Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
8.7 HIGH
CVE-2026-8589 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in G…

GitLab has remediated an issue in GitLab EE affecting all versions from 13.1.4 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authent…

gitlab | Remote | Authentication
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
8.3 HIGH
CVE-2026-8464 — Path traversal in Neuron Soft Golem OEE MES

Golem OEE MES is vulnerable to an unauthenticated path traversal flaw. This vulnerability allows an attacker in the same local network to read arbitrary files from the server's operating system by ma…

| Path Traversal
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
7.5 HIGH
CVE-2026-7250 — Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an unaut…

gitlab | Remote | Denial of Service
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
3.7 LOW
CVE-2026-6976 — Authorization Bypass Through User-Controlled Key in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authen…

gitlab | Remote | Misconfiguration
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
8.7 HIGH
CVE-2026-6552 — Authorization Bypass Through User-Controlled Key in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 15.5 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authentic…

gitlab | Remote | Authorization
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
4.3 MEDIUM
CVE-2026-6277 — Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 13.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authentic…

gitlab | Remote | Authorization
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
5.4 MEDIUM
CVE-2026-6269 — Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authe…

Remote | Authorization
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
5.1 MEDIUM
CVE-2026-53912 — Cerebrate self-registration password hash exposure via inbox and audit log views

Cerebrate before version 1.37 exposed credential material from self-registration requests. The self-registration workflow stored the registrant’s hashed password in the inbox message data payload. Th…

Remote | Information Disclosure
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
5.9 MEDIUM
CVE-2026-53423 — Unauthenticated denial-of-service via BEAM atom table exhaustion in membrane_mp4_plugin

Allocation of Resources Without Limits or Throttling vulnerability in membraneframework membrane_mp4_plugin allows unauthenticated denial-of-service via BEAM atom table exhaustion. The MP4 box heade…

| Denial of Service
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
9.4 CRITICAL
CVE-2026-4764 — Privilege Escalation in Dialogflow CX via Playbook Import

A Missing Authorization vulnerability in the playbook import functionality in Dialogflow CX on Google Cloud Platform allows an authenticated user with specific roles to escalate privileges and potent…

Remote | Authorization
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
3.1 LOW
CVE-2026-3553 — Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.0 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authen…

Remote | Authorization
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
6.5 MEDIUM
CVE-2026-1500 — Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authe…

Remote | Denial of Service
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
4.3 MEDIUM
CVE-2026-10733 — Improper Restriction of Rendered UI Layers or Frames in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.0 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that could have allowed an authenticated user to cause den…

Remote | Denial of Service
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
8.7 HIGH
CVE-2026-10087 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in G…

GitLab has remediated an issue in GitLab EE affecting all versions from 17.1 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authentic…

Remote | Cross-Site Scripting
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
4.3 MEDIUM
CVE-2023-32959 — WordPress MetroStore theme <= 1.3.2 - Broken Access Control

Missing Authorization vulnerability in Sparkle WP MetroStore metrostore allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MetroStore: from n/a through 1.3.2.

Remote | Authorization
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
5.4 MEDIUM
CVE-2023-25969 — WordPress Contact Form & Lead Form Elementor Builder plugin <= 1.8.4 - Broken Access Cont…

Missing Authorization vulnerability in ThemeHunk Contact Form & Lead Form Elementor Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Contact Form &…

Remote | Authorization
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
4.3 MEDIUM
CVE-2022-47150 — WordPress WooCommerce Conversion Tracking plugin <= 2.0.10 - Cross-Site Request Forgery (…

Cross-Site request forgery (CSRF) vulnerability in weDevs WooCommerce Conversion Tracking allows Cross Site Request Forgery. This issue affects WooCommerce Conversion Tracking: from n/a through 2.0.…

woocommerce_conversion_tracking | Remote | Cross-Site Request Forgery
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
5.4 MEDIUM
CVE-2022-45813 — WordPress Advanced AJAX Product Filters plugin <= 1.6.3.3 - Broken Access Control + CSRF

Missing Authorization vulnerability in BeRocket Advanced AJAX Product Filters allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Advanced AJAX Product Filter…

advanced_ajax_product_filters | Remote | Authorization
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
7.5 HIGH
CVE-2026-5497 — Unbounded Frame Count in video/jpeg Base64 Data URL Processing Leads to OOM DoS in vllm-p…

vLLM versions 0.8.0 and later are vulnerable to an Out-of-Memory (OOM) Denial of Service (DoS) attack due to unbounded frame count processing in the `VideoMediaIO.load_base64()` method. When processi…

vllm | Remote | Denial of Service
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
6.3 MEDIUM
CVE-2026-53911 — Cerebrate primary key mass assignment in CRUD edit operations allows authenticated users …

Cerebrate before version 1.37 allowed the id primary key field to be supplied through request input during CRUD edit operations and certain custom entity patching flows. In affected entities that did…

Remote | Authorization
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
Showing 20 of 7149 Results