🛡️ AI News Hunt

🛡️ CVE Tracker

Latest 50 CVEs from the NIST National Vulnerability Database — updated every 6 hours.

Last fetched: Mon, 22 Jun 2026 04:52:06 GMT
CRITICAL: 2 HIGH: 29 MEDIUM: 18 LOW: 1
CVE ID Published Score Severity Description
CVE-2026-9351 2026-05-24 6.5 MEDIUM A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.16. This vulnerability affects the function _is_blocked_device of the file tools/file_tools.py of the component read_file …
CVE-2026-9350 2026-05-24 7.3 HIGH A vulnerability was identified in NousResearch hermes-agent up to 2026.4.16. This affects the function check_all_command_guards of the file tools/approval.py of the component Batch Runner. Such manipu…
CVE-2026-9349 2026-05-24 5.3 MEDIUM A vulnerability was determined in calcom cal.diy up to 4.9.4. Affected by this issue is the function getServerSideProps of the file apps/web/modules/bookings/views/bookings-single-view.getServerSidePr…
CVE-2026-9348 2026-05-24 8.8 HIGH A vulnerability was found in Edimax EW-7438RPn up to 1.31. Affected by this vulnerability is an unknown functionality of the file /goform/mp of the component webs. The manipulation of the argument web…
CVE-2026-48829 2026-05-24 7.5 HIGH In GNU SASL before 2.2.3, DIGEST-MD5 has a NULL pointer dereference affecting both clients and servers, via a known token with no accompanying = character. This occurs in lib/digest-md5/getsubopt.c.
CVE-2026-9347 2026-05-24 6.3 MEDIUM A vulnerability has been found in Edimax EW-7438RPn up to 1.31. Affected is the function formWizSurvey of the file /goform/formWizSurvey of the component webs. The manipulation of the argument ip/mask…
CVE-2026-9346 2026-05-24 8.8 HIGH A flaw has been found in Edimax EW-7438RPn up to 1.31. This impacts the function formWirelessTbl of the file /goform/formWirelessTbl of the component webs. Executing a manipulation of the argument sub…
CVE-2026-9345 2026-05-24 8.8 HIGH A vulnerability was detected in Edimax EW-7438RPn up to 1.31. This affects the function formWizSurvey of the file /goform/formWizSurvey of the component webs. Performing a manipulation of the argument…
CVE-2026-9344 2026-05-24 8.8 HIGH A security vulnerability has been detected in Edimax EW-7438RPn up to 1.31. The impacted element is an unknown function of the file /goform/formWpsStart of the component webs. Such manipulation of the…
CVE-2026-9343 2026-05-23 6.3 MEDIUM A weakness has been identified in Edimax EW-7438RPn up to 1.31. The affected element is the function formWpsStart of the file /goform/formWpsStart of the component webs. This manipulation of the argum…
CVE-2026-9342 2026-05-23 6.3 MEDIUM A security flaw has been discovered in SourceCodester Hospitals Patient Records Management System 1.0. Impacted is an unknown function of the file /admin/patients/view_history.php. The manipulation of…
CVE-2018-25358 2026-05-23 7.5 HIGH D-Link DIR601 2.02NA contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration data by manipulating the table_name parameter in POST requ…
CVE-2018-25357 2026-05-23 9.8 CRITICAL Dolibarr ERP CRM 7.0.3 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP code through the db_name parameter. Attackers can…
CVE-2018-25356 2026-05-23 8.4 HIGH SIPp 3.6 and earlier contains a local buffer overflow vulnerability in command-line argument handling that allows local attackers to crash the application or execute arbitrary code. Attackers can trig…
CVE-2018-25355 2026-05-23 8.4 HIGH Audiograbber 1.83 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting structured exception handling mechanisms. Attackers can craft malicious i…
CVE-2018-25354 2026-05-23 4.3 MEDIUM Joomla Component jomres 9.11.2 contains a cross-site request forgery vulnerability that allows attackers to modify user account information by tricking authenticated users into visiting malicious page…
CVE-2018-25353 2026-05-23 8.8 HIGH Redaxo CMS Mediapool Addon 5.5.1 and older contains an arbitrary file upload vulnerability that allows authenticated users to bypass file extension blacklist restrictions. Attackers with editor accoun…
CVE-2018-25352 2026-05-23 7.1 HIGH WordPress Ultimate Form Builder Lite plugin version 1.3.7 and below contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code thr…
CVE-2018-25351 2026-05-23 8.2 HIGH Joomla! Component EkRishta 2.10 contains an error-based SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the username…
CVE-2018-25350 2026-05-23 9.8 CRITICAL userSpice 4.3.24 contains a username enumeration vulnerability that allows unauthenticated attackers to discover valid usernames by sending POST requests to the existingUsernameCheck.php endpoint. Att…
CVE-2018-25349 2026-05-23 6.1 MEDIUM userSpice 4.3.24 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the X-Forwarded-For HTTP header. Attackers can send crafted requests to the bac…
CVE-2018-25348 2026-05-23 8.2 HIGH Joomla! Component Ek Rishta 2.10 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attackers…
CVE-2018-25347 2026-05-23 7.1 HIGH WordPress Contact Form Maker Plugin 1.12.20 contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through the FormMakerSQLMapping and generete_csv_fm…
CVE-2018-25346 2026-05-23 7.1 HIGH WordPress Form Maker Plugin 1.12.24 and below contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through the FormMakerSQLMap…
