CVE Field Guide

Critical CVEs

CVE Title Updated Score
CVE-2026-46442 Flowise: Authenticated Host RCE via POST /api/v1/node-custom-function and NodeVM Sandbox Escape 08.06.2026 9.4
CVE-2026-47430 Cordova Plugin InAppBrowser: iOS: Arbitrary Cordova callback IDs can be dispatched without validation from InAppBrowser WebViews 08.06.2026 9.5
CVE-2026-11499 Tenda HG7HG9/HG10 formDOMAINBLK stack-based overflow 08.06.2026 9.3
CVE-2023-54352 WordPress Seotheme Remote Code Execution Unauthenticated 08.06.2026 9.3
CVE-2024-58348 WordPress Background Image Cropper 1.2 Remote Code Execution 08.06.2026 9.3
CVE-2024-58349 WordPress Theme Travelscape 1.0.3 Arbitrary File Upload 08.06.2026 9.3
CVE-2026-11429 Path Traversal in Altium Git Service Allows Remote Code Execution 08.06.2026 9.4
CVE-2026-11423 Path Traversal in Altium Enterprise Server Collaboration Service Allows Privilege Escalation 08.06.2026 9.4
CVE-2026-11419 Path Traversal in Altium Enterprise Server Vault UploadController Allows Arbitrary File Write 05.06.2026 9.4
CVE-2026-11420 Path Traversal in Altium Enterprise Server NIS Allows Unauthenticated Arbitrary File Write and File Read 05.06.2026 10
CVE-2026-45758 Malicious code in guardrails-ai 0.10.1 (supply chain compromise) 05.06.2026 9.6
CVE-2026-45777 Open XDMoD Vulnerable to Unauthenticated Remote Code Execution (RCE) via OS Command Injection 05.06.2026 9.3
CVE-2026-45779 Open XDMoD Vulnerable to Unauthenticated SQL Injection Leading to Full Database Compromise 08.06.2026 9.3
CVE-2026-11414 Unauthenticated File Exfiltration in Altium Enterprise Server Vault Service via Hard-coded Cryptographic Key and Path Traversal 05.06.2026 10
CVE-2026-10580 Hippoo Mobile App for WooCommerce <= 1.9.4 - Unauthenticated Authentication Bypass to Administrator Account Takeover via REST API 06.06.2026 9.8
CVE-2026-46389 UDS Identity Config has a client authentication bypass in `ClientIdAndKubernetesSecretAuthenticator` 05.06.2026 10
CVE-2026-46395 HAX CMS Vulnerable to Private Key Disclosure via Broken HMAC Implementation 05.06.2026 9.3
CVE-2026-46396 HAX CMS has a stored XSS via <iframe> that allows access to sensitive client-side data and account takeover 05.06.2026 9.3
CVE-2026-46399 Authenticated Remote Code Execution via File Overwrite 05.06.2026 9.4
CVE-2026-46496 HAX CMS: Stored XSS via '<video-player>' component allows arbitrary JavaScript execution and token theft 05.06.2026 9.3
CVE-2025-71317 NetMan 204 Hard-coded Backdoor Credentials 05.06.2026 9.3
CVE-2025-71318 NetMan 204 Missing Authentication for Administrative Functions 05.06.2026 9.3
CVE-2026-45744 Termix has an OS Command Injection in File Manager resolvePath endpoint 05.06.2026 9.9
CVE-2026-45746 Termix Vulnerable to Arbitrary Command Execution via Session Hijacking 05.06.2026 9
CVE-2026-45748 Termix Vulnerable to Remote Code Execution via SSH Tunnel Forward Command Injection 05.06.2026 9.8
CVE-2026-45750 Termix Vulnerable to Arbitrary Command Execution in File Manager 05.06.2026 9
CVE-2026-49777 WordPress Product Slider Pro for WooCommerce plugin < 3.5.3 - Backdoor vulnerability 08.06.2026 10
