Common Vulnerabilities and Exposures (CVE)

CVE-2026-38930

Jul 5, 2026 16:16:18 UTC

OpenRapid RapidCMS v1.3.1 was discovered to contain an authentication bypass in the /template/default/menu.php component. This vulnerability is exploited via injecting a crafted SQL payload into the name cookie parameter.

CVE-2025-60889

Jul 5, 2026 16:16:14 UTC

Insecure deserialization of untrusted input in StellarGroup HPX 1.11.0 under certain conditions may allow attackers to execute arbitrary code or other unspecified impacts.

CVE-2025-63743

Jul 5, 2026 16:16:10 UTC

Cross-Site Scripting vulnerability in the Snipe-IT web-based asset management system v8.3.0 to up and including v8.3.1 allows authenticated attacker with lowest privileges sufficient only to log in, to inject arbitrary JavaScript code via "...

CVE-2026-30462

Jul 5, 2026 16:16:05 UTC

A path traversal vulnerability in the Blocks module of Daylight Studio FuelCMS v1.5.2 allows attackers to execute a directory traversal.

CVE-2026-30461

Jul 5, 2026 16:15:58 UTC

Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the /controllers/Installer.php and the function add_git_submodule.

CVE-2026-30460

Jul 5, 2026 16:15:54 UTC

Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability in the Blocks module.

CVE-2026-30459

Jul 5, 2026 16:15:50 UTC

An issue in the Forgot Password feature of Daylight Studio FuelCMS v1.5.2 allows unauthenticated attackers to obtain the password reset token of a victim user via a crafted link placed in a valid e-mail message.

CVE-2026-30352

Jul 5, 2026 16:15:46 UTC

A remote code execution (RCE) vulnerability in the /devserver/start endpoint of leonvanzyl autocoder commit 79d02a allows attackers to execute arbitrary code via providing a crafted command parameter.

CVE-2026-30266

Jul 5, 2026 16:15:42 UTC

Insecure Permissions vulnerability in DeepCool DeepCreative v.1.2.12 and before allows a local attacker to execute arbitrary code via a crafted file

CVE-2026-38936

Jul 5, 2026 16:15:38 UTC

A reflected cross-site scripting (XSS) vulnerability exists in diskover-community <= 2.3.5 in public/selectindices.php via the namecontains parameter

CVE-2026-38935

Jul 5, 2026 16:15:34 UTC

A reflected cross-site scripting (XSS) vulnerability exists in diskover-community <= 2.3.5 in public/view.php via the doctype parameter

CVE-2026-38934

Jul 5, 2026 16:15:30 UTC

Cross Site Request Forgery vulnerability in diskoverdata diskover-community v.2.3.5. and before allows a remote attacker to escalate privileges and obtain sensitive information via the public/settings_process.php

CVE-2025-70082

Jul 5, 2026 16:15:26 UTC

An issue in Lantronix EDS3000PS v.3.1.0.0R2 allows an attacker to execute arbitrary code and obtain sensitive information via the ltrx_evo component

CVE-2025-52204

Jul 5, 2026 16:15:22 UTC

A Cross-Site Scripting (XSS) vulnerability exists in Znuny::ITSM 6.5.x in the customer.pl endpoint via the OTRSCustomerInterface parameter

CVE-2025-50881

Jul 5, 2026 16:15:17 UTC

The `flow/admin/moniteur.php` script in Use It Flow administration website before 10.0.0 is vulnerable to Remote Code Execution. When handling GET requests, the script takes user-supplied input from the `action` URL parameter, performs insu...