Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
8.8 HIGH
CVE-2026-7201 — CWE-639: Authorization Bypass Through User-Controlled Key in web services in Progress Sit…

CWE-639: Authorization Bypass Through User-Controlled Key in web services in Progress Sitefinity 15.2.x before 15.2.8441, 15.3.x before 15.3.8531, and 15.4.x before 15.4.8630 allows a remote authenti…

sitefinity | Remote | Authorization
Jun 02, 2026 Jun 02, 2026
Jun 02, 2026
Jun 02, 2026
9.8 CRITICAL
CVE-2026-7198 — CWE-284: Improper Access Control in web services in Progress Sitefinity

CWE-284: Improper Access Control in web services in Progress Sitefinity 15.4.8623 before 15.4.8630 allows a remote unauthenticated attacker to access content that should be restricted, resulting in f…

sitefinity | Remote | Authorization
Jun 02, 2026 Jun 02, 2026
Jun 02, 2026
Jun 02, 2026
8.8 HIGH
CVE-2026-7195 — CWE-20: Improper Input Validation in web services in Progress Sitefinity

CWE-20: Improper Input Validation in web services in Progress Sitefinity 14.1.x through 14.3.x, 14.4.x before 14.4.8152, 15.0.x before 15.0.8234, 15.1.x before 15.1.8335, 15.2.x before 15.2.8441, 15.…

sitefinity | Remote | Injection
Jun 02, 2026 Jun 02, 2026
Jun 02, 2026
Jun 02, 2026
5.4 MEDIUM
CVE-2026-49782 — WordPress Elementor Website Builder plugin <= 4.1.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Elementor Elementor Website Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Elementor Website Builder: from…

website_builder | Remote | Authorization
Jun 02, 2026 Jun 02, 2026
Jun 02, 2026
Jun 02, 2026
5.6 MEDIUM
CVE-2026-43965 — Path Traversal in build/packages/packages.toml Allows Arbitrary Directory Deletion

Path traversal vulnerability in Gleam's dependency management allows arbitrary directory deletion via malicious build/packages/packages.toml content. Package keys read from build/packages/packages.t…

| Path Traversal
Jun 02, 2026 Jun 02, 2026
Jun 02, 2026
Jun 02, 2026
5.1 MEDIUM
CVE-2026-42795 — Symlink Following in Hex Package Export Allows Embedding Files Outside Project Root

Symlink following vulnerability in Gleam's Hex package export allows files outside the project root to be embedded in the generated package tarball. The file collection helpers (gleam_files, native_…

| Path Traversal
Jun 02, 2026 Jun 02, 2026
Jun 02, 2026
Jun 02, 2026
5.9 MEDIUM
CVE-2026-41918 — RUGGEDCOM Information Disclosure via Browser Cache

A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V4.0). The affected applications stores sensitive information in the browser cache when an authenticated user…

ruggedcom_rst2428p | Remote | Information Disclosure
Jun 02, 2026 Jun 02, 2026
Jun 02, 2026
Jun 02, 2026
8.1 HIGH
CVE-2026-39555 — WordPress Askka theme <= 1.3.1 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Elated-Themes Askka allows Object Injection. This issue affects Askka: from n/a through 1.3.1.

Remote | Injection
Jun 02, 2026 Jun 02, 2026
Jun 02, 2026
Jun 02, 2026
8.1 HIGH
CVE-2026-39553 — WordPress WaveRide theme <= 1.4 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes WaveRide allows PHP Local File Inclusion. This issue affects Wa…

Remote | Path Traversal
Jun 02, 2026 Jun 02, 2026
Jun 02, 2026
Jun 02, 2026
8.1 HIGH
CVE-2026-39552 — WordPress Blueprint theme < 1.1.5 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Code Supply Co. Blueprint allows PHP Local File Inclusion. This issue affects…

Remote | Path Traversal
Jun 02, 2026 Jun 02, 2026
Jun 02, 2026
Jun 02, 2026
0.0 NA
CVE-2026-35717 — VIVOTEK FD8136 Stack-Based Buffer Overflow

A stack-based buffer overflow in the export_language.cgi binary in VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows authenticated remote attackers to execute arbitrary code as root via a crafted POST…

| Memory Corruption
Jun 02, 2026 Jun 02, 2026
Jun 02, 2026
Jun 02, 2026
4.6 MEDIUM
CVE-2026-32685 — Path Traversal in gleam docs build via documentation.pages Allows Arbitrary File Read and…

Path traversal vulnerability in Gleam's handling of custom documentation pages allows arbitrary file read and file write outside the intended documentation output directory. The documentation.pages …

| Path Traversal
Jun 02, 2026 Jun 02, 2026
Jun 02, 2026
Jun 02, 2026
4.3 MEDIUM
CVE-2026-32250 — NamelessMC has Reflected Cross-Site Scripting (XSS) in id parameter of /index.php?route=/…

NamelessMC is website software for Minecraft servers. A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in version 2.2.4 in the id parameter of the endpoint `/index.php?route=/queri…

nameless | Remote | Cross-Site Scripting
Jun 02, 2026 Jun 02, 2026
Jun 02, 2026
Jun 02, 2026
5.9 MEDIUM
CVE-2026-28116 — WordPress Progress Planner plugin <= 1.9.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Emilia Projects Progress Planner allows Stored XSS. This issue affects Progress Planner: from n/…

progress_planner | Remote | Cross-Site Scripting
Jun 02, 2026 Jun 02, 2026
Jun 02, 2026
Jun 02, 2026
5.4 MEDIUM
CVE-2026-27351 — WordPress Crew HRM plugin <= 1.2.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Sekander Badsha Crew HRM allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Crew HRM: from n/a through 1.2.2.

Remote | Authorization
Jun 02, 2026 Jun 02, 2026
Jun 02, 2026
Jun 02, 2026
0.0 NA
CVE-2026-10622 — CVE-2026-10622

Improper Authentication in REST API in Collibra Agent, allows a remote unauthenticated attacker to access privileged functionality via exposed '/rest/* endpoints.

| Authentication
Jun 02, 2026 Jun 02, 2026
Jun 02, 2026
Jun 02, 2026
0.0 NA
CVE-2026-10621 — CVE-2026-10621

Path traversal in restore handler in Collibra Agent, allows an attacker to write arbitrary files via a crafted ZIP archive. Collibra Agent fails to properly validate and canonicalize file path during…

| Path Traversal
Jun 02, 2026 Jun 02, 2026
Jun 02, 2026
Jun 02, 2026
8.2 HIGH
CVE-2026-10611 — OTP bypass via plugin-based LDAP authentication in MISP when LDAP mixed authentication is…

An authentication bypass vulnerability exists in MISP when LDAP mixed authentication is enabled with OTP enforcement. In deployments configured with LdapAuth.mixedAuth=true and Security.require_otp=t…

Remote | Authentication
Jun 02, 2026 Jun 02, 2026
Jun 02, 2026
Jun 02, 2026
8.1 HIGH
CVE-2025-69369 — WordPress Racquet theme <= 1.12.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Racquet allows PHP Local File Inclusion. This issue affects Racqu…

Remote | Path Traversal
Jun 02, 2026 Jun 02, 2026
Jun 02, 2026
Jun 02, 2026
8.1 HIGH
CVE-2025-68886 — WordPress Cookiteer theme <= 1.4.8 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in androThemes Cookiteer allows PHP Local File Inclusion. This issue affects Coo…

Remote | Path Traversal
Jun 02, 2026 Jun 02, 2026
Jun 02, 2026
Jun 02, 2026
Showing 20 of 7086 Results