Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
0.0 NA
CVE-2026-53633 — Vitest: Exposed Browser Mode API Can Proxy CDP and Overwrite Config Files, Leading to RCE

Vitest is a testing framework powered by Vite. From 3.0.0 until 3.2.5, 4.1.8, and 5.0.0-beta.4, Vitest Browser Mode exposed a cdp() API that forwarded raw Chrome DevTools Protocol methods without bei…

| Denial of Service
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
0.0 NA
CVE-2026-13001 — Podlove Podcast Publisher <= 4.5.1 - Unauthenticated Arbitrary File Upload via podlove_im…

The Podlove Podcast Publisher plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'podlove_handle_cache_files' function in all versions up to, and …

| Misconfiguration
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
0.0 NA
CVE-2026-47428 — Vitest browser mode serves unsanitized otelCarrier query parameter as inline script

Vitest is a testing framework powered by Vite. From 4.0.17 until 4.1.6 and 5.0.0-beta.3, Vitest Browser Mode served /__vitest_test__/ with the otelCarrier query parameter inserted directly into an in…

| Cross-Site Scripting
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
7.8 HIGH
CVE-2026-50650 — .NET Framework Elevation of Privilege Vulnerability

None

Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
7.8 HIGH
CVE-2026-50649 — .NET Remote Code Execution Vulnerability

None

Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
7.5 HIGH
CVE-2026-50648 — .NET Framework Denial of Service Vulnerability

None

Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
7.8 HIGH
CVE-2026-50646 — .NET Framework Remote Code Execution Vulnerability

None

Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
8.2 HIGH
CVE-2026-50528 — .NET Security Feature Bypass Vulnerability

None

Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
7.5 HIGH
CVE-2026-50527 — .NET Framework Denial of Service Vulnerability

None

Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
7.0 HIGH
CVE-2026-50526 — .NET Tampering Vulnerability

None

Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
7.5 HIGH
CVE-2026-50525 — .NET Denial of Service Vulnerability

None

Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
7.5 HIGH
CVE-2026-50524 — .NET Framework Denial of Service Vulnerability

None

Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
0.0 NA
CVE-2026-47429 — Vitest: Arbitrary file can be read and executed when Vitest UI server is listening

Vitest is a testing framework powered by Vite. Prior to 3.2.5 and 4.1.0, the Vitest UI/API server on Windows used isFileServingAllowed incorrectly for /__vitest_attachment__, allowing \\?\\..\\ path …

| Path Traversal
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
0.0 NA
CVE-2026-48038 — joi: Uncaught RangeError on deeply nested input through recursive `link()` schemas

joi is a schema description language and data validator for JavaScript. Prior to 17.13.4 and 18.2.1, denial of service is possible via an untrapped exception in services validating user-supplied JSON…

| Denial of Service
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
0.0 NA
CVE-2026-48761 — Symfony: HtmlSanitizer UrlAttributeSanitizer Misses URL Attributes on <object>, <applet>,…

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 6.1.0 until 6.4.41, 7.4.13, and 8.0.13, UrlAttributeSanitizer::getSupportedAttributes() omitted …

| Cross-Site Scripting
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
8.6 HIGH
CVE-2026-48310 — Adobe Experience Manager | Improper Limitation of a Pathname to a Restricted Directory ('…

Adobe Experience Manager is affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An attacker coul…

experience_manager | Remote | Path Traversal
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
9.6 CRITICAL
CVE-2026-48259 — Adobe Experience Manager | Server-Side Request Forgery (SSRF) (CWE-918)

Adobe Experience Manager is affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in arbitrary code execution in the context of the current user. A low-privileged attacker …

experience_manager | Remote | Server-Side Request Forgery
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
9.6 CRITICAL
CVE-2026-48359 — Adobe Experience Manager | Improper Restriction of XML External Entity Reference ('XXE') …

Adobe Experience Manager is affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution in the context of the current user…

experience_manager | Remote | XML External Entity
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
5.4 MEDIUM
CVE-2026-48263 — Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager is affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Ma…

experience_manager | Remote | Cross-Site Scripting
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
5.4 MEDIUM
CVE-2026-48260 — Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)

Adobe Experience Manager is affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript …

experience_manager | Remote | Cross-Site Scripting
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
Showing 20 of 8247 Results