Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
9.4 CRITICAL
CVE-2026-8931 — Critical RCE vulnerability in Disig Web Signer

A critical Remote Code Execution (RCE) vulnerability exists in Disig Web Signer versions 2.0.3 through 2.5.3.

Remote | Injection
Jun 01, 2026 Jun 01, 2026
Jun 01, 2026
Jun 01, 2026
9.8 CRITICAL
CVE-2026-48879 — WordPress AIWU plugin <= 1.4.17 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in Sergey AIWU allows Privilege Escalation. This issue affects AIWU: from n/a through 1.4.17.

Remote | Authorization
Jun 01, 2026 Jun 01, 2026
Jun 01, 2026
Jun 01, 2026
9.6 CRITICAL
CVE-2026-48866 — WordPress Gravity Forms plugin <= 2.10.0.1 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Rocketgenius Inc. Gravity Forms allows Path Traversal. This issue affects Gravity Forms: from n/a thro…

Remote | Path Traversal
Jun 01, 2026 Jun 01, 2026
Jun 01, 2026
Jun 01, 2026
7.1 HIGH
CVE-2026-48865 — WordPress LearnPress plugin <= 4.3.6 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress LearnPress allows Reflected XSS. This issue affects LearnPress: from n/a through 4.3.6.

learnpress | Remote | Cross-Site Scripting
Jun 01, 2026 Jun 01, 2026
Jun 01, 2026
Jun 01, 2026
7.1 HIGH
CVE-2026-48839 — WordPress WP Statistics plugin <= 14.16.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs WP Statistics allows DOM-Based XSS. This issue affects WP Statistics: from n/a throug…

wp_statistics | Remote | Cross-Site Scripting
Jun 01, 2026 Jun 01, 2026
Jun 01, 2026
Jun 01, 2026
5.4 MEDIUM
CVE-2026-48559 — Lightweight Music Server 3.76.0 Stored XSS via Media File Metadata Tags

Lightweight Music Server (LMS) though 3.76.0 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary JavaScript by embedding malicious HTML in media file metad…

Remote | Cross-Site Scripting
Jun 01, 2026 Jun 01, 2026
Jun 01, 2026
Jun 01, 2026
7.1 HIGH
CVE-2026-42683 — WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.8.8 - Cross Site Scripting (X…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS allows DOM-Based XSS. This issue affects VikBooki…

Remote | Cross-Site Scripting
Jun 01, 2026 Jun 01, 2026
Jun 01, 2026
Jun 01, 2026
9.1 CRITICAL
CVE-2026-42682 — WordPress wpForo Forum plugin <= 3.0.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Tomdever wpForo Forum allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects wpForo Forum: from n/a through 3.0.6.

Remote | Authorization
Jun 01, 2026 Jun 01, 2026
Jun 01, 2026
Jun 01, 2026
7.1 HIGH
CVE-2026-42681 — WordPress e2pdf plugin <= 1.32.14 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in E2Pdf.Com e2pdf allows Reflected XSS. This issue affects e2pdf: from n/a through 1.32.14.

Remote | Cross-Site Scripting
Jun 01, 2026 Jun 01, 2026
Jun 01, 2026
Jun 01, 2026
9.8 CRITICAL
CVE-2026-42680 — WordPress Contest Gallery Pro plugin <= 29.0.1 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery Pro allows Privilege Escalation. This issue affects Contest Gallery Pro: from n/a through …

Remote | Authorization
Jun 01, 2026 Jun 01, 2026
Jun 01, 2026
Jun 01, 2026
8.7 HIGH
CVE-2026-42251 — Hard-coded credentials in KS-SOMED

Use of hard-coded credentials in KS-SOMED allowed an unauthorized attacker access to FTP server that hosted the application's update packages. The attacker with these credentials could upload a malic…

