Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
0.0 NA
CVE-2025-68708 — SailingLab AppLock Android Overlay Bypass

SailingLab AppLock (aka com.alpha.applock) 4.3.8 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an overlay rather than by using Android's …

| Authentication
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
7.1 HIGH
CVE-2025-14361 — WordPress Woocommerce Envato Affiliates plugin <= 1.2.1 - Settings Change vulnerability

Missing Authorization vulnerability in AA-Team Woocommerce Envato Affiliates allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Woocommerce Envato Affiliates: from n…

Remote | Authorization
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
7.5 HIGH
CVE-2026-9575 — itsourcecode Student Transcript Processing System index.php sql injection

A vulnerability has been found in itsourcecode Student Transcript Processing System 1.0. This issue affects some unknown processing of the file /admin/modules/class/index.php?view=view. The manipulat…

Remote | Injection
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
7.5 HIGH
CVE-2026-9574 — itsourcecode Student Transcript Processing System trans.php sql injection

A flaw has been found in itsourcecode Student Transcript Processing System 1.0. This vulnerability affects unknown code of the file /admin/modules/student/trans.php. Executing a manipulation of the a…

Remote | Injection
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
7.5 HIGH
CVE-2026-9573 — itsourcecode Student Transcript Processing System index.php sql injection

A vulnerability was detected in itsourcecode Student Transcript Processing System 1.0. This affects an unknown part of the file /admin/modules/student/index.php?view=view. Performing a manipulation o…

Remote | Injection
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
7.1 HIGH
CVE-2026-44833 — Snipe-IT: Open redirect vulnerability

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, an open redirect vulnerability in Snipe-IT allows attackers to redirect users to malicious sites via unvalidated HTTP Referer header…

snipe-it | Remote | Misconfiguration
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
8.8 HIGH
CVE-2026-44832 — Snipe-IT: Privilege Escalation via API Permissions Assignment

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, aAn authenticated user with only users.edit permission can escalate their own privileges to admin by sending a PATCH request to /api…

snipe-it | Remote | Authorization
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
5.4 MEDIUM
CVE-2026-44831 — Snipe-IT: XSS vulnerability in component notes

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, users with component view access could be impacted by an unescaped notes column, resulting in cross-site scripting (XSS). This vulne…

snipe-it | Remote | Cross-Site Scripting
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
5.8 MEDIUM
CVE-2026-44214 — eventsource-encoder: SSE event injection via unsanitized event and id fields

eventsource-encoder encodes events as well-formed EventSource/Server Sent Event (SSE) messages. Prior to 1.0.2, eventsource-encoder does not sanitize the event or id fields of an EventSourceMessage b…

Remote | Injection
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
6.3 MEDIUM
CVE-2026-27331 — WordPress WpTravelly plugin <= 2.1.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Magepeople inc. WpTravelly allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpTravelly: from n/a through 2.1.5.

Remote | Authorization
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
4.3 MEDIUM
CVE-2026-25444 — WordPress WpBookingly plugin <= 1.2.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Magepeople inc. WpBookingly allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpBookingly: from n/a through 1.2.9.

Remote | Authorization
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
5.3 MEDIUM
CVE-2026-25426 — WordPress Taxi Booking Manager for WooCommerce plugin <= 2.0.1 - Broken Access Control vu…

Missing Authorization vulnerability in Magepeople inc. Taxi Booking Manager for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Taxi Booking M…

Remote | Authorization
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
4.3 MEDIUM
CVE-2026-24520 — WordPress Tiktok Feed plugin <= 1.0.24 - Broken Access Control vulnerability

Missing Authorization vulnerability in bPlugins Tiktok Feed allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Tiktok Feed: from n/a through 1.0.24.

Remote | Authorization
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
0.0 NA
CVE-2025-68710 — Easyelife App Lock Fingerprinting Bypass Vulnerability

Easyelife App lock (aka Fingerprint,Applock or locker.app.safe.applocker) 1.9.2 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an overlay …

| Authentication
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
0.0 NA
CVE-2025-68709 — SailingLab AppLock JavaScript Injection Vulnerability

SailingLab AppLock (aka com.alpha.applock) 4.3.8 for Android allows a local attacker to trigger arbitrary JavaScript execution via BrowserMainActivity, which accepts VIEW intents with javascript: URI…

| Cross-Site Scripting
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
3.3 LOW
CVE-2026-9572 — GPAC MP4Box media.c Media_GetSample memory leak

A security vulnerability has been detected in GPAC up to 2.4.0. Affected by this issue is the function Media_GetSample of the file src/isomedia/media.c of the component MP4Box. Such manipulation of t…

| Memory Corruption
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
5.1 MEDIUM
CVE-2026-9568 — ThingsBoard YAML provision getGatewayDockerComposeFile code injection

A weakness has been identified in ThingsBoard up to 4.3.1.1. Affected by this vulnerability is the function getGatewayDockerComposeFile of the file /api/v1/provision of the component YAML Handler. Th…

Remote | Injection
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
8.8 HIGH
CVE-2026-8890 — code100x Mobile API Authentication Bypass via Header Spoofing

code100x contains an authentication bypass vulnerability in the Mobile API that allows unauthenticated attackers to impersonate arbitrary users by supplying a crafted JSON payload in the 'g' HTTP hea…

Remote | Authentication
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
7.2 HIGH
CVE-2026-4051 — IBM Engineering Lifecycle Management - Jazz Foundation is vulnerable to Server Post-Auth …

IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an attacker with administrative privileges to execute remote code due to exposed method that is not properly restricted.

Remote | Authorization
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
9.8 CRITICAL
CVE-2026-48689 — FastNetMon Heap-Based Buffer Overflow Vulnerability

FastNetMon Community Edition through 1.2.9 contains an off-by-one heap-based buffer overflow in the dynamic_binary_buffer_t class (src/dynamic_binary_buffer.hpp). Five methods (append_dynamic_buffer,…

fastnetmon | Remote | Memory Corruption
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
Showing 20 of 6060 Results