Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
6.1 MEDIUM
CVE-2026-57255 — Security vulnerability in Foxit PDF Editor/Reader — OOB Read via NaN-Bypass Clamp

The application opens a PDF containing an abnormal color space whose attributes reference a valid but semantically malformed function. The function's output is not validated; when subsequently read, …

pdf_editor pdf_reader | Memory Corruption
Jul 08, 2026 Jul 08, 2026
Jul 08, 2026
Jul 08, 2026
6.5 MEDIUM
CVE-2026-57259 — Foxit PDF Editor/Reader XDP XFA XXE arbitrary local file read

The input file does not need to be strictly in a structurally valid PDF format. Instead, after reviewing the content, the original document disguised as a PDF will be sent to the parser. Malicious do…

pdf_editor pdf_reader | Remote | XML External Entity
Jul 08, 2026 Jul 08, 2026
Jul 08, 2026
Jul 08, 2026
7.8 HIGH
CVE-2026-57237 — Foxit PDF Editor/Reader Annotation Use-After-Free Remote Code Execution Vulnerability

When the application opens a PDF and JavaScript modifies the properties of form fields, it causes the state of the underlying objects referenced by the program to become invalid. Eventually, it reads…

pdf_editor pdf_reader | Memory Corruption
Jul 08, 2026 Jul 08, 2026
Jul 08, 2026
Jul 08, 2026
7.8 HIGH
CVE-2026-57244 — Foxit PDF Editor/Reader Form Control Use-After-Free Vulnerability

After JavaScript resetting the form, the synchronization process lacks re-entry protection and object lifecycle verification, resulting in the failure of the control pointer during the traversal proc…

pdf_editor pdf_reader | Memory Corruption
Jul 08, 2026 Jul 08, 2026
Jul 08, 2026
Jul 08, 2026
7.8 HIGH
CVE-2026-57247 — Foxit PDF Editor/Reader Field Use-After-Free Vulnerability

The application re-enters the document structure via field processing and deletes the current page, and then continues using the field objects obtained before deletion, triggering an illegal read and…

pdf_editor pdf_reader | Memory Corruption
Jul 08, 2026 Jul 08, 2026
Jul 08, 2026
Jul 08, 2026
7.8 HIGH
CVE-2026-57250 — Foxit PDF Editor/Reader Form Field Use-After-Free Vulnerability

When the application opens a PDF and JavaScript resets the form fields, the script re-enters the interface. The underlying native object is damaged, but the application does not perform validation. T…

pdf_editor pdf_reader | Memory Corruption
Jul 08, 2026 Jul 08, 2026
Jul 08, 2026
Jul 08, 2026
7.8 HIGH
CVE-2026-57256 — Foxit Editor/Reader List Box Format Use-After-Free Vulnerability

When the application opens a PDF and executes JavaScript, it performs abnormal operations on the list box field, and this operation is repeated after the form is reset. During this process, the appli…

pdf_editor pdf_reader | Memory Corruption
Jul 08, 2026 Jul 08, 2026
Jul 08, 2026
Jul 08, 2026
6.1 MEDIUM
CVE-2026-57257 — Security vulnerability in Foxit PDF Editor/Reader — PRC 3D BRep Renderer Heap OOB Read

During the PRC parsing stage, there is a lack of boundary verification for the PRC entity index, which leads to an out-of-bounds read of the entity array. As a result, the application crashes.

pdf_editor pdf_reader | Memory Corruption
Jul 08, 2026 Jul 08, 2026
Jul 08, 2026
Jul 08, 2026
6.1 MEDIUM
CVE-2026-57258 — Foxit PDF Editor/Reader Crash via Malformed PRC 3D Stream

The PRC file header parsing logic trusts the constructed file structure description information, assumes that the underlying array contains elements and reads them, leading to out-of-bounds reads and…

pdf_editor pdf_reader | Memory Corruption
Jul 08, 2026 Jul 08, 2026
Jul 08, 2026
Jul 08, 2026
7.8 HIGH
CVE-2026-57260 — Security vulnerability in Foxit PDF Editor/Reader — U3D Adobe Mesh Decompression (Type Co…

The application opened a PDF file containing an abnormal Unity 3D object. During parsing, the application incorrectly resolved a portion of the abnormal object as a pointer and used it as a valid add…

pdf_editor pdf_reader | Memory Corruption
Jul 08, 2026 Jul 08, 2026
Jul 08, 2026
Jul 08, 2026
9.8 CRITICAL
CVE-2026-9695 — Improper Authentication vulnerability affecting DELMIA Apriso from Release 2020 through R…

An Improper Authentication vulnerability affecting DELMIA Apriso from Release 2020 through Release 2026 could allow an attacker to gain privileged access to the server.