CVE-2018-25345 2026-05-23 8.4 HIGH 10-Strike Network Scanner 3.0 contains a local buffer overflow vulnerability in the host name field that allows attackers to bypass SafeSEH protections and execute arbitrary code. Attackers can craft …
CVE-2018-25344 2026-05-23 8.4 HIGH 10-Strike Network Inventory Explorer 8.54 contains a stack-based buffer overflow vulnerability in the registration key input field that allows local attackers to execute arbitrary code by triggering a…
CVE-2018-25343 2026-05-23 4.3 MEDIUM Smartshop 1 contains a cross-site request forgery vulnerability that allows attackers to modify user profiles by tricking authenticated users into submitting malicious requests. Attackers can craft HT…
CVE-2018-25342 2026-05-23 8.2 HIGH Smartshop 1 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'searched' parameter in searc…
CVE-2018-25341 2026-05-23 8.2 HIGH Smartshop 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET r…
CVE-2018-25340 2026-05-23 8.2 HIGH Smartshop 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET r…
CVE-2026-9306 2026-05-23 3.7 LOW A security vulnerability has been detected in QuantumNous new-api up to 0.12.1. This affects the function RelayMidjourneyImage/GetByOnlyMJId of the file router/relay-router.go of the component Midjour…
CVE-2026-9305 2026-05-23 6.3 MEDIUM A weakness has been identified in QuantumNous new-api up to 0.12.1. The impacted element is the function SearchUserTopUps/SearchAllTopUps of the file model/topup.go of the component self Endpoint. Thi…
CVE-2026-9304 2026-05-23 5 MEDIUM A security flaw has been discovered in calcom cal.diy up to 4.9.4. The affected element is the function validateUrlForSSRF of the file apps/web/app/api/logo/route.ts of the component Logo API. The man…
CVE-2026-9303 2026-05-23 4.3 MEDIUM A vulnerability was identified in calcom cal.diy up to 4.9.4. Impacted is an unknown function. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The…
CVE-2026-9302 2026-05-23 6.3 MEDIUM A vulnerability was determined in 546669204 vps-inventory-monitoring up to 98c00b370668c96ae75e91c15548d9ea113652d9. This issue affects the function eval of the file app/index/command/VpsTest.php of t…
CVE-2026-9301 2026-05-23 6.3 MEDIUM A vulnerability was found in omec-project amf up to 2.1.1. This vulnerability affects unknown code of the component NGReset Message Handler. Performing a manipulation results in memory corruption. The…
CVE-2026-9300 2026-05-23 6.3 MEDIUM A vulnerability has been found in omec-project amf up to 2.1.1. This affects an unknown part of the component NGSetupRequest Handler. Such manipulation leads to memory corruption. The attack can be ex…
CVE-2026-46300 2026-05-23 7.8 HIGH In the Linux kernel, the following vulnerability has been resolved: net: skbuff: preserve shared-frag marker during coalescing skb_try_coalesce() can attach paged frags from @from to @to. If @from …
CVE-2026-43503 2026-05-23 8.8 HIGH In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through frag-transfer helpers Two frag-transfer helpers (__pskb_copy_fclone() and skb_sh…
CVE-2026-9299 2026-05-23 6.3 MEDIUM A flaw has been found in omec-project amf up to 2.1.1. Affected by this issue is the function PDUSessionResourceModifyIndication of the file /go/src/amf/ngap/handler.go. This manipulation causes memor…
CVE-2026-9298 2026-05-23 6.3 MEDIUM A vulnerability was detected in omec-project amf up to 2.1.1. Affected by this vulnerability is an unknown functionality of the component PathSwitchRequest Handler. The manipulation results in memory …
CVE-2026-9297 2026-05-23 6.3 MEDIUM A security vulnerability has been detected in Edimax BR-6428NS 1.10. Affected is the function formWlbasic of the file /goform/formWlbasic of the component POST Request Handler. The manipulation of the…
CVE-2026-9296 2026-05-23 6.3 MEDIUM A weakness has been identified in Edimax BR-6428NS 1.10. This impacts the function system of the file /goform/formWlanM of the component POST Request Handler. Executing a manipulation of the argument …
CVE-2026-9295 2026-05-23 8.8 HIGH A security flaw has been discovered in Edimax BR-6428NS 1.10. This affects the function formWirelessTbl of the file /goform/formWirelessTbl of the component POST Request Handler. Performing a manipula…
CVE-2026-9294 2026-05-23 8.8 HIGH A vulnerability was identified in Edimax BR-6428NS 1.10. The impacted element is the function formWanTcpipSetup of the file /goform/formWanTcpipSetup of the component POST Request Handler. Such manipu…
CVE-2026-9284 2026-05-23 8.2 HIGH The WooCommerce PayPal Payments plugin for WordPress is vulnerable to unauthorized order manipulation and information disclosure due to missing authorization checks on the `ppc-create-order` and `ppc-…
CVE-2026-6898 2026-05-23 8.8 HIGH The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'WishListMember3_Hooks::generate_api_key' function in all versions …
CVE-2026-6897 2026-05-23 8.8 HIGH The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'WishListMember\Features\Team_Accounts::save_settings' function in …
CVE-2026-6895 2026-05-23 8.8 HIGH The WishList Member plugin for WordPress is vulnerable to Missing Authorization leading to Sensitive Information Disclosure and Privilege Escalation in versions up to and including 3.30.1. This is due…
CVE-2026-6419 2026-05-23 8.8 HIGH The WishList Member plugin for WordPress is vulnerable to Privilege Escalation via Missing Authorization in versions up to and including 3.30.1. This is due to the missing capability and nonce check i…