Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
6.9 MEDIUM
CVE-2026-34028 — Unauthenticated direct access to web data in Wertheim SafeController Software exposes fil…

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, exposes web-accessible file paths that are not protected by an authorization scheme. An unauthenticated attacker can directly ac…

Remote | Authorization
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
5.3 MEDIUM
CVE-2026-34027 — Upload restriction bypass in Wertheim SafeController Software allows authenticated users …

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains insufficient server-side file type validation in the /safe/contract/uploadcustomdocuments endpoint. The application val…

Remote | Misconfiguration
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.1 HIGH
CVE-2026-34026 — Path traversal in Wertheim SafeController Software allows authenticated users to download…

Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a path traversal vulnerability in the documentName parameter of the /safe/selfservice/openselfservicedocument endpoint. The…

Remote | Path Traversal
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
5.3 MEDIUM
CVE-2026-34025 — IP restriction bypass in Wertheim SafeController Software allows logins from unauthorized…

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains an IP restriction bypass vulnerability in the login process. The application restricts user logins based on the IP addr…

Remote | Authentication
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
8.6 HIGH
CVE-2026-34024 — Missing authorization checks in Wertheim SafeController Software allow low-privileged use…

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains missing authorization checks on multiple web application endpoints. An authenticated attacker with minimal privileges c…

Remote | Authorization
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.1 HIGH
CVE-2026-34023 — Broken WebSocket authorization in Wertheim SafeController Software allows cross-branch ac…

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains an incorrect authorization vulnerability in the WebSocket communication used by the SafeController WebMessageBroker. An…

Remote | Authorization
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.1 HIGH
CVE-2026-34022 — Weak custom cryptography and hard-coded keys in Wertheim SafeController 65000 allow traff…

The Wertheim SafeController Family 65000, Controller 65000 - AssemblyVersion 6.11.8130.22319, uses weak custom cryptographic algorithms with hard-coded cryptographic keys to protect communication. An…

| Cryptography
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
8.6 HIGH
CVE-2026-34021 — Lack of cryptographic protection in Wertheim SafeController 5400 enables RS-485 message s…

The Wertheim SafeController 5400, Controller 5400 - AssemblyVersion 6.11.8130.22320, uses RS-485 communication between the server and the microcontroller without cryptographic protection. An attacker…

| Cryptography
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
8.6 HIGH
CVE-2026-12057 — DoS + Remote Code Execution via PDF JavaScript in Foxit AI

When the application executes the JavaScript script embedded in the PDF within the sandbox, it fails to intercept some dangerous interfaces, which allows remote scripts to be loaded, resulting in arb…

| Information Disclosure
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.8 HIGH
CVE-2026-50100 — Ricoh/Konica Minolta Printer Drivers Privilege Escalation

Multiple printer drivers provided by Ricoh Company, Ltd. and KONICA MINOLTA JAPAN, INC. contain a privilege escalation vulnerability. If this vulnerability is exploited, an attacker who can log in to…

| Authentication
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
5.3 MEDIUM
CVE-2026-44188 — Ansible-lightspeed: ansible lightspeed: session hijacking and unauthorized data access du…

A flaw was found in Ansible Lightspeed. This vulnerability, related to insufficient session expiration, allows a remote attacker to maintain persistent access to the Ansible Lightspeed instance. If a…

ansible_automation_platform | Remote | Authentication
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.5 HIGH
CVE-2026-11860 — Insecure Deserialisation via Plaintext HTTP leading to Remote Code Execution in Quick.CMS

Quick.CMS deserializes user-controlled data received over plaintext HTTP without ensuring integrity or authenticity. This allows attackers to tamper with serialized payloads in transit and inject mal…

quick.cms | Injection
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
5.4 MEDIUM
CVE-2026-9278 — Form Builder CP < 1.2.47 - Editor+ Stored XSS via form_structure

The Form Builder CP WordPress plugin before 1.2.47 does not properly sanitize a form configuration value before storing it and using it as part of a client-side script execution, allowing authenticat…

form_builder_cp | Remote | Cross-Site Scripting
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
9.8 CRITICAL
CVE-2026-8935 — Advanced Google Maps < 6.1.1 - Unauthenticated Administrator Account Creation

The WP MAPS PRO WordPress plugin before 6.1.1 registers an unauthenticated AJAX action which, given a valid nonce that is publicly emitted on any frontend page enqueuing its map script, unconditional…

Remote | Authentication
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
5.3 MEDIUM
CVE-2026-8386 — WP Go Maps < 10.0.10 - Unauthenticated Sensitive Information Disclosure via Marker ID

The WP Go Maps WordPress plugin before 10.0.10 does not perform any approval-state filtering on its public single-marker REST endpoint, allowing unauthenticated users to retrieve marker records that…

Remote | Information Disclosure
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
5.3 MEDIUM
CVE-2026-8385 — WP Go Maps < 10.0.10 - Unauthenticated Sensitive Information Disclosure via Datatables AJ…

The WP Go Maps WordPress plugin before 10.0.10 does not properly enforce the marker approval filter on the admin-ajax fallback for its datatables route, allowing unauthenticated visitors to retrieve…

Remote | Authorization
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
5.5 MEDIUM
CVE-2026-12223 — Yealink SIP-T46U Web FastCGI Service tftpuploadiperf mod_webd.TFTPUploadIperf command inj…

A vulnerability was identified in Yealink SIP-T46U 108.86.0.118. Affected by this vulnerability is the function mod_webd.TFTPUploadIperf of the file /api/inner/tftpuploadiperf of the component Web Fa…

sip-t46u | Injection
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
8.0 HIGH
CVE-2026-12222 — Yealink SIP-T46U Web FastCGI Service bttest mod_webd.BlueToothTest stack-based overflow

A vulnerability was determined in Yealink SIP-T46U 108.86.0.118. Affected is the function mod_webd.BlueToothTest of the file /api/inner/bttest of the component Web FastCGI Service. Executing a manipu…

sip-t46u | Memory Corruption
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
8.0 HIGH
CVE-2026-12221 — Yealink SIP-T46U Firmware Chunk Upload upgrade sprintf stack-based overflow

A vulnerability was found in Yealink SIP-T46U 108.86.0.118. This impacts the function sprintf of the file /api/upgrade/upgrade of the component Firmware Chunk Upload Handler. Performing a manipulatio…

sip-t46u | Memory Corruption
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
8.0 HIGH
CVE-2026-12220 — Yealink SIP-T46U Firmware Chunk Upload handler accupgradebychunk mod_upgrade.SparePartsUp…

A vulnerability has been found in Yealink SIP-T46U 108.86.0.118. This affects the function mod_upgrade.SparePartsUpload of the file /api/upgrade/accupgradebychunk of the component Firmware Chunk Uplo…

sip-t46u | Memory Corruption
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Showing 20 of 6850 Results