Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
0.0 NA
CVE-2026-9375 — Decompression Bomb Bypass via Negative max_length in Streaming API in urllib3

urllib3 version 2.6.3 is vulnerable to a decompression bomb bypass in its streaming API (`preload_content=False`) when using Brotli support. The issue arises due to three independent code paths in `r…

| Denial of Service
Jun 19, 2026 Jun 19, 2026
Jun 19, 2026
Jun 19, 2026
0.0 NA
CVE-2026-12238 — WP Go Maps <= 10.1.01 - Unauthenticated Arbitrary Record Creation

The WP Go Maps – Most Popular Map Plugin plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 10.1.01. This is due to the plugin not properly verifying tha…

| Authorization
Jun 19, 2026 Jun 19, 2026
Jun 19, 2026
Jun 19, 2026
0.0 NA
CVE-2026-49339 — Path traversal in getPlaylist/deletePlaylist bypasses ownership check: any authenticated …

gonic is a music streaming server / free-software subsonic server API implementation. The maintainer's fix in commit `6dd71e6a3c966867ef8c900d359a7df75789f410` added an ownership check based on `pla…

| Path Traversal
Jun 19, 2026 Jun 19, 2026
Jun 19, 2026
Jun 19, 2026
0.0 NA
CVE-2026-49336 — @microsoft/kiota-http-fetchlibrary: Bearer token and Cookie leak across origin on redirec…

@microsoft/kiota-http-fetchlibrary provides TypeScript libraries for Kiota-generated API clients. In versions 1.0.0-preview.97 through 1.0.0-preview.101, `@microsoft/kiota-http-fetchlibrary`'s `Redir…

| Authentication
Jun 19, 2026 Jun 19, 2026
Jun 19, 2026
Jun 19, 2026
0.0 NA
CVE-2026-49293 — CPU exhaustion via O(n^2) BigInt construction on radix-prefixed integer literals

js-toml is a TOML parser for JavaScript, fully compliant with the TOML 1.0.0 Spec. Versions up to and including 1.1.0 parse hexadecimal / octal / binary integer literals via a hand-written `parseBigI…

js-toml | Denial of Service
Jun 19, 2026 Jun 19, 2026
Jun 19, 2026
Jun 19, 2026
0.0 NA
CVE-2026-49288 — Statamic CMS missing authorization on Control Panel fieldtype endpoints allows disclosure…

Statamic is a Laravel and Git powered content management system (CMS). Prior to 5.73.23 and 6.20.0, an authenticated Control Panel user could view metadata and content for resources they don't have p…

| Authorization
Jun 19, 2026 Jun 19, 2026
Jun 19, 2026
Jun 19, 2026
0.0 NA
CVE-2026-49291 — mcp-memory-service: OAuth read-only clients can write and delete memories through MCP too…

mcp-memory-service is a semantic memory layer for AI applications. Prior to version 10.65.3, the HTTP MCP JSON-RPC endpoint at `/mcp` requires only OAuth `read` scope for all requests, then dispatche…

mcp-memory-service | Authorization
Jun 19, 2026 Jun 19, 2026
Jun 19, 2026
Jun 19, 2026
8.7 HIGH
CVE-2023-54357 — Joomla com_booking 2.4.9 Information Disclosure via Account Enumeration

Joomla com_booking component 2.4.9 contains an information disclosure vulnerability that allows unauthenticated attackers to enumerate user accounts by exploiting the getUserData function in the cust…

Remote | Information Disclosure
Jun 19, 2026 Jun 19, 2026
Jun 19, 2026
Jun 19, 2026
7.5 HIGH
CVE-2019-25762 — Joomla! Component JoomProject 1.1.3.2 Information Disclosure

Joomla! Component JoomProject 1.1.3.2 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive user data by exploiting the projects endpoint. Attacke…

Remote | Information Disclosure
Jun 19, 2026 Jun 19, 2026
Jun 19, 2026
Jun 19, 2026
7.1 HIGH
CVE-2019-25761 — Joomla! Component JoomCRM 1.1.1 SQL Injection via deal_id

