Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
7.5 HIGH
CVE-2026-48779 — ws: Memory exhaustion DoS from tiny fragments and data chunks

ws is an open source WebSocket client and server for Node.js. All versions from 1.1.0 up to (but not including) 5.2.5, from 6.0.0 up to 6.2.4, from 7.0.0 up to 7.5.11, and from 8.0.0 up to 8.21.0 are…

ws | Remote | Denial of Service
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
10.0 CRITICAL
CVE-2026-25470 — WordPress ACPT (Pro) - Custom Post Types plugin for WordPress plugin <= 2.0.47 - Remote C…

Improper Control of Generation of Code ('Code Injection') vulnerability in ACPT ACPT (Pro) - Custom Post Types Plugin for WordPress allows Remote Code Inclusion. This issue affects ACPT (Pro) - Cust…

Remote | Injection
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
8.0 HIGH
CVE-2026-39598 — WordPress Academy LMS Pro plugin < 3.5.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Kodezen LLC Academy LMS Pro allows Upload a Web Shell to a Web Server. This issue affects Academy LMS Pro: from n/a before 3.5.2.

Remote | Misconfiguration
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
8.5 HIGH
CVE-2026-49073 — WordPress Directorist Booking plugin <= 3.0.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpWax Directorist Booking allows Blind SQL Injection. This issue affects Directorist Booking: fr…

Remote | Injection
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
10.0 CRITICAL
CVE-2026-48055 — Streambert: Arbitrary File Write (Zip Slip) via Subtitle Extraction

Streambert is a cross-platform Electron Desktop App to stream and download any video media. In versions 2.4.0 and prior, a high-severity Zip Slip vulnerability was identified in Streambert's subtitle…

Remote | Path Traversal
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
8.5 HIGH
CVE-2026-11409 — OS Command Injection in IPv6 PPPoE Configuration in TP-Link TL-WR940N

An authenticated OS command injection vulnerability exists in the IPv6 PPPoE configuration handler in TL-WR940N v6 due to improper sanitization of user input. An attacker with administrative access m…

tl-wr940n | Injection
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
8.5 HIGH
CVE-2026-11410 — OS Command Injection in BigPond Cable (BPA) Configuration in TP-Link TL-WR940N

An authenticated OS command injection vulnerability exists in the BigPond Cable (BPA) WAN configuration module in TL-WR940N v6 due to improper sanitization of user input. An attacker with administrat…

tl-wr940n | Injection
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
8.5 HIGH
CVE-2026-49113 — WordPress Cornerstone plugin < 7.8.8 - Arbitrary Code Execution vulnerability

Subscriber Arbitrary Code Execution in Cornerstone < 7.8.8 versions.

Remote | Memory Corruption
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
9.3 CRITICAL
CVE-2026-49080 — WordPress wpDataTables plugin <= 7.3.6 - SQL Injection vulnerability

Unauthenticated SQL Injection in wpDataTables <= 7.3.6 versions.

Remote | Injection
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
7.5 HIGH
CVE-2026-49057 — WordPress JobSearch plugin <= 3.2.7 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in JobSearch <= 3.2.7 versions.

jobsearch | Remote | Authorization
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
7.1 HIGH
CVE-2026-48869 — WordPress Enfold theme <= 7.1.4 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in Enfold <= 7.1.4 versions.

enfold | Remote | Cross-Site Scripting
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
8.1 HIGH
CVE-2026-40761 — WordPress Valeska theme <= 1.2.2 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Valeska <= 1.2.2 versions.

Remote | Injection
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
8.1 HIGH
CVE-2026-40760 — WordPress Behold theme <= 1.5 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Behold <= 1.5 versions.

Remote | Injection
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
8.1 HIGH
CVE-2026-40759 — WordPress Esmée theme <= 1.4 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Esmée <= 1.4 versions.

Remote | Injection
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
8.1 HIGH
CVE-2026-40758 — WordPress Léonie theme <= 1.2.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Léonie <= 1.2.1 versions.

Remote | Injection
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
8.1 HIGH
CVE-2026-40755 — WordPress TechLink theme <= 1.3 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in TechLink <= 1.3 versions.

Remote | Injection
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
8.1 HIGH
CVE-2026-40754 — WordPress Roisin theme <= 1.4 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Roisin <= 1.4 versions.

Remote | Injection
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
8.1 HIGH
CVE-2026-40751 — WordPress Ashtanga theme <= 1.2 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Ashtanga <= 1.2 versions.

Remote | Injection
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
8.1 HIGH
CVE-2026-40739 — WordPress LuxeDrive theme <= 1.4 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in LuxeDrive <= 1.4 versions.

Remote | Injection
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
8.1 HIGH
CVE-2026-40736 — WordPress Laurits theme <= 1.5.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Laurits <= 1.5.1 versions.

Remote | Injection
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Showing 20 of 7618 Results