🛡️ CVE Tracker
Latest 50 CVEs from the NIST National Vulnerability Database — updated every 6 hours.
Last fetched: Mon, 22 Jun 2026 04:52:06 GMT CRITICAL: 2 HIGH: 29 MEDIUM: 18 LOW: 1
| CVE ID | Published | Score | Severity | Description |
|---|---|---|---|---|
| CVE-2026-9351 | 2026-05-24 | 6.5 | MEDIUM | A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.16. This vulnerability affects the function _is_blocked_device of the file tools/file_tools.py of the component read_file … |
| CVE-2026-9350 | 2026-05-24 | 7.3 | HIGH | A vulnerability was identified in NousResearch hermes-agent up to 2026.4.16. This affects the function check_all_command_guards of the file tools/approval.py of the component Batch Runner. Such manipu… |
| CVE-2026-9349 | 2026-05-24 | 5.3 | MEDIUM | A vulnerability was determined in calcom cal.diy up to 4.9.4. Affected by this issue is the function getServerSideProps of the file apps/web/modules/bookings/views/bookings-single-view.getServerSidePr… |
| CVE-2026-9348 | 2026-05-24 | 8.8 | HIGH | A vulnerability was found in Edimax EW-7438RPn up to 1.31. Affected by this vulnerability is an unknown functionality of the file /goform/mp of the component webs. The manipulation of the argument web… |
| CVE-2026-48829 | 2026-05-24 | 7.5 | HIGH | In GNU SASL before 2.2.3, DIGEST-MD5 has a NULL pointer dereference affecting both clients and servers, via a known token with no accompanying = character. This occurs in lib/digest-md5/getsubopt.c. |
| CVE-2026-9347 | 2026-05-24 | 6.3 | MEDIUM | A vulnerability has been found in Edimax EW-7438RPn up to 1.31. Affected is the function formWizSurvey of the file /goform/formWizSurvey of the component webs. The manipulation of the argument ip/mask… |
| CVE-2026-9346 | 2026-05-24 | 8.8 | HIGH | A flaw has been found in Edimax EW-7438RPn up to 1.31. This impacts the function formWirelessTbl of the file /goform/formWirelessTbl of the component webs. Executing a manipulation of the argument sub… |
| CVE-2026-9345 | 2026-05-24 | 8.8 | HIGH | A vulnerability was detected in Edimax EW-7438RPn up to 1.31. This affects the function formWizSurvey of the file /goform/formWizSurvey of the component webs. Performing a manipulation of the argument… |
| CVE-2026-9344 | 2026-05-24 | 8.8 | HIGH | A security vulnerability has been detected in Edimax EW-7438RPn up to 1.31. The impacted element is an unknown function of the file /goform/formWpsStart of the component webs. Such manipulation of the… |
| CVE-2026-9343 | 2026-05-23 | 6.3 | MEDIUM | A weakness has been identified in Edimax EW-7438RPn up to 1.31. The affected element is the function formWpsStart of the file /goform/formWpsStart of the component webs. This manipulation of the argum… |
| CVE-2026-9342 | 2026-05-23 | 6.3 | MEDIUM | A security flaw has been discovered in SourceCodester Hospitals Patient Records Management System 1.0. Impacted is an unknown function of the file /admin/patients/view_history.php. The manipulation of… |
| CVE-2018-25358 | 2026-05-23 | 7.5 | HIGH | D-Link DIR601 2.02NA contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration data by manipulating the table_name parameter in POST requ… |
| CVE-2018-25357 | 2026-05-23 | 9.8 | CRITICAL | Dolibarr ERP CRM 7.0.3 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP code through the db_name parameter. Attackers can… |
| CVE-2018-25356 | 2026-05-23 | 8.4 | HIGH | SIPp 3.6 and earlier contains a local buffer overflow vulnerability in command-line argument handling that allows local attackers to crash the application or execute arbitrary code. Attackers can trig… |
| CVE-2018-25355 | 2026-05-23 | 8.4 | HIGH | Audiograbber 1.83 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting structured exception handling mechanisms. Attackers can craft malicious i… |