CVE-2026-6274 Authentication Bypass in DTS Electronics' Redline WR3200 05.06.2026 9.8
CVE-2026-48907 Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5 05.06.2026 10
CVE-2026-48567 Azure HorizonDB Elevation of Privilege Vulnerability 06.06.2026 10
CVE-2026-48579 Microsoft Exchange Online Information Disclosure Vulnerability 05.06.2026 9.1
CVE-2025-71316 SQLite sqldiff remote code execution via argument injection 05.06.2026 9.2
CVE-2025-67447 04.06.2026 9.8
CVE-2026-10880 Unauthenticated SQL Injection in Osnexus Quantastor 04.06.2026 9.8
CVE-2026-25550 Seagull Software BarTender Unauthenticated RCE via .NET Remoting Service 04.06.2026 9.3
CVE-2025-67446 04.06.2026 9.8
CVE-2026-10868 MISP user edit endpoint mass assignment vulnerability allows unauthorized user account modification 04.06.2026 9
CVE-2026-43986 Tautulli vulnerable to unauthenticated SSRF in /image/<hash> via attacker-seeded image hash replay 04.06.2026 9.9
CVE-2019-25727 WordPress Plugin ad manager wd 1.0.11 Arbitrary File Download 04.06.2026 9.3
CVE-2019-25729 PDF Signer 3.0 Server-Side Template Injection RCE via CSRF Cookie 04.06.2026 9.3
CVE-2019-25738 WordPress Hybrid Composer 1.4.6 Unauthenticated Settings Change 04.06.2026 9.3
CVE-2019-25741 Mobatek MobaXterm 12.1 Buffer Overflow via Sessions File 04.06.2026 9.3
CVE-2026-8037 OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF 05.06.2026 9.6
CVE-2026-10840 Openshift-pipelines-operator-rh: openshift-pipelines-operator: tekton-scheduler-rolebinding grants system:authenticated write access to kueue and cert-manager resources 04.06.2026 9.6
CVE-2026-4104 SQLi in Akmer Informatics' TeknoPass 04.06.2026 9.8
CVE-2026-50214 Shared Secret Quota Inflation 04.06.2026 9.3
CVE-2026-50208 Permissive TrustAllCerts TLS Verification 04.06.2026 9.2
CVE-2026-50209 MDM Server Registration Overriding 04.06.2026 9.3
CVE-2026-49190 Missing Per-Instruction Authorization Checks 04.06.2026 9.4
CVE-2026-49191 Exposed Hard-coded M3WebServer Backend API Key 04.06.2026 9.3
CVE-2026-49194 SCREEN_CLICK Authentication Bypass 04.06.2026 9.4
CVE-2026-41283 04.06.2026 9.9
CVE-2026-49185 Instruction Injection via FieldX MDM 04.06.2026 10
CVE-2026-46244 netfilter: nft_inner: Fix IPv6 inner_thoff desync 05.06.2026 9.1
CVE-2026-46266 inet: RAW sockets using IPPROTO_RAW MUST drop incoming ICMP 05.06.2026 9.1
CVE-2026-35075 Hardcoded default Password for Service Account 03.06.2026 9.3
CVE-2026-47065 Apache MINA: Critical Deserialization Allow-list Bypass via resolveProxyClass - ZDRES-232 04.06.2026 9.8
CVE-2026-4035 Environment Variable Resolution Vulnerability in mlflow/mlflow 03.06.2026 9.1
CVE-2026-32625 LibreChat Exfiltrates Server Secrets via MCP Server URL Injection 03.06.2026 9.6
CVE-2026-42849 authentik: Reflected XSS in SFE AutosubmitStage allows IDP account takeover 03.06.2026 9.3
CVE-2026-49448 authentik: SourceStage bypass via empty POST 03.06.2026 9.8
CVE-2026-5076 ARMember Premium <= 7.3.1 - Insecure Password Reset Mechanism to Unauthenticated Privilege Escalation 02.06.2026 9.8
CVE-2026-0611 Spacelabs Healthcare Sentinel 10.5.x < 11.6.0 Unauthenticated RCE via .NET Remoting 02.06.2026 9.2