Joomla! Component JoomCRM 1.1.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the deal_id parameter.…

Remote | Injection
Jun 19, 2026 Jun 19, 2026
Jun 19, 2026
Jun 19, 2026
6.2 MEDIUM
CVE-2019-25760 — Joomla! Component Easy Shop 1.2.3 Local File Inclusion

Joomla! Component Easy Shop 1.2.3 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by supplying base64-encoded file paths. Attackers can sen…

| Path Traversal
Jun 19, 2026 Jun 19, 2026
Jun 19, 2026
Jun 19, 2026
7.1 HIGH
CVE-2019-25759 — Joomla! Component vBizz 1.0.7 SQL Injection

Joomla! Component vBizz 1.0.7 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the payid parameter. Att…

Remote | Injection
Jun 19, 2026 Jun 19, 2026
Jun 19, 2026
Jun 19, 2026
7.4 HIGH
CVE-2026-49287 — Statamic CMS vulnerable to unsafe method invocation via collection sorting allows data de…

Statamic is a Laravel and Git powered content management system (CMS). Prior to 5.73.23 and 6.20.0, the fix for CVE-2026-41175 was incomplete. It addressed the issue in the query builder, but the sam…

Remote | Injection
Jun 19, 2026 Jun 19, 2026
Jun 19, 2026
Jun 19, 2026
8.8 HIGH
CVE-2019-25758 — Joomla! Component vBizz 1.0.7 Remote Code Execution

Joomla! Component vBizz 1.0.7 contains an unrestricted file upload vulnerability that allows authenticated attackers to upload arbitrary PHP files by submitting malicious files through the profile_pi…

Remote | Authentication
Jun 19, 2026 Jun 19, 2026
Jun 19, 2026
Jun 19, 2026
7.1 HIGH
CVE-2019-25757 — Joomla vWishlist 1.0.1 SQL Injection via vproductid Parameter

Joomla vWishlist 1.0.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the vproductid and userid param…

Remote | Injection
Jun 19, 2026 Jun 19, 2026
Jun 19, 2026
Jun 19, 2026
0.0 NA
CVE-2026-49290 — Slopsmith has path traversal in archive extractors that allows arbitrary file write → pot…

Slopsmith is a self-contained web application for browsing, playing, and practicing Rocksmith 2014 Custom DLC (CDLC). Prior to 0.2.9-alpha.5, a path-traversal vulnerability in Slopsmith's archive ext…

| Path Traversal
Jun 19, 2026 Jun 19, 2026
Jun 19, 2026
Jun 19, 2026
8.2 HIGH
CVE-2019-25756 — Joomla! Component vAccount 2.0.2 SQL Injection via vaccount-dashboard

Joomla! Component vAccount 2.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the vid parameter. …

Remote | Injection
Jun 19, 2026 Jun 19, 2026
Jun 19, 2026
Jun 19, 2026
8.2 HIGH
CVE-2019-25755 — Joomla vReview 1.9.11 SQL Injection via editReview

Joomla Component vReview 1.9.11 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the cmId parameter. …

Remote | Injection
Jun 19, 2026 Jun 19, 2026
Jun 19, 2026
Jun 19, 2026
8.2 HIGH
CVE-2019-25754 — Joomla vRestaurant 1.9.4 SQL Injection via menu-listing-layout

Joomla Component vRestaurant 1.9.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the keysearch par…

Remote | Injection
Jun 19, 2026 Jun 19, 2026
Jun 19, 2026
Jun 19, 2026
8.2 HIGH
CVE-2019-25753 — Joomla! Component VMap 1.9.6 SQL Injection via loadmarker

Joomla! Component VMap 1.9.6 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the latlngbound parameter.…

Remote | Injection
Jun 19, 2026 Jun 19, 2026
Jun 19, 2026
Jun 19, 2026
Showing 20 of 7580 Results