| CVE-2018-25354 | 2026-05-23 | 4.3 | MEDIUM | Joomla Component jomres 9.11.2 contains a cross-site request forgery vulnerability that allows attackers to modify user account information by tricking authenticated users into visiting malicious page… |
| CVE-2018-25353 | 2026-05-23 | 8.8 | HIGH | Redaxo CMS Mediapool Addon 5.5.1 and older contains an arbitrary file upload vulnerability that allows authenticated users to bypass file extension blacklist restrictions. Attackers with editor accoun… |
| CVE-2018-25352 | 2026-05-23 | 7.1 | HIGH | WordPress Ultimate Form Builder Lite plugin version 1.3.7 and below contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code thr… |
| CVE-2018-25351 | 2026-05-23 | 8.2 | HIGH | Joomla! Component EkRishta 2.10 contains an error-based SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the username… |
| CVE-2018-25350 | 2026-05-23 | 9.8 | CRITICAL | userSpice 4.3.24 contains a username enumeration vulnerability that allows unauthenticated attackers to discover valid usernames by sending POST requests to the existingUsernameCheck.php endpoint. Att… |
| CVE-2018-25349 | 2026-05-23 | 6.1 | MEDIUM | userSpice 4.3.24 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the X-Forwarded-For HTTP header. Attackers can send crafted requests to the bac… |
| CVE-2018-25348 | 2026-05-23 | 8.2 | HIGH | Joomla! Component Ek Rishta 2.10 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attackers… |
| CVE-2018-25347 | 2026-05-23 | 7.1 | HIGH | WordPress Contact Form Maker Plugin 1.12.20 contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through the FormMakerSQLMapping and generete_csv_fm… |
| CVE-2018-25346 | 2026-05-23 | 7.1 | HIGH | WordPress Form Maker Plugin 1.12.24 and below contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through the FormMakerSQLMap… |
| CVE-2018-25345 | 2026-05-23 | 8.4 | HIGH | 10-Strike Network Scanner 3.0 contains a local buffer overflow vulnerability in the host name field that allows attackers to bypass SafeSEH protections and execute arbitrary code. Attackers can craft … |
| CVE-2018-25344 | 2026-05-23 | 8.4 | HIGH | 10-Strike Network Inventory Explorer 8.54 contains a stack-based buffer overflow vulnerability in the registration key input field that allows local attackers to execute arbitrary code by triggering a… |
| CVE-2018-25343 | 2026-05-23 | 4.3 | MEDIUM | Smartshop 1 contains a cross-site request forgery vulnerability that allows attackers to modify user profiles by tricking authenticated users into submitting malicious requests. Attackers can craft HT… |
| CVE-2018-25342 | 2026-05-23 | 8.2 | HIGH | Smartshop 1 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'searched' parameter in searc… |
| CVE-2018-25341 | 2026-05-23 | 8.2 | HIGH | Smartshop 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET r… |
| CVE-2018-25340 | 2026-05-23 | 8.2 | HIGH | Smartshop 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET r… |
| CVE-2026-9306 | 2026-05-23 | 3.7 | LOW | A security vulnerability has been detected in QuantumNous new-api up to 0.12.1. This affects the function RelayMidjourneyImage/GetByOnlyMJId of the file router/relay-router.go of the component Midjour… |
| CVE-2026-9305 | 2026-05-23 | 6.3 | MEDIUM | A weakness has been identified in QuantumNous new-api up to 0.12.1. The impacted element is the function SearchUserTopUps/SearchAllTopUps of the file model/topup.go of the component self Endpoint. Thi… |
| CVE-2026-9304 | 2026-05-23 | 5 | MEDIUM | A security flaw has been discovered in calcom cal.diy up to 4.9.4. The affected element is the function validateUrlForSSRF of the file apps/web/app/api/logo/route.ts of the component Logo API. The man… |
| CVE-2026-9303 | 2026-05-23 | 4.3 | MEDIUM | A vulnerability was identified in calcom cal.diy up to 4.9.4. Impacted is an unknown function. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The… |
