Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
22332
Total
1596
Critical
6832
High
7160
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-15539 | MEDIUM | 4.7 | A security vulnerability has been detected in SourceCodester Online Book Store System 1.0. Impacted is an unknown function of the file /admin/index.php?page=books of the component … | Jul 13, 2026 |
| CVE-2026-15538 | MEDIUM | 6.3 | A weakness has been identified in primefaces primereact up to 10.9.8. This issue affects the function ObjectUtils.mutateFieldData of the component API. This manipulation of the … | Jul 13, 2026 |
| CVE-2026-15537 | HIGH | 7.3 | A security flaw has been discovered in SourceCodester Online Book Store System 1.0. This vulnerability affects unknown code of the file admin/login.php. The manipulation of … | Jul 13, 2026 |
| CVE-2026-15536 | MEDIUM | 6.3 | A vulnerability was identified in itsourcecode Hospital Management System 1.0. This affects an unknown part of the file /patviewprescription.php. The manipulation of the argument delid … | Jul 13, 2026 |
| CVE-2026-12582 | HIGH | 8.6 | The Library Management System WordPress plugin before 3.5.8 does not sanitize and escape a user-supplied parameter before using it in a SQL statement, allowing unauthenticated … | Jul 13, 2026 |
| CVE-2026-12397 | MEDIUM | 4.3 | The WP Job Portal WordPress plugin before 2.5.5 does not verify ownership when returning an employer's contact email for a given job, allowing authenticated users … | Jul 13, 2026 |
| CVE-2026-12396 | MEDIUM | 5.4 | The WP Job Portal WordPress plugin before 2.5.5 does not perform capability or ownership checks before allowing job moderation actions, allowing authenticated users with a … | Jul 13, 2026 |
| CVE-2026-12275 | HIGH | 7.1 | The Tutor LMS WordPress plugin before 3.9.13 does not, in its Droip and Kirki page-builder integration, perform the enrollment, purchase, and private-course capability checks it … | Jul 13, 2026 |
| CVE-2026-12274 | MEDIUM | 6.5 | The Tutor LMS WordPress plugin before 3.9.13 does not verify that the requesting user is allowed to edit a target post before overwriting it in … | Jul 13, 2026 |
| CVE-2026-12273 | MEDIUM | 4.3 | The Tutor LMS WordPress plugin before 3.9.13 does not perform any authorization or post-target validation before creating a comment in one of its handlers, and … | Jul 13, 2026 |
| CVE-2026-12271 | MEDIUM | 5.4 | The Tutor LMS WordPress plugin before 3.9.13 does not verify ownership of the targeted quiz attempt before writing to it, allowing authenticated users with subscriber-level … | Jul 13, 2026 |
| CVE-2026-12081 | MEDIUM | 5.0 | The Database for Contact Form 7, WPforms, Elementor forms WordPress plugin before 1.5.2 does not restrict the PHP classes allowed when unserializing an attacker-supplied form-field … | Jul 13, 2026 |
| CVE-2026-11964 | CRITICAL | 9.1 | The User Registration & Membership WordPress plugin before 5.2.2 does not verify the authenticity of incoming payment-provider webhook notifications before acting on them, allowing unauthenticated … | Jul 13, 2026 |
| CVE-2026-11963 | HIGH | 8.1 | The User Registration & Membership WordPress plugin before 5.2.2 does not perform an authorization check on a membership-upgrade action and derives the user to modify … | Jul 13, 2026 |
| CVE-2026-10551 | MEDIUM | 6.1 | The Breeze Cache WordPress plugin before 2.5.6 is vulnerable to unauthenticated Stored Cross-Site Scripting (XSS) due to a predictable replacement hash used during the HTML … | Jul 13, 2026 |
| CVE-2026-15535 | MEDIUM | 6.3 | A vulnerability was determined in AkariAsai self-rag up to 1fcdc420e48f50a7d7ab1ece5494221b93252e99. Affected by this issue is the function Indexer.deserialize_from of the file retrieval_lm/src/index.py of the component … | Jul 13, 2026 |
| CVE-2026-15533 | MEDIUM | 4.7 | A security flaw has been discovered in DedeCMS 5.7.118. Impacted is an unknown function of the file /plus/search.php of the component Column Management. Performing a … | Jul 13, 2026 |
| CVE-2026-15532 | LOW | 2.4 | A vulnerability was identified in SourceCodester Online Book Store System 1.0. This issue affects some unknown processing of the component User Management Module. Such manipulation … | Jul 13, 2026 |
| CVE-2026-15531 | MEDIUM | 5.3 | A vulnerability has been found in yashbhalgat HashNeRF-pytorch up to 82885e698295982504eb6a26d060a6b2473e3706. Affected by this issue is the function torch.load of the file run_nerf.py of the … | Jul 13, 2026 |
| CVE-2026-15530 | MEDIUM | 5.3 | A flaw has been found in WuzhiCMS up to 4.1.0. Affected by this vulnerability is the function config/listimage of the file /index.php?m=attachment&f=index&v=upload of the component … | Jul 13, 2026 |
| CVE-2026-9492 | HIGH | 7.8 | The MBStorage DRAM lighting control module within Gigabyte Control Center (GCC) developed by GIGABYTE Technology has an Improper Access Control vulnerability. Authenticated local attackers can … | Jul 13, 2026 |
| CVE-2026-7162 | HIGH | 7.8 | Successful exploitation of the integer overflow vulnerability could allow an attacker to achieve system-level access to the affected software. | Jul 13, 2026 |
| CVE-2026-15553 | MEDIUM | 5.3 | Enterprise Cloud Database developed by Ragic has a Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload malicious files and make them available for … | Jul 13, 2026 |
| CVE-2026-15552 | MEDIUM | 6.1 | Enterprise Cloud Database developed by Ragic has a Stored Cross-Site Scripting vulnerability, allowing unauthenticated remote attackers to inject persistent JavaScript code executed in users' browsers … | Jul 13, 2026 |
| CVE-2026-15529 | MEDIUM | 6.3 | A vulnerability was detected in yzhao062 pyod 3.5.0/3.5.1/3.5.2. Affected is the function pyod.utils.persistence.load of the file pyod/utils/persistence.py. Performing a manipulation of the argument path results … | Jul 13, 2026 |