CVE-2026-42074 OpenClaude: Sandbox Bypass via Model-Controlled `dangerouslyDisableSandbox` Input 02.06.2026 9.3
CVE-2026-47117 OpenMed < 1.5.2 Remote Code Execution via PII Model Loading 02.06.2026 9.3
CVE-2026-7198 CWE-284: Improper Access Control in web services in Progress Sitefinity 03.06.2026 9.8
CVE-2026-7312 CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity 03.06.2026 10
CVE-2026-42684 WordPress WP Job Portal plugin <= 2.5.1 - SQL Injection vulnerability 02.06.2026 9.3
CVE-2025-53209 WordPress Masteriyo LMS PRO plugin <= 2.20.0 - Privilege Escalation Vulnerability 02.06.2026 9.8
CVE-2026-34906 Server-Side Template Injection (SSTI) in Wirtualna Uczelnia 02.06.2026 9.3
CVE-2026-8206 Kirki 6.0.0 - 6.0.6 - Unauthenticated Privilege Escalation via 'handle_forgot_password' 02.06.2026 9.8
CVE-2026-25879 Langroid has Prompt to SQL Injection, Leading to RCE 02.06.2026 9.8
CVE-2018-25427 Arm Whois 3.11 Buffer Overflow via SEH Overwrite 02.06.2026 9.3
CVE-2026-40965 03.06.2026 10
CVE-2026-0072 01.06.2026 10
CVE-2026-49121 AI Tensor Engine for ROCm (AITER) 0.1.14 Unauthenticated RCE via MessageQueue.recv() Pickle Deserialization 02.06.2026 9.2
CVE-2026-8644 IBM WebSphere Application Server is affected by an identity spoofing vulnerability 01.06.2026 9.1
CVE-2026-9311 IBM WebSphere Application Server is affected by remote code execution 02.06.2026 9
CVE-2026-9319 IBM WebSphere Application Server is affected by a remote code execution vulnerability 02.06.2026 9

Latest Updates

CVE Title Updated Score
CVE-2020-37248 08.06.2026 6.5
CVE-2025-71315 drm/vkms: Convert to DRM's vblank timer 08.06.2026
CVE-2026-11522 Tenda W20E setPortMirror formSetPortMirror stack-based overflow 08.06.2026
CVE-2026-11523 Tenda W20E Web Management PortalAuth formPortalAuth stack-based overflow 08.06.2026
CVE-2026-11524 Tenda W20E Web Management modifyWifiFilterRules stack-based overflow 08.06.2026
CVE-2026-11528 Tenda AC18 Web Management getRebootStatus sub_45304 stack-based overflow 08.06.2026
CVE-2026-11529 designcomputer mysql-mcp-server mysql URI server.py read_resource sql injection 08.06.2026
CVE-2026-22164 GPU DDK - Kernel heap OOB write in DevmemIntComputeVirtualIndicesFromLogical 08.06.2026
CVE-2026-29167 Apache HTTP Server: mod_ldap per-dir use-after-free 08.06.2026
CVE-2026-29170 Apache HTTP Server: mod_proxy_ftp XSS 08.06.2026
CVE-2026-34194 GPU DDK - UAF read and/or write to arbitrary physical pages in DevmemIntChangeSparse due to incorrect calculation of the virtual index count 08.06.2026
CVE-2026-34355 Apache HTTP Server: mod_proxy_html buffer overflow 08.06.2026
CVE-2026-34356 Apache HTTP Server: ProxyPassReverseCookieMap buffer overflow 08.06.2026
CVE-2026-36786 08.06.2026
CVE-2026-42535 Apache HTTP Server: mod_dav_fs protected directory access 08.06.2026
CVE-2026-42536 Apache HTTP Server: mod_xml2enc heap overflow 08.06.2026
CVE-2026-42861 Flowise: Mass Assignment in Variable Update Endpoint Allows Cross-Workspace Resource Reassignment 08.06.2026
CVE-2026-42862 Flowise: Mass Assignment in Tool Update Endpoint Allows Cross-Workspace Resource Reassignment 08.06.2026
