9.13 does not verify that the requesting user is allowed to edit a target post before overwriting it in … Jul 13, 2026
CVE-2026-12273 MEDIUM 4.3 The Tutor LMS WordPress plugin before 3.9.13 does not perform any authorization or post-target validation before creating a comment in one of its handlers, and … Jul 13, 2026
CVE-2026-12271 MEDIUM 5.4 The Tutor LMS WordPress plugin before 3.9.13 does not verify ownership of the targeted quiz attempt before writing to it, allowing authenticated users with subscriber-level … Jul 13, 2026
CVE-2026-12081 MEDIUM 5.0 The Database for Contact Form 7, WPforms, Elementor forms WordPress plugin before 1.5.2 does not restrict the PHP classes allowed when unserializing an attacker-supplied form-field … Jul 13, 2026
CVE-2026-11964 CRITICAL 9.1 The User Registration & Membership WordPress plugin before 5.2.2 does not verify the authenticity of incoming payment-provider webhook notifications before acting on them, allowing unauthenticated … Jul 13, 2026
CVE-2026-11963 HIGH 8.1 The User Registration & Membership WordPress plugin before 5.2.2 does not perform an authorization check on a membership-upgrade action and derives the user to modify … Jul 13, 2026
CVE-2026-10551 MEDIUM 6.1 The Breeze Cache WordPress plugin before 2.5.6 is vulnerable to unauthenticated Stored Cross-Site Scripting (XSS) due to a predictable replacement hash used during the HTML … Jul 13, 2026
CVE-2026-15535 MEDIUM 6.3 A vulnerability was determined in AkariAsai self-rag up to 1fcdc420e48f50a7d7ab1ece5494221b93252e99. Affected by this issue is the function Indexer.deserialize_from of the file retrieval_lm/src/index.py of the component … Jul 13, 2026
CVE-2026-15533 MEDIUM 4.7 A security flaw has been discovered in DedeCMS 5.7.118. Impacted is an unknown function of the file /plus/search.php of the component Column Management. Performing a … Jul 13, 2026
CVE-2026-15532 LOW 2.4 A vulnerability was identified in SourceCodester Online Book Store System 1.0. This issue affects some unknown processing of the component User Management Module. Such manipulation … Jul 13, 2026
CVE-2026-15531 MEDIUM 5.3 A vulnerability has been found in yashbhalgat HashNeRF-pytorch up to 82885e698295982504eb6a26d060a6b2473e3706. Affected by this issue is the function torch.load of the file run_nerf.py of the … Jul 13, 2026
CVE-2026-15530 MEDIUM 5.3 A flaw has been found in WuzhiCMS up to 4.1.0. Affected by this vulnerability is the function config/listimage of the file /index.php?m=attachment&f=index&v=upload of the component … Jul 13, 2026
CVE-2026-9492 HIGH 7.8 The MBStorage DRAM lighting control module within Gigabyte Control Center (GCC) developed by GIGABYTE Technology has an Improper Access Control vulnerability. Authenticated local attackers can … Jul 13, 2026
CVE-2026-7162 HIGH 7.8 Successful exploitation of the integer overflow vulnerability could allow an attacker to achieve system-level access to the affected software. Jul 13, 2026
CVE-2026-15553 MEDIUM 5.3 Enterprise Cloud Database developed by Ragic has a Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload malicious files and make them available for … Jul 13, 2026
CVE-2026-15552 MEDIUM 6.1 Enterprise Cloud Database developed by Ragic has a Stored Cross-Site Scripting vulnerability, allowing unauthenticated remote attackers to inject persistent JavaScript code executed in users' browsers … Jul 13, 2026
CVE-2026-15529 MEDIUM 6.3 A vulnerability was detected in yzhao062 pyod 3.5.0/3.5.1/3.5.2. Affected is the function pyod.utils.persistence.load of the file pyod/utils/persistence.py. Performing a manipulation of the argument path results … Jul 13, 2026