Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
5.4 MEDIUM
CVE-2026-4430 — Heap Buffer Overflow in AgileEngine

Out-of-bounds write vulnerability in The Document Foundation LibreOffice via crafted OOXML documents with mismatched encryption salt parameters. This issue affects LibreOffice: from 26.2 before 26.2…

| Memory Corruption
May 07, 2026 May 07, 2026
May 07, 2026
May 07, 2026
5.7 MEDIUM
CVE-2026-44406 — DLL Hijacking Vulnerability in ZTE Cloud PC Client uSmartview

ZTE Cloud PC client uSmartView contains a DLL hijacking vulnerability; since uSmartViewServiceAgent.exe runs with SYSTEM privileges, successful hijacking enables local arbitrary code execution, privi…

| Misconfiguration
May 07, 2026 May 07, 2026
May 07, 2026
May 07, 2026
8.1 HIGH
CVE-2025-9661 — OS command injection vulneravility in the management gui (maintenance utility) of Hitachi…

OS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23, 24, 26 and 28. This issue affects Hitachi Virtual Storage Platform On…

Remote | Injection
May 07, 2026 May 07, 2026
May 07, 2026
May 07, 2026
8.3 HIGH
CVE-2025-1978 — Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance cons…

Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Vi…

Remote | Injection
May 07, 2026 May 07, 2026
May 07, 2026
May 07, 2026
5.9 MEDIUM
CVE-2025-62127 — WordPress WEN Logo Slider plugin <= 3.4.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WEN Themes WEN Logo Slider allows DOM-Based XSS. This issue affects WEN Logo Slider: from n/a th…

Remote | Cross-Site Scripting
May 07, 2026 May 07, 2026
May 07, 2026
May 07, 2026
5.3 MEDIUM
CVE-2025-66105 — WordPress Bus Ticket Booking with Seat Reservation plugin < 5.6.8 - Broken Access Control…

Missing Authorization vulnerability in Magepeople inc. Bus Ticket Booking with Seat Reservation allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Bus Ticket…

Remote | Authorization
May 07, 2026 May 07, 2026
May 07, 2026
May 07, 2026
7.6 HIGH
CVE-2025-68060 — WordPress Team Member plugin <= 8.5 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPMart Team Member allows Blind SQL Injection. This issue affects Team Member: from n/a through …

Remote | Injection
May 07, 2026 May 07, 2026
May 07, 2026
May 07, 2026
5.4 MEDIUM
CVE-2025-68604 — WordPress WPGraphQL plugin <= 2.5.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in WPGraphQL allows Cross Site Request Forgery. This issue affects WPGraphQL: from n/a through 2.5.3.

Remote | Cross-Site Request Forgery
May 07, 2026 May 07, 2026
May 07, 2026
May 07, 2026
5.3 MEDIUM
CVE-2026-25468 — WordPress Happy Addons for Elementor plugin <= 3.20.8 - Sensitive Data Exposure vulnerabi…

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs Happy Addons for Elementor allows Retrieve Embedded Sensitive Data. This issue affects Happy Addons…

Remote | Information Disclosure
May 07, 2026 May 07, 2026
May 07, 2026
May 07, 2026
5.3 MEDIUM
CVE-2026-27329 — WordPress YITH WooCommerce Wishlist plugin <= 4.12.0 - Insecure Direct Object References …

Authorization Bypass Through User-Controlled Key vulnerability in YITH YITH WooCommerce Wishlist allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects YITH WooC…

Remote | Authorization
May 07, 2026 May 07, 2026
May 07, 2026
May 07, 2026
5.3 MEDIUM
CVE-2026-25436 — WordPress Royal Elementor Addons plugin < 1.7.1053 - Broken Access Control vulnerability

Missing Authorization vulnerability in WProyal Royal Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Royal Elementor Addons: from n/a bef…

Remote | Authorization
May 07, 2026 May 07, 2026
May 07, 2026
May 07, 2026
4.7 MEDIUM
CVE-2026-44407 — Remote Denial of Service Vulnerability Exists in ZTE Cloud PC Client uSmartview

A remote denial-of-service vulnerability exists in the ZTE Cloud PC client uSmartview, which may lead to memory corruption and remote denial of service.

| Memory Corruption
May 07, 2026 May 07, 2026
May 07, 2026
May 07, 2026
6.5 MEDIUM
CVE-2026-27421 — WordPress Royal Elementor Addons plugin < 1.7.1053 - Cross Site Scripting (XSS) vulnerabi…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WProyal Royal Elementor Addons allows Stored XSS. This issue affects Royal Elementor Addons: fro…

Remote | Cross-Site Scripting
May 07, 2026 May 07, 2026
May 07, 2026
May 07, 2026
5.3 MEDIUM
CVE-2025-2514 — Improper Restriction of Excessive Authentication Attempts vulnerability in Hitachi Virtua…

Improper restriction of excessive authentication attempts vulnerability in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platfor…

Remote | Authentication
May 07, 2026 May 07, 2026
May 07, 2026
May 07, 2026
6.5 MEDIUM
CVE-2026-8063 — Post-auth null pointer dereference when aggregating against a view with empty search pipe…

An authenticated user can crash mongod when running $rankFusion or $scoreFusion with an empty pipeline on a view. When resolving a view, the server inspects the aggregation pipeline to determine whe…

Remote | Denial of Service
May 07, 2026 May 07, 2026
May 07, 2026
May 07, 2026
8.1 HIGH
CVE-2026-7252 — WP-Optimize <= 4.5.2 - Authenticated (Author+) Arbitrary File Deletion via 'original-file…

The WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validat…

Remote | Path Traversal
May 07, 2026 May 07, 2026
May 07, 2026
May 07, 2026
8.8 HIGH
CVE-2026-6692 — Slider Revolution 7.0.0 - 7.0.10 - Authenticated (Subscriber+) Arbitrary File Upload via …

The Slider Revolution plugin for WordPress is vulnerable to Arbitrary File Upload in versions 7.0.0 to 7.0.10 via the '_get_media_url' and '_check_file_path' function. This is due to insufficient fil…

Remote | Misconfiguration
May 07, 2026 May 07, 2026
May 07, 2026
May 07, 2026
7.5 HIGH
CVE-2026-4348 — BetterDocs Pro <= 3.7.0 - Unauthenticated SQL Injection via Encyclopedia 'limit' Parameter

The BetterDocs Pro plugin for WordPress is vulnerable to SQL Injection via the `get_current_letter_docs` and `docs_sort_by_letter` AJAX actions in all versions up to, and including, 3.7.0. This is du…

Remote | Injection
May 07, 2026 May 07, 2026
May 07, 2026
May 07, 2026
7.2 HIGH
CVE-2026-41641 — NocoBase Vulnerable to SQL Validation Bypass via `sqlCollection:update` Missing `checkSQL…

NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.39, the checkSQL() validation function that blocks dangerous SQL …

nocobase | Remote | Injection
May 07, 2026 May 07, 2026
May 07, 2026
May 07, 2026
9.3 CRITICAL
CVE-2026-41586 — ObjectInputStream.readObject() without ObjectInputFilter in fabric-sdk-java allows Java d…

Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. From versions 1.0.0 to 2.2.26, Channel.java implements readObject() and …

fabric | Remote | Injection
May 07, 2026 May 07, 2026
May 07, 2026
May 07, 2026
Showing 20 of 5970 Results