Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
7.5 HIGH
CVE-2026-46749 — Siemens SINEC INS Insufficient Password Hashing Strength

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected application uses a password hashing implementation with a static, hardcoded salt shared across all us…

sinec_ins | Cryptography
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
8.8 HIGH
CVE-2026-46748 — SINEC INS Local Privilege Escalation via CAP_DAC_OVERRIDE

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected system includes a binary that is configured with the cap_dac_override capability. This capability all…

sinec_ins | Remote | Authorization
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
5.3 MEDIUM
CVE-2026-46747 — Siemens SINEC INS Path Traversal

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected application does not properly sanitize path input in the `GET /api/sftp/uploadFiles` endpoint used fo…

sinec_ins | Remote | Path Traversal
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
8.8 HIGH
CVE-2026-46746 — Siemens SINEC INS Command Injection

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The application does not properly sanitize user input in the /api/sftp/uploadFiles endpoint, allowing the injectio…

sinec_ins | Remote | Injection
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
9.3 CRITICAL
CVE-2026-41031 — A Stored Cross-Site Scripting (XSS) vulnerability occurs in Vinna Process Monitor

A Stored Cross-Site Scripting vulnerability in Vinna Process Monitor Version 4.0 Service Pack 1 (Build 63255) allows an authenticated remote attacker with low privileges to inject malicious JavaScrip…

Remote | Cross-Site Scripting
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
8.2 HIGH
CVE-2026-24349 — SIMATIC WinCC Unified PC Runtime Certificate Manager Information Disclosure

A vulnerability has been identified in SIMATIC WinCC Unified PC Runtime V16 (All versions), SIMATIC WinCC Unified PC Runtime V17 (All versions), SIMATIC WinCC Unified PC Runtime V18 (All versions), S…

| Cryptography
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
9.3 CRITICAL
CVE-2026-10731 — SQL injection in Nemon products

SQL injection in the ‘two_steps_auth_code’ parameter processed by the ‘twoStepsAuthVerification’ function within the ‘/user-login’ endpoint. The two-factor authentication (2FA) functionality can be a…

Remote | Injection
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
6.9 MEDIUM
CVE-2025-40808 — Siemens SIPROTEC 5 Arbitrary File Upload

A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions), SIPROTEC 5 6MD86 (CP200) (All version…

siprotec_5_6md85 siprotec_5_6md86 siprotec_5_6md89 siprotec_5_6mu85 siprotec_5_7ke85 siprotec_5_7sa82 +28 more | Denial of Service
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
9.1 CRITICAL
CVE-2025-10263 — Arm Vulnerability: Privilege Escalation

Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex-X2, Cortex-X1 & X1C, Cortex-A710, Cortex-A78, A78AE & A78C,…

cortex-a76 cortex-a76ae cortex-a77 cortex-a78 cortex-a78ae neoverse_n1 +11 more | Remote | Authorization
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
6.4 MEDIUM
CVE-2026-8677 — Prime Elementor Addons <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scriptin…

The Prime Elementor Addons – Lightweight Elementor Widgets for Faster Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Widget HTML Tag Settings in all versions up to, and i…

Remote | Cross-Site Scripting
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
6.4 MEDIUM
CVE-2026-8599 — MailerPress <= 2.0.4 - Authenticated (Author+) Stored Cross-Site Scripting via Campaign H…

The MailerPress – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Campaign HTML Content Field in all versions …

Remote | Cross-Site Scripting
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
8.8 HIGH
CVE-2026-8365 — Blocksy <= 2.1.41 - Authenticated (Contributor+) PHP Object Injection via Deserialization…

The Blocksy theme for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution via the 'blocksy_meta' REST API field and the V200 database migration in versions up to and incl…

blocksy | Remote | Injection
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
6.5 MEDIUM
CVE-2026-7542 — Slider Revolution <= 7.0.10 - Authenticated (Subscriber+) Sensitive Information Disclosure

The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Disclosure in versions up to and including 7.0.10. This is due to three compounding design flaws: (1) the plugin leak…

slider_revolution | Remote | Information Disclosure
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
5.6 MEDIUM
CVE-2026-6899 — Improper Check for Certificate Revocation in S2OPC

Check for certificate revocation only considers the first matching CRL and ignores other valid CRLs of the same CA in the CycloneCrypto cryptographic wrapper of S2OPC library. It might allow connecti…

Remote | Cryptography
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
0.0 NA
CVE-2026-49818 — Apache Airflow Samba provider: Path traversal in GCSToSambaOperator via GCS object names

The Apache Airflow Samba provider's `GCSToSambaOperator` joined GCS object names to the SMB destination path without a containment check, so an object named with `../` segments resolved a write path …

| Path Traversal
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
0.0 NA
CVE-2026-46315 — io_uring/waitid: clear waitid info before copying it to userspace

In the Linux kernel, the following vulnerability has been resolved: io_uring/waitid: clear waitid info before copying it to userspace IORING_OP_WAITID stores its result fields in struct io_waitid::…

linux_kernel | Information Disclosure
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
6.5 MEDIUM
CVE-2026-34905 — Apache Answer: Unlisted Questions Accessible via Direct API Access

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. The unlisted question feature did not enforce access rest…

answer | Remote | Information Disclosure
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
0.0 NA
CVE-2026-34033 — Apache Answer: HTML Content Injection in Email

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. User-supplied content was included in …

answer | Cross-Site Scripting
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
6.5 MEDIUM
CVE-2026-34031 — Apache Answer: The custom avatar was not properly validated

Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. The server did not sufficiently validate user-supplied image URLs, a…

answer | Remote | Misconfiguration
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
6.5 MEDIUM
CVE-2026-33582 — Apache Answer: Uploading specially crafted TIFF files causes an Out-of-Memory error

Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. A crafted TIFF image could trigger excessive memory allocation durin…

answer | Remote | Denial of Service
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
Showing 20 of 7312 Results