| CVE-2026-9302 | 2026-05-23 | 6.3 | MEDIUM | A vulnerability was determined in 546669204 vps-inventory-monitoring up to 98c00b370668c96ae75e91c15548d9ea113652d9. This issue affects the function eval of the file app/index/command/VpsTest.php of t… |
| CVE-2026-9301 | 2026-05-23 | 6.3 | MEDIUM | A vulnerability was found in omec-project amf up to 2.1.1. This vulnerability affects unknown code of the component NGReset Message Handler. Performing a manipulation results in memory corruption. The… |
| CVE-2026-9300 | 2026-05-23 | 6.3 | MEDIUM | A vulnerability has been found in omec-project amf up to 2.1.1. This affects an unknown part of the component NGSetupRequest Handler. Such manipulation leads to memory corruption. The attack can be ex… |
| CVE-2026-46300 | 2026-05-23 | 7.8 | HIGH | In the Linux kernel, the following vulnerability has been resolved: net: skbuff: preserve shared-frag marker during coalescing skb_try_coalesce() can attach paged frags from @from to @to. If @from … |
| CVE-2026-43503 | 2026-05-23 | 8.8 | HIGH | In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through frag-transfer helpers Two frag-transfer helpers (__pskb_copy_fclone() and skb_sh… |
| CVE-2026-9299 | 2026-05-23 | 6.3 | MEDIUM | A flaw has been found in omec-project amf up to 2.1.1. Affected by this issue is the function PDUSessionResourceModifyIndication of the file /go/src/amf/ngap/handler.go. This manipulation causes memor… |
| CVE-2026-9298 | 2026-05-23 | 6.3 | MEDIUM | A vulnerability was detected in omec-project amf up to 2.1.1. Affected by this vulnerability is an unknown functionality of the component PathSwitchRequest Handler. The manipulation results in memory … |
| CVE-2026-9297 | 2026-05-23 | 6.3 | MEDIUM | A security vulnerability has been detected in Edimax BR-6428NS 1.10. Affected is the function formWlbasic of the file /goform/formWlbasic of the component POST Request Handler. The manipulation of the… |
| CVE-2026-9296 | 2026-05-23 | 6.3 | MEDIUM | A weakness has been identified in Edimax BR-6428NS 1.10. This impacts the function system of the file /goform/formWlanM of the component POST Request Handler. Executing a manipulation of the argument … |
| CVE-2026-9295 | 2026-05-23 | 8.8 | HIGH | A security flaw has been discovered in Edimax BR-6428NS 1.10. This affects the function formWirelessTbl of the file /goform/formWirelessTbl of the component POST Request Handler. Performing a manipula… |
| CVE-2026-9294 | 2026-05-23 | 8.8 | HIGH | A vulnerability was identified in Edimax BR-6428NS 1.10. The impacted element is the function formWanTcpipSetup of the file /goform/formWanTcpipSetup of the component POST Request Handler. Such manipu… |
| CVE-2026-9284 | 2026-05-23 | 8.2 | HIGH | The WooCommerce PayPal Payments plugin for WordPress is vulnerable to unauthorized order manipulation and information disclosure due to missing authorization checks on the `ppc-create-order` and `ppc-… |
| CVE-2026-6898 | 2026-05-23 | 8.8 | HIGH | The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'WishListMember3_Hooks::generate_api_key' function in all versions … |
| CVE-2026-6897 | 2026-05-23 | 8.8 | HIGH | The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'WishListMember\Features\Team_Accounts::save_settings' function in … |
| CVE-2026-6895 | 2026-05-23 | 8.8 | HIGH | The WishList Member plugin for WordPress is vulnerable to Missing Authorization leading to Sensitive Information Disclosure and Privilege Escalation in versions up to and including 3.30.1. This is due… |
| CVE-2026-6419 | 2026-05-23 | 8.8 | HIGH | The WishList Member plugin for WordPress is vulnerable to Privilege Escalation via Missing Authorization in versions up to and including 3.30.1. This is due to the missing capability and nonce check i… |