CVE-2026-42863 Flowise: Mass Assignment in Chatflow Update Endpoint Allows Cross-Workspace AgentFlow Reassignment 08.06.2026
CVE-2026-43951 Apache HTTP Server: OOB Read in `merge_response_headers` can cause crash 08.06.2026
CVE-2026-44119 Apache HTTP Server: escalation of privilege through expressions in .htaccess in multiple modules 08.06.2026
CVE-2026-44185 Apache HTTP Server: Stack Buffer Over-Read in mod_ssl OCSP `send_request` 08.06.2026
CVE-2026-44186 Apache HTTP Server: Loop in `proxy_ftp_handler` in mod_proxy_ftp 08.06.2026
CVE-2026-44631 Apache HTTP Server: Heap Underflow in `ap_regname` via Signed Char Overflow 08.06.2026
CVE-2026-46274 io-wq: check that the predecessor is hashed in io_wq_remove_pending() 08.06.2026
CVE-2026-46275 Bluetooth: hci_uart: fix UAFs and race conditions in close and init paths 08.06.2026
CVE-2026-46440 Flowise: Basic Auth Credentials Exposed via API 08.06.2026
CVE-2026-46441 Flowise: Mass Assignment in Assistant Update Endpoint Allows Cross-Workspace Resource Reassignment 08.06.2026
CVE-2026-46442 Flowise: Authenticated Host RCE via POST /api/v1/node-custom-function and NodeVM Sandbox Escape 08.06.2026
CVE-2026-46443 Flowise: Credential Data Leak 08.06.2026
CVE-2026-46444 Flowise: Vector Store No Permission Checks 08.06.2026
CVE-2026-46475 Flowise: Assistant create+update mass-assignment allows cross-workspace assistant takeover 08.06.2026
CVE-2026-46476 Flowise: CustomTemplate create+update mass-assignment allows cross-workspace template takeover 08.06.2026
CVE-2026-46477 Flowise: Dataset create+update mass-assignment allows cross-workspace dataset takeover 08.06.2026
CVE-2026-46478 Flowise: DatasetRow create+update mass-assignment allows cross-workspace row takeover 08.06.2026
CVE-2026-46479 Flowise: Evaluation create+update mass-assignment allows cross-workspace evaluation takeover 08.06.2026
CVE-2026-46480 Flowise: Evaluator create+update mass-assignment allows cross-workspace evaluator takeover 08.06.2026
CVE-2026-46656 Bludit CMS has improper authorization and mediation failure leading to persistent ghost sessions 08.06.2026 8.8
CVE-2026-46657 Bludit's persistent authentication tokens not revoked upon account disablement 08.06.2026 7.1
CVE-2026-48488 phpMyFAQ has Weak Cryptography - SHA1 for Password Hashing 08.06.2026
CVE-2026-48913 Apache HTTP Server: mod_http2 memory corruption when file handles exhausted 08.06.2026
CVE-2026-49755 Decompression bomb DoS in Req via auto-decoded archive and compressed response bodies 08.06.2026
CVE-2026-49756 Multipart form-data header injection in Req via unescaped name/filename/content_type 08.06.2026
CVE-2026-49975 Apache HTTP Server: mod_http2 denial of service 08.06.2026
CVE-2026-11516 UTT HiPER 2610G formNatStaticMap strcpy buffer overflow 08.06.2026
CVE-2026-11517 UTT HiPER 2610G formConfigDnsFilterGlobal strcpy buffer overflow 08.06.2026
CVE-2026-11518 SourceCodester Inventory System User Management users.php cross site scripting 08.06.2026
CVE-2026-11519 SourceCodester Inventory System Account Creation users_handler.php improper authorization 08.06.2026
CVE-2026-11520 SourceCodester Inventory System header.php cross site scripting 08.06.2026