Remote | Authentication
Jul 08, 2026 Jul 08, 2026
Jul 08, 2026
Jul 08, 2026
0.0 NA
CVE-2026-12378 — BookingPress <= 1.1.28 - Unauthenticated PHP Object Injection

The Appointment Booking Calendar Plugin and Scheduling Plugin WordPress plugin through 1.1.28 does not validate data before passing it to a PHP deserialization function, allowing unauthenticated att…

| Injection
Jul 08, 2026 Jul 08, 2026
Jul 08, 2026
Jul 08, 2026
4.3 MEDIUM
CVE-2026-9731 — Wp Js Detect <= 1.0.9 - Cross-Site Request Forgery to Plugin Settings Update

The Wp Js Detect plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.9. This is due to missing or incorrect nonce validation on the plugin_setti…

Remote | Cross-Site Request Forgery
Jul 08, 2026 Jul 08, 2026
Jul 08, 2026
Jul 08, 2026
7.5 HIGH
CVE-2026-9700 — Eventer <= 4.4.2 - Unauthenticated SQL Injection via 'code' Parameter

The Eventer plugin for WordPress is vulnerable to time-based SQL Injection via the ‘code’ parameter in all versions up to, and including, 4.4.2 due to insufficient escaping on the user supplied param…

Remote | Injection
Jul 08, 2026 Jul 08, 2026
Jul 08, 2026
Jul 08, 2026
7.8 HIGH
CVE-2026-57895 — Pupsman Insecure File Permissions Arbitrary Code Execution

Incorrect default permissions issue exists in Pupsman versions prior to 3.9.0. An attacker can place a malicious executable in the installation folder, which results in arbitrary code execution with …

| Misconfiguration
Jul 08, 2026 Jul 08, 2026
Jul 08, 2026
Jul 08, 2026
7.8 HIGH
CVE-2026-56437 — Pupsman DLL Hijacking Vulnerability

Uncontrolled search path element issue exists in Pupsman versions prior to 3.9.0. If a crafted DLL file is placed in the same folder as the affected installer and the installer is executed, arbitrary…

| Path Traversal
Jul 08, 2026 Jul 08, 2026
Jul 08, 2026
Jul 08, 2026
5.3 MEDIUM
CVE-2026-14500 — Bulk Order Update for WooCommerce <= 1.6 - Unauthenticated Arbitrary File Read via 'csv_u…

The Bulk Order Update for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 1.6. This is due to the bouw_fetch_csv_data() AJAX handler being regi…

Remote | Path Traversal
Jul 08, 2026 Jul 08, 2026
Jul 08, 2026
Jul 08, 2026
8.8 HIGH
CVE-2026-14495 — DoLogin Security <= 4.3 - Unauthenticated Authentication Bypass via Insufficient Randomne…

The DoLogin Security plugin for WordPress is vulnerable to Authentication Bypass via Insufficient Randomness in all versions up to, and including, 4.3. The vulnerability exists because `dologin\s::rr…

dologin_security | Remote | Authentication
Jul 08, 2026 Jul 08, 2026
Jul 08, 2026
Jul 08, 2026
8.8 HIGH
CVE-2026-14489 — WHMCS Bridge <= 6.9 - Unauthenticated Arbitrary File Upload via 'ccce' Parameter

The WHMCS Bridge plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the connect() function in all versions up to, and including, 6.9. This makes it po…

Remote | Authentication
Jul 08, 2026 Jul 08, 2026
Jul 08, 2026
Jul 08, 2026
9.8 CRITICAL
CVE-2026-12153 — WP Learn Manager <= 1.1.8 - Missing Authorization to Unauthenticated Arbitrary Plugin Ins…

The WP Learn Manager plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.8. This is due to the plugin not properly verifying that a user is authorized…

Remote | Authorization
Jul 08, 2026 Jul 08, 2026
Jul 08, 2026
Jul 08, 2026
Showing 20 of 7711 Results