Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
5.4 MEDIUM
CVE-2026-48220 — Open ISES Tickets < 3.44.2 Reflected XSS via ics205.php frm_add_str Parameter

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics205.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized valu…

Remote | Cross-Site Scripting
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
5.4 MEDIUM
CVE-2026-48219 — Open ISES Tickets < 3.44.2 Reflected XSS via ics202.php frm_add_str Parameter

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics202.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized valu…

Remote | Cross-Site Scripting
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
5.4 MEDIUM
CVE-2026-48218 — Open ISES Tickets < 3.44.2 Reflected XSS via icons/buttons/landb.php frm_name and frm_id …

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in icons/buttons/landb.php that allows authenticated attackers to inject arbitrary JavaScript by passing an uns…

Remote | Cross-Site Scripting
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
5.4 MEDIUM
CVE-2026-48217 — Open ISES Tickets < 3.44.2 Reflected XSS via delete_module.php Multiple POST Parameters

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in delete_module.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitiz…

Remote | Cross-Site Scripting
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
5.4 MEDIUM
CVE-2026-48216 — Open ISES Tickets < 3.44.2 Reflected XSS via db_loader.php Multiple POST Parameters

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in db_loader.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized v…

Remote | Cross-Site Scripting
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
5.4 MEDIUM
CVE-2026-48215 — Open ISES Tickets < 3.44.2 Reflected XSS via circle.php frm_id Parameter

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in circle.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized valu…

Remote | Cross-Site Scripting
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
5.4 MEDIUM
CVE-2026-48214 — Open ISES Tickets < 3.44.2 Reflected XSS via add_nm.php ticket_id Parameter

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in add_nm.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized valu…

Remote | Cross-Site Scripting
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
6.5 MEDIUM
CVE-2026-39593 — WordPress HAPPY plugin <= 1.0.10 - Broken Access Control vulnerability

Missing Authorization vulnerability in VillaTheme HAPPY allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects HAPPY: from n/a through 1.0.10.

Remote | Authorization
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
5.4 MEDIUM
CVE-2026-48213 — Open ISES Tickets < 3.44.2 Reflected XSS via add.php ticket_id Parameter

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in add.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value t…

Remote | Cross-Site Scripting
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
9.8 CRITICAL
CVE-2026-48207 — Apache Fory: PyFory ReduceSerializer Incomplete Policy Enforcement

Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializer could bypass documented DeserializationPolicy validation hooks during reduce-state restoration and global-name resol…

Remote | Injection
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
8.8 HIGH
CVE-2026-9089 — ConnectWise Automate Agent Unvalidated Component Loading and Update Vulnerability

The ConnectWise Automate™ Agent does not fully verify the authenticity of components obtained during plugin loading and self-update operations. This issue is addressed in Automate 2026.5.

| Supply Chain
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
9.3 CRITICAL
CVE-2026-39531 — WordPress WP Directory Kit plugin <= 1.5.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wp Directory Kit WP Directory Kit allows Blind SQL Injection. This issue affects WP Directory Ki…

Remote | Injection
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
6.2 MEDIUM
CVE-2026-36189 — Uncrustify Buffer Overflow Denial of Service

Buffer Overflow vulnerability in Uncrustify Project Affected v.Uncrustify_d-0.82.0-132-bcc41cbdc and Fixed in commit 68e67b9a1435a1bb173b106fedb4a4f510972bdc allows a local attacker to cause a denial…

| Memory Corruption
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
6.3 MEDIUM
CVE-2026-1816 — OTP Bypass in TEİAŞ's Mobile Application

Improper restriction of excessive authentication attempts vulnerability in Turkiye Electricity Transmission Corporation (TEİAŞ) Mobile Application allows Brute Force. This issue affects Mobile Appli…

Remote | Authentication
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
5.7 MEDIUM
CVE-2026-1815 — Session Hijacking in TEİAŞ's Mobile Application

Insufficient session expiration vulnerability in Turkiye Electricity Transmission Corporation (TEİAŞ) Mobile Application allows Session Hijacking. This issue affects Mobile Application: from 1.6.2 b…

Remote | Authentication
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
7.8 HIGH
CVE-2026-45208 — Trend Micro Apex One/SEP Local Privilege Escalation

A time-of-check time-of-use vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the abil…

| Race Condition
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
7.8 HIGH
CVE-2026-45207 — Trend Micro Apex One/SEP Privilege Escalation Vulnerability

An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-45206 but exists in a different…

| Authorization
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
7.8 HIGH
CVE-2026-45206 — Trend Micro Apex One/SEP Privilege Escalation Vulnerability

An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-45207 but exists in a different…

| Authorization
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
7.8 HIGH
CVE-2026-34930 — Trend Micro Apex One/SEP Agent Origin Validation Privilege Escalation Vulnerability

An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different…

| Authorization
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
7.8 HIGH
CVE-2026-34929 — Trend Micro Apex One/SEP Privilege Escalation Vulnerability

An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different…

| Authorization
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
Showing 20 of 6286 Results