CVE-2026-11521 Mohammed-eid35 bank-management-system-springboot Transaction Endpoint TransactionController.java improper authorization 08.06.2026
CVE-2026-25558 QloApps 1.7.0 Stored XSS via SVG File Upload in Admin File Manager 08.06.2026
CVE-2026-36789 08.06.2026
CVE-2026-43972 gun HTTP/2 PUSH_PROMISE authority not validated against connection origin allows cross-origin cookie injection 08.06.2026
CVE-2026-43973 gun HTTP/1.1 response buffer has no size limit allowing server-controlled memory exhaustion 08.06.2026
CVE-2026-43974 gun HTTP/1.1 client accepts unsolicited 101 Switching Protocols response allowing server-driven protocol hijack and OOM 08.06.2026
CVE-2026-49232 Routinator exits when accepting an incoming HTTP or RTR connection fails 08.06.2026
CVE-2026-49233 Routinator cache path traversal using rogue rsync URIs 08.06.2026
CVE-2026-49234 Routinator crashes on specifically crafted ASN strings in the API 08.06.2026
CVE-2026-49235 Routinator crashes on specifically crafted RRDP XML files 08.06.2026
CVE-2026-11511 Bolt CMS HTML Attribute TextType.php HTML injection 08.06.2026
CVE-2026-11512 itsourcecode Hospital Management System billing.php cross site scripting 08.06.2026
CVE-2026-11513 itsourcecode Hospital Management System adminaccount.php sql injection 08.06.2026
CVE-2026-11514 itsourcecode Hospital Management System addpatient.php sql injection 08.06.2026
CVE-2026-11515 SourceCodester Barangay Resident Profiling and Information Management System Password Reset passsword_reset.php hard-coded password 08.06.2026
CVE-2026-11577 Keycloak: keycloak: privilege escalation via partialimport fgap permission bypass 08.06.2026
CVE-2026-7186 Fix stored XSS in URL dashboard widget via dangerous URI schemes 08.06.2026
CVE-2026-7765 User Messages widget leaked issuer messages on shared dashboards 08.06.2026
CVE-2026-8078 Fix stored XSS in global settings change log 08.06.2026
CVE-2026-8833 XSS in urls 08.06.2026
CVE-2026-9549 Fix XSS in service discovery active check output 08.06.2026
CVE-2026-11504 Tenda CX12L Wi-Fi Schedule Configuration Endpoint openSchedWifi setSchedWifi stack-based overflow 08.06.2026
CVE-2026-11505 GL.iNet XE3000 glnassys hard-coded key 08.06.2026
CVE-2026-11506 CodeAstro Leave Management System search_staff_for_deletion.php sql injection 08.06.2026
CVE-2026-11507 CodeAstro Leave Management System delete_leave_type.php sql injection 08.06.2026
CVE-2026-11508 CodeAstro Leave Management System search_staff_to_assign_pc.php sql injection 08.06.2026
CVE-2026-11509 CodeAstro Leave Management System search_staff_for_updation.php sql injection 08.06.2026
CVE-2026-11510 CodeAstro Leave Management System add_leave.php sql injection 08.06.2026
CVE-2026-11569 Quay: quay: stored xss via filedrop svg upload 08.06.2026
CVE-2026-3011 Recipe Card Blocks Lite <= 3.4.13 - Authenticated (Author+) Stored Cross-Site Scripting via 'summary' and 'notes' 08.06.2026 6.4
CVE-2026-47430 Cordova Plugin InAppBrowser: iOS: Arbitrary Cordova callback IDs can be dispatched without validation from InAppBrowser WebViews 08.06.2026
