Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
4.4 MEDIUM
CVE-2026-5051 — Audit Log Plugin Directory Guard Bypass via Legacy path Option

HashiCorp Vault and Vault Enterprise prior to 2.0.1 audit device validation logic did not consistently apply plugin directory protections when the legacy file audit path option was used. This vulne…

vault | Remote | Misconfiguration
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
7.4 HIGH
CVE-2026-57723 — WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.8.12 - CSRF to Arbitrary File…

Cross-Site Request Forgery (CSRF) vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS allows Path Traversal. This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through 1.…

Remote | Path Traversal
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
5.9 MEDIUM
CVE-2026-57722 — WordPress Enable Media Replace plugin <= 4.2.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ShortPixel Enable Media Replace allows Stored XSS. This issue affects Enable Media Replace: from…

enable_media_replace | Remote | Cross-Site Scripting
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
0.0 NA
CVE-2026-54428 — Apache HttpComponents Core: HPackDecoder Unlimited Header List Size Before SETTINGS ACK

Allocation of resources without limits or throttling in the HTTP/2 HPACK decoder in Apache HttpComponents Core (5.4.2 and earlier, 5.5-beta1 and earlier) allows an remote attacker to cause a denial o…

| Denial of Service
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
0.0 NA
CVE-2026-54399 — Apache HttpComponents Core: Unbounded HTTP Header/Line Length in Default Configuration

Uncontrolled Resource Consumption vulnerability in the HTTP/1.1 message parser in Apache HttpComponents Core (5.4.2 and earlier, 5.5-beta1 and earlier) allows an remote attacker to cause a denial of …

| Denial of Service
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
4.4 MEDIUM
CVE-2026-49088 — Insertion of Sensitive Information into Log File in Kibana Leading to Information Disclos…

Insertion of Sensitive Information into Log File (CWE-532) in Kibana can lead to information disclosure. When the optional application performance monitoring (APM) instrumentation is enabled, sensiti…

kibana | Remote | Information Disclosure
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
5.3 MEDIUM
CVE-2026-57721 — WordPress ApplyOnline plugin <= 2.6.7.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Reloaded ApplyOnline allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ApplyOnline: from n/a through 2.6.7.6.

Remote | Authorization
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
4.3 MEDIUM
CVE-2026-57720 — WordPress ThumbPress plugin <= 6.3.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Codexpert Inc ThumbPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ThumbPress: from n/a through 6.3.2.

Remote | Authorization
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
5.5 MEDIUM
CVE-2026-12480 — Arbitrary HDF5 File Read via Virtual Dataset Bypass in keras-team/keras

Keras versions up to and including 3.13.2 are vulnerable to an arbitrary HDF5 file read due to an incomplete fix for CVE-2026-1669. The vulnerability resides in the `H5IOStore._verify_dataset()` and …

| Information Disclosure
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
8.8 HIGH
CVE-2026-57516 — Ray < 2.56.0 Unsafe Deserialization RCE via WebDataset Reader

Ray prior to 2.56.0 contains an unsafe deserialization vulnerability in the WebDataset reader that allows attackers to achieve remote code execution by supplying a malicious tar archive to the read_w…

ray | Remote | Injection
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
6.5 MEDIUM
CVE-2026-49087 — Allocation of Resources Without Limits or Throttling in Kibana Leading to Denial of Servi…

Allocation of Resources Without Limits or Throttling (CWE-770) in Kibana can lead to a denial of service via Excessive Allocation (CAPEC-130). An authenticated user can submit a specially crafted bul…

kibana | Remote | Denial of Service
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
5.3 MEDIUM
CVE-2026-56152 — Incorrect Authorization in Elastic Defend Leading to Information Disclosure

Incorrect Authorization (CWE-863) in Elastic Defend can lead to unauthorized information disclosure via Accessing Functionality Not Properly Constrained by ACLs (CAPEC-1). Under certain conditions, a…

Remote | Authorization
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
7.5 HIGH
CVE-2026-20243 — ClamAV ALZ Archive Processing Denial of Service Vulnerability

A vulnerability in the ALZ file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption …

secure_endpoint | Remote | Memory Corruption
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
6.5 MEDIUM
CVE-2026-56151 — Improper Input Validation in Kibana Leading to Denial of Service

Improper Input Validation (CWE-20) in Kibana can lead to a denial of service via Input Data Manipulation (CAPEC-153). An authenticated user can submit a specially crafted Fleet policy input that is n…

kibana | Remote | Denial of Service
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
7.5 HIGH
CVE-2026-20244 — ClamAV DMG File Processing Denial of Service Vulnerability

A vulnerability in the DMG file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption …

secure_endpoint | Remote | Memory Corruption
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
7.5 HIGH
CVE-2026-20215 — ClamAV 7Zip File Format Processing Out-of-Bounds Memory Corruption Vulnerability

A vulnerability in the 7z file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption o…

secure_endpoint | Remote | Memory Corruption
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
7.5 HIGH
CVE-2026-20217 — ClamAV PESpin File Format Processing Out-of-Bounds Memory Corruption Vulnerability

A vulnerability in the PESpin file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corrupti…

secure_endpoint | Remote | Memory Corruption
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
7.5 HIGH
CVE-2026-20216 — ClamAV InstallShield File Format Processing Resource Exhaustion Vulnerability

A vulnerability in the InstallShield file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to impro…

secure_endpoint | Remote | Denial of Service
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
7.5 HIGH
CVE-2026-20213 — ClamAV PE File Format Processing Out-of-Bounds Memory Corruption Vulnerability

A vulnerability in the PE file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption o…

secure_endpoint | Remote | Memory Corruption
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
7.5 HIGH
CVE-2026-20214 — ClamAV FSG File Format Processing Out-of-Bounds Memory Corruption Vulnerability

A vulnerability in the FSG file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption …

secure_endpoint | Remote | Memory Corruption
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
Showing 20 of 8002 Results