Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
8.2 HIGH
CVE-2026-24349 — SIMATIC WinCC Unified PC Runtime Certificate Manager Information Disclosure

A vulnerability has been identified in SIMATIC WinCC Unified PC Runtime V16 (All versions), SIMATIC WinCC Unified PC Runtime V17 (All versions), SIMATIC WinCC Unified PC Runtime V18 (All versions), S…

| Cryptography
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
9.3 CRITICAL
CVE-2026-10731 — SQL injection in Nemon products

SQL injection in the ‘two_steps_auth_code’ parameter processed by the ‘twoStepsAuthVerification’ function within the ‘/user-login’ endpoint. The two-factor authentication (2FA) functionality can be a…

Remote | Injection
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
6.9 MEDIUM
CVE-2025-40808 — Siemens SIPROTEC 5 Arbitrary File Upload

A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions), SIPROTEC 5 6MD86 (CP200) (All version…

siprotec_5_6md85 siprotec_5_6md86 siprotec_5_6md89 siprotec_5_6mu85 siprotec_5_7ke85 siprotec_5_7sa82 +28 more | Denial of Service
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
0.0 NA
CVE-2025-10263 — Arm Vulnerability: Privilege Escalation

Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex-X2, Cortex-X1 & X1C, Cortex-A710, Cortex-A78, A78AE & A78C,…

cortex-a76 cortex-a76ae cortex-a77 cortex-a78 cortex-a78ae neoverse_n1 +11 more | Authorization
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
6.4 MEDIUM
CVE-2026-8677 — Prime Elementor Addons <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scriptin…

The Prime Elementor Addons – Lightweight Elementor Widgets for Faster Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Widget HTML Tag Settings in all versions up to, and i…

Remote | Cross-Site Scripting
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
6.4 MEDIUM
CVE-2026-8599 — MailerPress <= 2.0.4 - Authenticated (Author+) Stored Cross-Site Scripting via Campaign H…

The MailerPress – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Campaign HTML Content Field in all versions …

Remote | Cross-Site Scripting
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
8.8 HIGH
CVE-2026-8365 — Blocksy <= 2.1.41 - Authenticated (Contributor+) PHP Object Injection via Deserialization…

The Blocksy theme for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution via the 'blocksy_meta' REST API field and the V200 database migration in versions up to and incl…

blocksy | Remote | Injection
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
6.5 MEDIUM
CVE-2026-7542 — Slider Revolution <= 7.0.10 - Authenticated (Subscriber+) Sensitive Information Disclosure

The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Disclosure in versions up to and including 7.0.10. This is due to three compounding design flaws: (1) the plugin leak…

slider_revolution | Remote | Information Disclosure
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
5.6 MEDIUM
CVE-2026-6899 — Improper Check for Certificate Revocation in S2OPC

Check for certificate revocation only considers the first matching CRL and ignores other valid CRLs of the same CA in the CycloneCrypto cryptographic wrapper of S2OPC library. It might allow connecti…

Remote | Cryptography
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
0.0 NA
CVE-2026-49818 — Apache Airflow Samba provider: Path traversal in GCSToSambaOperator via GCS object names

The Apache Airflow Samba provider's `GCSToSambaOperator` joined GCS object names to the SMB destination path without a containment check, so an object named with `../` segments resolved a write path …

| Path Traversal
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
0.0 NA
CVE-2026-46315 — io_uring/waitid: clear waitid info before copying it to userspace

In the Linux kernel, the following vulnerability has been resolved: io_uring/waitid: clear waitid info before copying it to userspace IORING_OP_WAITID stores its result fields in struct io_waitid::…

linux_kernel | Information Disclosure
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
0.0 NA
CVE-2026-34905 — Apache Answer: Unlisted Questions Accessible via Direct API Access

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. The unlisted question feature did not enforce access rest…

answer | Information Disclosure
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
0.0 NA
CVE-2026-34033 — Apache Answer: HTML Content Injection in Email

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. User-supplied content was included in …

answer | Cross-Site Scripting
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
0.0 NA
CVE-2026-34031 — Apache Answer: The custom avatar was not properly validated

Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. The server did not sufficiently validate user-supplied image URLs, a…

answer | Misconfiguration
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
0.0 NA
CVE-2026-33582 — Apache Answer: Uploading specially crafted TIFF files causes an Out-of-Memory error

Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. A crafted TIFF image could trigger excessive memory allocation durin…

answer | Denial of Service
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
6.0 MEDIUM
CVE-2026-28262 — Dell iDRAC Tools Improper Link Resolution Before File Access

Dell iDRAC Tools, versions prior to 11.4.1.0, contains an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially e…

idrac_tools | Path Traversal
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
0.0 NA
CVE-2026-25699 — Apache Answer: Authorization Bypass in Timeline API

Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. Timeline-related APIs lacked proper authorization …

answer | Authorization
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
0.0 NA
CVE-2026-25688 — Apache Answer: XSS in AI Answer Rendering

Improper Neutralization of Alternate XSS Syntax vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. AI-generated response content was rendered in the browser without pr…

answer | Cross-Site Scripting
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
8.8 HIGH
CVE-2026-11616 — Events Calendar for GeoDirectory <= 2.3.28 - Authenticated (Subscriber+) Privilege Escala…

The Events Calendar for GeoDirectory plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 2.3.28. This is due to the ajax_ayi_action() handler only applying str…

Remote | Authorization
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
0.0 NA
CVE-2009-10007 — Catalyst::Plugin::Authentication versions before 0.10_027 for Perl is susceptible to sess…

Catalyst::Plugin::Authentication versions before 0.10_027 for Perl is susceptible to session fixation attacks. Catalyst::Plugin::Authentication does not automatically change the session id after aut…

| Authentication
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
Showing 20 of 7006 Results