CVE-2026-50751 User Authentication Bypass in VPN Remote Access and Mobile Access 08.06.2026
CVE-2026-50752 Certificate Validation Bypass in VPN Site-to-Site Connections Using IKEv1 08.06.2026 7.4
CVE-2024-56120 08.06.2026
CVE-2024-56121 08.06.2026
CVE-2024-56122 08.06.2026
CVE-2024-56123 08.06.2026
CVE-2026-11500 Weaviate Static API Key client.go validateConfig authorization 08.06.2026
CVE-2026-11501 SourceCodester Hospitals Patient Records Management System Master.php save_patient sql injection 08.06.2026
CVE-2026-11502 JeecgBoot Third-Party Login ThirdLoginController.java HttpServletResponse.sendRedirect redirect 08.06.2026
CVE-2026-11503 Tenda CX12L Wi-Fi Configuration Endpoint fast_setting_wifi_set form_fast_setting_wifi_set stack-based overflow 08.06.2026
CVE-2026-9506 Path Traversal Vulnerability in Bagisto 08.06.2026
CVE-2026-11497 D-Link DCS-5615 Boa Webserver boa.conf least privilege violation 08.06.2026
CVE-2026-11498 Tenda HG7HG9/HG10 Web Management voip_other_set asp_voip_OtherSet stack-based overflow 08.06.2026
CVE-2026-11499 Tenda HG7HG9/HG10 formDOMAINBLK stack-based overflow 08.06.2026
CVE-2026-3238 Samba: denial of service against ad dc wins server 08.06.2026
CVE-2026-41722 VMSA-2026-0004: VMware Cloud Foundation Operations updates address multiple vulnerabilities (CVE-2026-41722, CVE-2026-41723 and CVE-2026-41724) 08.06.2026 8
CVE-2026-41723 VMSA-2026-0004: VMware Cloud Foundation Operations updates address multiple vulnerabilities (CVE-2026-41722, CVE-2026-41723 and CVE-2026-41724) 08.06.2026 8
CVE-2026-41724 VMSA-2026-0004: VMware Cloud Foundation Operations updates address multiple vulnerabilities (CVE-2026-41722, CVE-2026-41723 and CVE-2026-41724) 08.06.2026 8
CVE-2026-11490 code-projects Online Music Site Search.php sql injection 08.06.2026
CVE-2026-11491 CodeAstro Human Resource Management System Notice Board Management All_notice cross site scripting 08.06.2026
CVE-2026-11492 D-Link DIR-823G vsftpd vsftpd.conf least privilege violation 08.06.2026
CVE-2026-11493 Tenda AC15 Samba smb.conf weak password 08.06.2026
CVE-2026-11494 TOTOLINK AC1200 T8 vsftpd vsftpd.conf least privilege violation 08.06.2026
CVE-2026-11495 CodeAstro Ingredients Stock Management System add_stock.php sql injection 08.06.2026
CVE-2026-11483 SourceCodester Class and Exam Timetabling System archive4.php sql injection 08.06.2026
CVE-2026-11484 SourceCodester Class and Exam Timetabling System archive3.php sql injection 08.06.2026
CVE-2026-11485 SourceCodester Class and Exam Timetabling System archive2.php sql injection 08.06.2026
CVE-2026-11486 SourceCodester Class and Exam Timetabling System archive1.php sql injection 08.06.2026
CVE-2026-11487 Neovim View Branch secure.lua M.read command injection 08.06.2026
CVE-2026-11488 code-projects Simple Flight Ticket Booking System POST Parameter checkUser.php sql injection 08.06.2026
CVE-2026-11489 code-projects Online Music Site AdminDeleteAlbum.php sql injection 08.06.2026
CVE-2026-11478 kokke tiny-regex-c Pattern re.c matchstar redos 08.06.2026
CVE-2026-11479 yoanbernabeu grepai Qdrant Backend chunker.go weak hash 08.06.2026
