Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
6.5 MEDIUM
CVE-2026-62147 — Tempo-operator: tempo operator: query rbac bypass

The Tempo Operator's gateway component failed to consistently apply namespace-scoped redaction on some query API response paths when query RBAC was enabled, allowing an authenticated user to read spa…

openshift_distributed_tracing | Remote | Authorization
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
0.0 NA
CVE-2026-15558 — CodeAstro Simple Online Leave Management System deletemp.php sql injection

A security vulnerability has been detected in CodeAstro Simple Online Leave Management System 1.0. Affected by this issue is some unknown functionality of the file /SimpleOnlineLeave/admin/deletemp.p…

Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
5.1 MEDIUM
CVE-2026-12257 — Remote code execution in Mura Software’s CMS

Versions of Mura CMS prior to 10.0.712 contain a critical remote code execution (RCE) vulnerability. The flaw is located in the endpoint “/index.cfm/_api/json/v1/default”, where the “method” paramete…

Remote | Injection
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
4.3 MEDIUM
CVE-2026-9824 — Remote cluster metadata enumeration via /share-channel autocomplete

Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to check the manage_shared_channels permission in the /share-channel autocomplete handler, which allows an authenticat…

Remote | Authorization
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
3.8 LOW
CVE-2026-9820 — Mattermost schemes teams endpoint exposes private team invite IDs

Mattermost versions 11.7.x <= 11.7.2, 10.11.x <= 10.11.19 fail to sanitize team objects returned by the scheme teams endpoint, which allows a user with the User Manager role to obtain invite links fo…

Remote | Authorization
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
4.3 MEDIUM
CVE-2026-6541 — Unscoped updates to other playbooks' metric configuration

Mattermost versions 11.7.x <= 11.7.1, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to restrict metric configuration changes to the playbook being saved, which allows an authenticated user with team acc…

Remote | Authorization
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
5.1 MEDIUM
CVE-2026-4765 — Stored Cross-Site Scripting (XSS) in Tallos Chat by RD Station Conversas

Stored Cross-Site Scripting (XSS) vulnerability in the RD Station Conversas chat. The vulnerability resides in the ‘name’ parameter of the initialization process due to improper sanitization of user …

Remote | Cross-Site Scripting
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
9.4 CRITICAL
CVE-2026-14934 — Cross-Tenant Repository Takeover via Improper Access Control in BigQuery, Dataform and Co…

A Missing Authorization vulnerability in the repository creation functionality in Google Cloud BigQuery, Dataform and Colab Enterprise, in the versions between October 2025 and May 10th, 2026, on Goo…

Remote | Authorization
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
5.3 MEDIUM
CVE-2026-61985 — WordPress Car Rental Manager plugin <= 1.3.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in magepeopleteam Car Rental Manager car-rental-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Car Rental Manag…

Remote | Authorization
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
5.3 MEDIUM
CVE-2026-61983 — WordPress Church Admin plugin <= 5.0.30 - Broken Access Control vulnerability

Missing Authorization vulnerability in andy_moyle Church Admin church-admin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Church Admin: from n/a through <…

Remote | Authorization
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
5.3 MEDIUM
CVE-2026-61977 — WordPress JetSearch plugin <= 3.6.1.2 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Crocoblock JetSearch jet-search allows Retrieve Embedded Sensitive Data.This issue affects JetSearch: from …

jetsearch | Remote | Information Disclosure
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
5.3 MEDIUM
CVE-2026-61976 — WordPress JetBlocks For Elementor plugin <= 1.5.0 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Crocoblock JetBlocks For Elementor jet-blocks allows Retrieve Embedded Sensitive Data.This issue affects Je…

Remote | Information Disclosure
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
5.3 MEDIUM
CVE-2026-61975 — WordPress JetReviews plugin <= 3.0.1 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Crocoblock JetReviews jet-reviews allows Retrieve Embedded Sensitive Data.This issue affects JetReviews: fr…

jetreviews | Remote | Information Disclosure
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
2.7 LOW
CVE-2026-61971 — WordPress User Profile Picture plugin <= 2.6.3 - Insecure Direct Object References (IDOR)…

Authorization Bypass Through User-Controlled Key vulnerability in Cozmoslabs User Profile Picture metronet-profile-picture allows Exploiting Incorrectly Configured Access Control Security Levels.This…

user_profile_picture | Remote | Authorization
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
4.9 MEDIUM
CVE-2026-61970 — WordPress Auto Featured Image (Auto Post Thumbnail) plugin <= 5.0.4 - Server Side Request…

Server-Side Request Forgery (SSRF) vulnerability in Themeisle Auto Featured Image (Auto Post Thumbnail) auto-post-thumbnail allows Server Side Request Forgery.This issue affects Auto Featured Image (…

Remote | Server-Side Request Forgery
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
5.4 MEDIUM
CVE-2026-61968 — WordPress myCred plugin <= 3.1.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Saad Iqbal myCred mycred allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects myCred: from n/a through <= 3.1.2.

Remote | Authorization
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
5.4 MEDIUM
CVE-2026-61958 — WordPress License Manager for WooCommerce plugin <= 3.0.17 - Arbitrary Content Deletion v…

Missing Authorization vulnerability in Saad Iqbal License Manager for WooCommerce license-manager-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue af…

Remote | Authorization
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
7.1 HIGH
CVE-2026-61956 — WordPress ووسلام – همگام سازی ووکامرس و باسلام plugin <= 1.9.1 - Cross Site Request Forge…

Cross-Site Request Forgery (CSRF) vulnerability in hamsalam ووسلام &#8211; همگام سازی ووکامرس و باسلام sync-basalam allows Cross Site Request Forgery.This issue affects ووسلام &#8211; همگام سازی ووکا…

Remote | Cross-Site Request Forgery
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
7.6 HIGH
CVE-2026-61955 — WordPress گرویتی فرم فارسی plugin <= 3.0.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hannan گرویتی فرم فارسی persian-gravity-forms allows Blind SQL Injection.This issue affects گرویت…

Remote | Injection
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
4.9 MEDIUM
CVE-2026-61952 — WordPress WooCommerce Bulk Edit Products – WP Sheet Editor plugin <= 1.8.21 - Broken Acce…

Missing Authorization vulnerability in Jose Vega WooCommerce Bulk Edit Products – WP Sheet Editor woo-bulk-edit-products allows Exploiting Incorrectly Configured Access Control Security Levels.This i…

Remote | Authorization
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
Showing 20 of 7297 Results