Total
358423 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-2235 | 2026-06-17 | N/A | 6.5 MEDIUM | ||
| C&Cm@il developed by HGiga has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents. | |||||
| CVE-2026-2234 | 2026-06-17 | N/A | 9.1 CRITICAL | ||
| C&Cm@il developed by HGiga has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read and modify any user's mail content. | |||||
| CVE-2026-2232 | 2026-06-17 | N/A | 7.5 HIGH | ||
| The Product Table and List Builder for WooCommerce Lite plugin for WordPress is vulnerable to time-based SQL Injection via the 'search' parameter in all versions up to, and including, 4.6.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2026-2230 | 2026-06-17 | N/A | 4.3 MEDIUM | ||
| The Booking Calendar plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 10.14.14 via the handle_ajax_save function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, and booking permissions granted by an Administrator, to modify other users' plugin settings, such as booking calendar display options, which can disrupt the booking calendar functionality for the targeted user. | |||||
| CVE-2026-2227 | 1 Dlink | 2 Dcs-931l, Dcs-931l Firmware | 2026-06-17 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability was found in D-Link DCS-931L up to 1.13.0. Impacted is the function doSystem of the file /setSystemAdmin. Performing a manipulation of the argument AdminID results in command injection. The attack may be initiated remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2026-2226 | 1 Douco | 1 Douphp | 2026-06-17 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability has been found in DouPHP up to 1.9. This issue affects some unknown processing of the file /admin/file.php of the component ZIP File Handler. Such manipulation of the argument sql_filename leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2026-2225 | 1 Clive 21 | 1 News Portal Project | 2026-06-17 | 7.5 HIGH | 7.3 HIGH |
| A flaw has been found in itsourcecode News Portal Project 1.0. This vulnerability affects unknown code of the file /admin/index.php of the component Administrator Login. This manipulation of the argument email causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used. | |||||
| CVE-2026-2224 | 1 Fabian | 1 Online Reviewer System | 2026-06-17 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was detected in code-projects Online Reviewer System 1.0. This affects an unknown part of the file /system/system/admins/manage/users/btn_functions.php. The manipulation of the argument firstname results in cross site scripting. It is possible to launch the attack remotely. The exploit is now public and may be used. | |||||
| CVE-2026-2223 | 1 Fabian | 1 Online Reviewer System | 2026-06-17 | 7.5 HIGH | 7.3 HIGH |
| A security vulnerability has been detected in code-projects Online Reviewer System 1.0. Affected by this issue is some unknown functionality of the file /system/system/students/assessments/pretest/take/index.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2026-2222 | 1 Fabian | 1 Online Reviewer System | 2026-06-17 | 3.3 LOW | 2.4 LOW |
| A weakness has been identified in code-projects Online Reviewer System 1.0. Affected by this vulnerability is an unknown functionality of the file /system/system/admins/manage/users/btn_functions.php. Executing a manipulation of the argument firstname can lead to cross site scripting. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. | |||||
| CVE-2026-2221 | 1 Fabian | 1 Online Reviewer System | 2026-06-17 | 7.5 HIGH | 7.3 HIGH |
| A security flaw has been discovered in code-projects Online Reviewer System 1.0. Affected is an unknown function of the file /login/index.php of the component Login. Performing a manipulation of the argument Username results in sql injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. | |||||
| CVE-2026-2220 | 1 Fabian | 1 Online Reviewer System | 2026-06-17 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was identified in code-projects Online Reviewer System 1.0. This impacts an unknown function of the file /system/system/admins/assessments/pretest/btn_functions.php. Such manipulation of the argument difficulty_id leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used. | |||||
| CVE-2026-2219 | 1 Debian | 1 Dpkg | 2026-06-17 | N/A | 7.5 HIGH |
| It was discovered that dpkg-deb (a component of dpkg, the Debian package management system) does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service (infinite loop spinning the CPU). | |||||
| CVE-2026-2218 | 1 Dlink | 2 Dcs-933l, Dcs-933l Firmware | 2026-06-17 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was determined in D-Link DCS-933L up to 1.14.11. This affects an unknown function of the file /setSystemAdmin of the component alphapd. This manipulation of the argument AdminID causes command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2026-2217 | 1 Admerc | 1 Event Management System | 2026-06-17 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in itsourcecode Event Management System 1.0. The impacted element is an unknown function of the file /admin/manage_user.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used. | |||||
| CVE-2026-2216 | 2026-06-17 | 4.0 MEDIUM | 4.3 MEDIUM | ||
| A flaw has been found in rachelos WeRSS we-mp-rss up to 1.4.8. Impacted is the function download_export_file of the file apis/tools.py. Executing a manipulation of the argument filename can lead to path traversal. The attack can be launched remotely. The exploit has been published and may be used. | |||||
| CVE-2026-2215 | 2026-06-17 | 2.6 LOW | 3.7 LOW | ||
| A vulnerability was detected in rachelos WeRSS we-mp-rss up to 1.4.8. This issue affects some unknown processing of the file core/auth.py of the component JWT Handler. Performing a manipulation of the argument SECRET_KEY results in use of default cryptographic key. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is assessed as difficult. The exploit is now public and may be used. | |||||
| CVE-2026-2214 | 1 Fabian | 1 Online Music Site | 2026-06-17 | 3.3 LOW | 2.4 LOW |
| A weakness has been identified in code-projects for Plugin 1.0. This affects an unknown part of the file /Administrator/PHP/AdminAddAlbum.php. This manipulation of the argument txtalbum causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. | |||||
| CVE-2026-2213 | 1 Fabian | 1 Online Music Site | 2026-06-17 | 5.8 MEDIUM | 4.7 MEDIUM |
| A security flaw has been discovered in code-projects Online Music Site 1.0. Affected by this issue is some unknown functionality of the file /Administrator/PHP/AdminAddAlbum.php. The manipulation of the argument txtimage results in unrestricted upload. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. | |||||
| CVE-2026-2212 | 1 Fabian | 1 Online Music Site | 2026-06-17 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was identified in code-projects Online Music Site 1.0. Affected by this vulnerability is an unknown functionality of the file /Administrator/PHP/AdminEditCategory.php. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. | |||||