Remote | Authentication
Jun 01, 2026 Jun 01, 2026
Jun 01, 2026
Jun 01, 2026
0.0 NA
CVE-2026-37221 — FlexRIC Assertion Failure Leading to Denial of Service

FlexRIC v2.0.0 crashes when receiving a RIC_SUBSCRIPTION_RESPONSE with an unknown ric_id that has no corresponding pending event. The near-RT RIC uses assert() to enforce the existence of a pending e…

| Denial of Service
Jun 01, 2026 Jun 01, 2026
Jun 01, 2026
Jun 01, 2026
0.0 NA
CVE-2026-37220 — FlexRIC SCTP Association Cleanup Denial-of-Service

FlexRIC v2.0.0 crashes when an SCTP association is closed before an E2_SETUP_REQUEST is sent. The near-RT RIC assumes a mapping between SCTP association and E2 node always exists in the cleanup path …

| Denial of Service
Jun 01, 2026 Jun 01, 2026
Jun 01, 2026
Jun 01, 2026
5.0 MEDIUM
CVE-2026-10533 — Openshift: openshift: non-admin user can bypass resourcequota and flood etcd with events …

A flaw was found in OpenShift Container Platform. Completed pods with restartPolicy: Never do not count toward ResourceQuota pod limits, and Kubernetes events are not quota-scoped. A non-privileged u…

openshift_container_platform | Remote | Misconfiguration
Jun 01, 2026 Jun 01, 2026
Jun 01, 2026
Jun 01, 2026
3.3 LOW
CVE-2026-10267 — janet-lang janet debug.c doframe out-of-bounds

A security flaw has been discovered in janet-lang janet up to 1.41.0. This affects the function doframe of the file src/core/debug.c. Performing a manipulation results in out-of-bounds read. Attackin…

janet | Memory Corruption
Jun 01, 2026 Jun 01, 2026
Jun 01, 2026
Jun 01, 2026
6.5 MEDIUM
CVE-2026-10265 — itsourcecode Content Management System edit_topic.php sql injection

A vulnerability was identified in itsourcecode Content Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/edit_topic.php. Such manipulation of the argument…

content_management_system | Remote | Injection
Jun 01, 2026 Jun 01, 2026
Jun 01, 2026
Jun 01, 2026
3.5 LOW
CVE-2026-10264 — lharries whatsapp-mcp Send API Endpoint main.go SendMessageRequest path traversal

A vulnerability was determined in lharries whatsapp-mcp 0.0.1. Affected by this vulnerability is the function SendMessageRequest of the file whatsapp-bridge/main.go of the component Send API Endpoint…

| Path Traversal
Jun 01, 2026 Jun 01, 2026
Jun 01, 2026
Jun 01, 2026
7.5 HIGH
CVE-2026-10263 — SourceCodester Computer Repair Shop Management System manage_product.php sql injection

A vulnerability was found in SourceCodester Computer Repair Shop Management System up to 1.0. Affected is an unknown function of the file /admin/products/manage_product.php. The manipulation of the a…

Remote | Injection
Jun 01, 2026 Jun 01, 2026
Jun 01, 2026
Jun 01, 2026
7.5 HIGH
CVE-2026-10262 — code-projects Real State Services Login loginuser.php sql injection

A vulnerability has been found in code-projects Real State Services 1.0. This impacts an unknown function of the file /loginuser.php of the component Login. The manipulation of the argument Username …

Remote | Injection
Jun 01, 2026 Jun 01, 2026
Jun 01, 2026
Jun 01, 2026
7.5 HIGH
CVE-2026-10261 — CodeAstro Online Job Portal application_status.php sql injection

A flaw has been found in CodeAstro Online Job Portal 1.0. This affects an unknown function of the file /users/application_status.php. Executing a manipulation of the argument ID can lead to sql injec…

Remote | Injection
Jun 01, 2026 Jun 01, 2026
Jun 01, 2026
Jun 01, 2026
Showing 20 of 6765 Results