Export limit exceeded: 361680 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 361680 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 361680 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 361680 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 361680 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361680 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-13516 | 1 Tenda | 1 Jd12l | 2026-06-29 | 8.8 High |
| A vulnerability was detected in Tenda JD12L 16.03.53.23. The affected element is the function fromSetWifiGusetBasic of the file /goform/WifiGuestSet. Performing a manipulation of the argument shareSpeed results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used. | ||||
| CVE-2026-13522 | 1 Investintech | 1 Slimpdfreader | 2026-06-29 | 4.3 Medium |
| A security flaw has been discovered in Investintech SlimPDFReader up to 2.0.14. Affected by this issue is the function SlimPDFReader!Investintech::PCV::TeighaDo+0x25cde0 of the file SlimPDFReader.exe of the component PDF File Handler. Performing a manipulation results in out-of-bounds read. It is possible to initiate the attack remotely. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2026-13520 | 1 Itsourcecode | 1 Hospital Management System | 2026-06-29 | 6.3 Medium |
| A vulnerability was determined in itsourcecode Hospital Management System 1.0. Affected is an unknown function of the file /appointmentapproval.php of the component Appointment Handler. This manipulation of the argument editid causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2026-13514 | 1 Chess | 1 Play And Learn App | 2026-06-29 | 2.4 Low |
| A weakness has been identified in Chess Play and Learn App up to 4.9.42 on Android. This issue affects some unknown processing of the file AndroidManifest.xml of the component com.chess. This manipulation causes exposure of backup file to an unauthorized control sphere. It is feasible to perform the attack on the physical device. The exploit has been made available to the public and could be used for attacks. Upgrading the affected component is advised. The vendor was informed early about this issue. They confirmed the existence and that they will address it. Furthermore, they explain that their bug bounty "explicitly excludes physical-access attacks". However, they appreciate the quality of the report and aim at making a goodwill payment to the researcher. | ||||
| CVE-2026-13508 | 1 Khoj-ai | 1 Khoj | 2026-06-29 | 5.5 Medium |
| A flaw has been found in khoj-ai khoj up to 2.0.0-beta.28. This impacts an unknown function of the file src/khoj/routers/api_chat.py of the component Conversation Sharing Handler. This manipulation of the argument conversation.agent causes incorrect authorization. Remote exploitation of the attack is possible. The exploit has been published and may be used. The pull request to fix this issue awaits acceptance. | ||||
| CVE-2026-13534 | 1 Cherryhq | 1 Cherry-studio | 2026-06-29 | 5 Medium |
| A vulnerability was detected in CherryHQ cherry-studio up to 1.9.7. This affects the function sha256 of the file src/main/services/memory/MemoryService.ts of the component CherryIN Preload API. Performing a manipulation of the argument state results in authorization bypass. The attack can be initiated remotely. The attack's complexity is rated as high. It is indicated that the exploitability is difficult. The exploit is now public and may be used. The vendor explains, that "[m]emory is planned to be removed in v2 version." | ||||
| CVE-2026-13521 | 1 Sourcecodester | 1 Class And Exam Timetabling System | 2026-06-29 | 7.3 High |
| A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0/5.php. Affected by this vulnerability is an unknown functionality of the file /preview5.php. Such manipulation of the argument course_year_section leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used. | ||||
| CVE-2026-57341 | 2026-06-29 | 6.5 Medium | ||
| Unauthenticated Insecure Direct Object References (IDOR) in Colissimo Officiel : Méthodes de livraison pour WooCommerce <= 2.9.0 versions. | ||||
| CVE-2026-57340 | 2026-06-29 | 6.5 Medium | ||
| Unauthenticated Broken Access Control in Japanized For WooCommerce <= 2.9.12 versions. | ||||
| CVE-2026-57339 | 2026-06-29 | 6.6 Medium | ||
| Unauthenticated Broken Access Control in Business Directory <= 6.4.23 versions. | ||||
| CVE-2026-13527 | 1 Sourcecodester | 1 Class And Exam Timetabling System | 2026-06-29 | 7.3 High |
| A vulnerability has been found in SourceCodester Class and Exam Timetabling System 1.0. The affected element is an unknown function of the file /preview4.php. Such manipulation of the argument course_year_section leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-57337 | 2026-06-29 | 7.1 High | ||
| Unauthenticated Cross Site Scripting (XSS) in Landing Page Builder <= 1.5.3.5 versions. | ||||
| CVE-2026-57336 | 2026-06-29 | 7.1 High | ||
| Unauthenticated Cross Site Scripting (XSS) in Jobify <= 4.3.2 versions. | ||||
| CVE-2026-57335 | 2026-06-29 | 6.5 Medium | ||
| Subscriber Broken Access Control in Ads by WPQuads <= 3.0.3 versions. | ||||
| CVE-2026-57334 | 2026-06-29 | 6.5 Medium | ||
| Unauthenticated Broken Access Control in WP User Frontend <= 4.3.7 versions. | ||||
| CVE-2026-13533 | 1 Agentejo | 1 Cockpit Cms | 2026-06-29 | 5.3 Medium |
| A security vulnerability has been detected in agentejo Cockpit CMS up to 0.12.2. Affected by this issue is the function Spyc::YAMLLoad of the file /config/config.yaml of the component htaccess Handler. Such manipulation leads to files or directories accessible. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. Configuration settings should be changed. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-57333 | 2026-06-29 | 7.1 High | ||
| Unauthenticated Cross Site Scripting (XSS) in Link Whisper Free <= 0.9.4 versions. | ||||
| CVE-2026-57331 | 2026-06-29 | 9.9 Critical | ||
| Performer Arbitrary File Deletion in Paid Videochat Turnkey Site <= 7.4.8 versions. | ||||
| CVE-2026-13551 | 1 Itsourcecode | 1 Baptism Information Management System | 2026-06-29 | 7.3 High |
| A security vulnerability has been detected in itsourcecode Baptism Information Management System 1.0. This affects an unknown function of the file /editBaptism.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2026-57329 | 2026-06-29 | 6.5 Medium | ||
| Subscriber Cross Site Scripting (XSS) in WooCommerce Designer Pro <= 1.9.34 versions. | ||||