Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
0.0 NA
CVE-2026-57111 — Apache Helix REST: Permissive CORS Configuration in REST API Allows Unrestricted Cross-Or…

Permissive Cross-Origin Resource Sharing (CORS) in the REST API (helix-rest, org.apache.helix.rest.server.filters.CORSFilter) in Apache Helix through 2.0.0 on all platforms allows a remote attacker c…

| Misconfiguration
Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
6.4 MEDIUM
CVE-2026-4653 — Block, Suspend, Report for BuddyPress <= 3.6.4 - Authenticated (Subscriber+) Stored Cross…

The Block, Suspend, Report for BuddyPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' parameter in versions up to and including 3.6.4. This is due to insufficient…

Remote | Cross-Site Scripting
Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
8.1 HIGH
CVE-2026-33390 — Incorrect privilege assignment for Arc sensors in Guardian/CMC before 26.2.0

An Incorrect Privilege Assignment vulnerability was discovered in the synchronization functionality due to Arc sensors receiving CLI permissions. An authenticated user with limited privileges can pus…

cmc guardian cmc guardian | Remote | Authorization
Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
8.3 HIGH
CVE-2026-31985 — Disabled and non-configurable TLS certificate validation in n2os-tui when connecting the …

When the upstream Guardian or CMC was configured in the Remote Collector via n2os-tui, the generated configuration disabled TLS certificate verification, and no option was provided to enable it. A ma…

Remote | Misconfiguration
Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
8.7 HIGH
CVE-2026-31984 — DoS through oversized audit log entries in Guardian/CMC before 26.2.0

A denial-of-service vulnerability caused by unbounded resource allocation was discovered in the audit logging functionality, due to a missing size limit on input recorded into audit entries. An unaut…

cmc guardian cmc guardian | Remote | Denial of Service
Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
6.9 MEDIUM
CVE-2026-31983 — Missing authentication in SSH keys synchronization endpoint in Guardian/CMC before 26.2.0

A Missing Authentication vulnerability was discovered in the SSH keys synchronization endpoint. An unauthenticated attacker can send a request to the SSH keys synchronization endpoint and obtain the …

cmc guardian cmc guardian | Remote | Authentication
Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
7.1 HIGH
CVE-2026-31982 — Open Redirect in SAML Single Sign-On in Guardian/CMC before 26.2.0

An Open Redirect vulnerability was discovered in the SAML Single Sign-On functionality due to insufficient validation of a user-controlled redirection parameter. An unauthenticated attacker can craft…

cmc guardian cmc guardian | Remote | Misconfiguration
Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
5.9 MEDIUM
CVE-2026-31981 — HTML injection in Diagram tab and Graph view in Guardian/CMC before 26.2.0

A Stored HTML Injection vulnerability was discovered in the Diagram tab and Graph view due to a shared input validation function being insufficiently restrictive. An authenticated user with administr…

cmc guardian cmc guardian | Remote | Cross-Site Scripting
Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
7.2 HIGH
CVE-2026-15000 — Connect Contact Form 7 and Mailchimp <= 0.9.78.06 - Unauthenticated Stored Cross-Site Scr…

The Connect Contact Form 7 and Mailchimp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Mailchimp Merge Field Values in all versions up to, and including, 0.9.78.06 due to insu…

Remote | Cross-Site Scripting
Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
6.4 MEDIUM
CVE-2026-14343 — Download Manager <= 3.3.61 - Authenticated (Contributor+) Stored Cross-Site Scripting via…

The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'note_before' and 'note_after' Shortcode Attributes in all versions up to, and including, 3.3.61 due to insu…

Remote | Cross-Site Scripting
Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
4.9 MEDIUM
CVE-2026-14342 — Mail Mint <= 1.24.2 - Authenticated (Administrator+) SQL Injection via 'contact_ids' Para…

The Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for WordPress is vulnerable to time-based SQL Injection via the 'contact_ids' parameter in all versions up to…

Remote | Injection
Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
9.8 CRITICAL
CVE-2026-14245 — miniOrange OTP Login, Verification and SMS Notifications <= 5.5.1 - Authentication Bypass…

The miniOrange OTP Login, Verification and SMS Notifications plugin for WordPress is vulnerable to Authentication Bypass leading to Administrator Account Takeover in all versions up to, and including…

Remote | Authentication
Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
6.4 MEDIUM
CVE-2026-13771 — Customer Reviews for WooCommerce <= 5.113.0 - Authenticated (Contributor+) Stored Cross-S…

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'color' Shortcode Attribute in all versions up to, and including, 5.113.0 due to insufficien…

Remote | Cross-Site Scripting
Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
5.3 MEDIUM
CVE-2026-13450 — GamiPress <= 7.9.4 - Insecure Direct Object Reference to Unauthenticated Sensitive Inform…

The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and inclu…

Remote | Authorization
Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
6.1 MEDIUM
CVE-2026-13334 — Mang Board WP <= 2.3.4 - Reflected Cross-Site Scripting via 'stag' Parameter

The Mang Board WP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'stag' parameter in all versions up to, and including, 2.3.4 due to insufficient input sanitization and …

Remote | Cross-Site Scripting
Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
6.4 MEDIUM
CVE-2026-13253 — Post Grid Gutenberg Blocks for News, Magazines, Blog Websites <= 5.0.31 - Authenticated (…

The Ultimate Post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'moreResultsText' block attribute of the ultimate-post/advanced-search block in versions up to and includin…

Remote | Cross-Site Scripting
Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
6.6 MEDIUM
CVE-2026-13080 — WPFunnels <= 3.12.7 - Authenticated (Administrator+) Local File Inclusion via 'logKey' Pa…

The WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.12.7 via the 'logKey…

Remote | Path Traversal
Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
6.5 MEDIUM
CVE-2026-13011 — ERP: Complete HR, Accounting & CRM Suite with Recruitment and WooCommerce CRM Support <= …

The ERP: Complete HR, Accounting & CRM Suite with Recruitment and WooCommerce CRM Support plugin for WordPress is vulnerable to generic SQL Injection via the 'orderby' parameter in all versions up to…

Remote | Injection
Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
5.3 MEDIUM
CVE-2026-12418 — User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Re…

The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, a…

Remote | Authorization
Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
5.3 MEDIUM
CVE-2026-12406 — User Frontend <= 4.3.7 - Missing Authorization to Unauthenticated Arbitrary Attachment De…

The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including…

Remote | Authorization
Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
Showing 20 of 7704 Results