CVE-2026-11480 Chengdu Everbrite Network Technology BeikeShop Admin Design Builder Endpoint admin.php sql injection 08.06.2026
CVE-2026-11481 yoanbernabeu grepai Postgres Embedding Cache chunker.go PostgresStore.LookupByContentHash weak hash 08.06.2026
CVE-2026-11482 SourceCodester Class and Exam Timetabling System archive5.php sql injection 08.06.2026
CVE-2021-47982 WordPress Plugin WP-Paginate 2.1.3 Stored XSS via preset 08.06.2026
CVE-2021-47983 WordPress Plugin Stripe Payments 2.0.39 Stored XSS via currency_code 08.06.2026
CVE-2021-47984 WordPress Plugin WP24 Domain Check 1.6.2 Stored XSS 08.06.2026
CVE-2022-50953 WordPress Plugin admin-word-count-column 2.2 Local File Read 08.06.2026
CVE-2023-54350 WordPress Augmented-Reality Plugin Remote Code Execution Unauthenticated 08.06.2026
CVE-2023-54351 WordPress Sonaar Music Plugin 4.7 Stored XSS via Comments 08.06.2026
CVE-2023-54352 WordPress Seotheme Remote Code Execution Unauthenticated 08.06.2026
CVE-2024-58348 WordPress Background Image Cropper 1.2 Remote Code Execution 08.06.2026
CVE-2024-58349 WordPress Theme Travelscape 1.0.3 Arbitrary File Upload 08.06.2026
CVE-2026-11475 Kushan2k student-management-system Certificate Verification Endpoint GradeController.php getStatus sql injection 08.06.2026
CVE-2026-11476 Kushan2k student-management-system Profile Update Endpoint AdminController.php edit-admin improper authorization 08.06.2026
CVE-2026-11477 hs-web hsweb-framework OAuth2 Client OAuth2Client.java OAuth2Client redirect 08.06.2026
CVE-2026-11470 hs-web hsweb-framework File Upload FileUploadProperties.java denied path traversal 08.06.2026
CVE-2026-11471 SourceCodester Class and Exam Timetabling System index2.php sql injection 08.06.2026
CVE-2026-11472 SourceCodester Class and Exam Timetabling System index1.php sql injection 08.06.2026
CVE-2026-11473 jflyfox jfinal_cms AdvicefeedbackController.java list sql injection 08.06.2026
CVE-2026-11474 Kushan2k student-management-system Registration Endpoint RegisterService.php unrestricted upload 08.06.2026
CVE-2026-11469 jishenghua jshERP platformConfig Add Endpoint PlatformConfigService.java insertPlatformConfig server-side request forgery 07.06.2026
CVE-2026-11467 jishenghua jshERP addAccountHeadAndDetail Endpoint AccountHeadService.java path traversal 08.06.2026
CVE-2026-11468 SourceCodester Hospitals Patient Records Management System page room_types cross site scripting 07.06.2026
CVE-2026-11465 songquanpeng one-api Redemption Code Top-Up Endpoint redemption.go Redeem logic error 08.06.2026
CVE-2026-11466 zilliztech deep-searcher collection_router.py CollectionRouter.invoke access control 08.06.2026
CVE-2026-11464 JeecgBoot User List Endpoint SysUserController.java queryPageList information disclosure 07.06.2026
CVE-2026-11462 Chengdu Everbrite Network Technology BeikeShop Stripe Plugin StripeController.php callback improper authorization 08.06.2026
CVE-2026-11463 USCiLab Cereal Shared Pointer type confusion 07.06.2026
CVE-2026-11461 NousResearch hermes-agent resume Endpoint hermes_state.py resolve_session_by_title authorization 07.06.2026
CVE-2026-11460 Boost Serialization improper validation of specified type of input 08.06.2026