Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
8.2 HIGH
CVE-2026-10611 — OTP bypass via plugin-based LDAP authentication in MISP when LDAP mixed authentication is…

An authentication bypass vulnerability exists in MISP when LDAP mixed authentication is enabled with OTP enforcement. In deployments configured with LdapAuth.mixedAuth=true and Security.require_otp=t…

Remote | Authentication
Jun 02, 2026 Jun 02, 2026
Jun 02, 2026
Jun 02, 2026
8.1 HIGH
CVE-2025-69369 — WordPress Racquet theme <= 1.12.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Racquet allows PHP Local File Inclusion. This issue affects Racqu…

Remote | Path Traversal
Jun 02, 2026 Jun 02, 2026
Jun 02, 2026
Jun 02, 2026
8.1 HIGH
CVE-2025-68886 — WordPress Cookiteer theme <= 1.4.8 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in androThemes Cookiteer allows PHP Local File Inclusion. This issue affects Coo…

Remote | Path Traversal
Jun 02, 2026 Jun 02, 2026
Jun 02, 2026
Jun 02, 2026
8.1 HIGH
CVE-2025-58897 — WordPress Fermentio theme <= 1.5.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Fermentio allows PHP Local File Inclusion. This issue affects Fer…

Remote | Path Traversal
Jun 02, 2026 Jun 02, 2026
Jun 02, 2026
Jun 02, 2026
8.1 HIGH
CVE-2025-58707 — WordPress Spin theme <= 1.8 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Spin allows PHP Local File Inclusion. This issue affects Spin: fr…

Remote | Path Traversal
Jun 02, 2026 Jun 02, 2026
Jun 02, 2026
Jun 02, 2026
8.8 HIGH
CVE-2019-25719 — Dräger Infinity M540 VG4.1.1 Spoofing and DoS via Network Message Handling

Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors running software versions VG4.1.1, VG4.0.3, and lower contain network message handling vulnerabilities that allow netwo…

Remote | Denial of Service
Jun 02, 2026 Jun 02, 2026
Jun 02, 2026
Jun 02, 2026
5.3 MEDIUM
CVE-2019-25717 — Dräger Infinity Delta/Kappa Patient Monitors Unauthenticated Log File Disclosure

Dräger Infinity Delta, Delta XL, and Kappa patient monitors contain an information disclosure vulnerability that allows unauthenticated network attackers to access log files over a network connection…

| Information Disclosure
Jun 02, 2026 Jun 02, 2026
Jun 02, 2026
Jun 02, 2026
6.5 MEDIUM
CVE-2026-8993 — Improper URL Handler Processing in D.Launcher 2 enables NTLM Credential Disclosure and SS…

D.Launcher 2 component of Slovak eID client ecosystem contains Improper URL Handler Processing vulnerability. Application registers multiple custom URL handlers that could be exploited to initiate fu…

Remote | Server-Side Request Forgery
Jun 02, 2026 Jun 02, 2026
Jun 02, 2026
Jun 02, 2026
7.1 HIGH
CVE-2026-42685 — WordPress WP Job Portal plugin <= 2.5.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ahmad WP Job Portal allows Reflected XSS. This issue affects WP Job Portal: from n/a through 2.5…

Remote | Cross-Site Scripting
Jun 02, 2026 Jun 02, 2026
Jun 02, 2026
Jun 02, 2026
9.3 CRITICAL
CVE-2026-42684 — WordPress WP Job Portal plugin <= 2.5.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ahmad WP Job Portal allows Blind SQL Injection. This issue affects WP Job Portal: from n/a throu…

Remote | Injection
Jun 02, 2026 Jun 02, 2026
Jun 02, 2026
Jun 02, 2026
0.0 NA
CVE-2026-42670 — WordPress Five Star Restaurant Reservations plugin <= 2.7.14 - Payment Bypass vulnerabili…

Missing Authorization vulnerability in Etoile Web Design Incorporated Five Star Restaurant Reservations allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Fi…

| Authorization
Jun 02, 2026 Jun 02, 2026
Jun 02, 2026
Jun 02, 2026
7.5 HIGH
CVE-2026-42669 — WordPress EventPrime plugin <= 4.3.2.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects EventPrime: from n/a through 4.3.2.0.

Remote | Authorization
Jun 02, 2026 Jun 02, 2026
Jun 02, 2026
Jun 02, 2026
8.1 HIGH
CVE-2026-39551 — WordPress Töbel theme <= 1.8.1 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Elated-Themes Töbel allows Object Injection. This issue affects Töbel: from n/a through 1.8.1.

Remote | Injection
Jun 02, 2026 Jun 02, 2026
Jun 02, 2026
Jun 02, 2026
8.1 HIGH
CVE-2026-39550 — WordPress Aperitif theme <= 1.6 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Elated-Themes Aperitif allows Object Injection. This issue affects Aperitif: from n/a through 1.6.

Remote | Injection
Jun 02, 2026 Jun 02, 2026
Jun 02, 2026
Jun 02, 2026
8.1 HIGH
CVE-2025-58705 — WordPress Crafti theme <= 1.12 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Crafti allows PHP Local File Inclusion. This issue affects Crafti…

Remote | Path Traversal
Jun 02, 2026 Jun 02, 2026
Jun 02, 2026
Jun 02, 2026
7.5 HIGH
CVE-2025-58024 — WordPress Accordion FAQ Plugin <= 2.2.1 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in UnboundStudio Accordion FAQ allows PHP Local File Inclusion. This issue affec…

Remote | Path Traversal
Jun 02, 2026 Jun 02, 2026
Jun 02, 2026
Jun 02, 2026
8.1 HIGH
CVE-2025-53440 — WordPress Confidant theme <= 1.4 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Confidant allows PHP Local File Inclusion. This issue affects Con…

Remote | Path Traversal
Jun 02, 2026 Jun 02, 2026
Jun 02, 2026
Jun 02, 2026
6.8 MEDIUM
CVE-2026-5422 — Path Traversal in jupyter/jupyter

A path traversal vulnerability exists in jupyter-server version 2.17.0 due to an incorrect root directory boundary check in the _get_os_path() function within jupyter_server/services/contents/fileio.…

Remote | Path Traversal
Jun 02, 2026 Jun 02, 2026
Jun 02, 2026
Jun 02, 2026
5.4 MEDIUM
CVE-2026-5191 — Tiled Gallery Carousel Without JetPack <= 3.1 - Authenticated (Contributor+) Stored Cross…

The Tiled Gallery Carousel Without JetPack plugin for WordPress is vulnerable to stored cross-site scripting via the 'data-image-title' parameter in all versions up to, and including, 3.1 due to insu…

Remote | Cross-Site Scripting
Jun 02, 2026 Jun 02, 2026
Jun 02, 2026
Jun 02, 2026
0.0 NA
CVE-2026-46718 — Apache Calcite: A user-controled model can load arbitrary classes, leading to code execut…

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Apache Calcite. This issue affects Apache Calcite: from 1.5.0 before 1.42. Users are recommended …

calcite | Misconfiguration
Jun 02, 2026 Jun 02, 2026
Jun 02, 2026
Jun 02, 2026
Showing 20 of 7053 Results