Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
0.0 NA
CVE-2026-11702 — Bytes::Random::Secure::Tiny versions through 1.011 for Perl share internal state across f…

Bytes::Random::Secure::Tiny versions through 1.011 for Perl share internal state across forked processes. When an object is initialised before forking, then the internal state for the PRNG is shared…

| Cryptography
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
0.0 NA
CVE-2026-11625 — Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked p…

Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes. When an object is initialised before forking, or when the functional interface is used, then the in…

| Cryptography
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
0.0 NA
CVE-2026-1869 — User Registration & Membership <= 5.2.0 - Missing Authorization to Unauthenticated Paymen…

The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin for WordPress is vulnerable to unauthor…

| Authentication
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
8.3 HIGH
CVE-2026-2053 — Unauthenticated Server-Side Request Forgery via WS-Addressing in WSO2 API Manager

The WSO2 API Manager's message flow component, when processing WS-Addressing headers, does not sufficiently validate or restrict user-controlled input within these headers. This omission allows an at…

api_manager | Remote | Server-Side Request Forgery
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
9.8 CRITICAL
CVE-2026-57881 — GV-LPC2011/LPC2211 - unauthorized stack-based buffer overflow vulnerability (vlsvr)

An unauthenticated stack-based buffer overflow vulnerability exists in vlsvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient length validation wh…

Remote | Memory Corruption
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
9.8 CRITICAL
CVE-2026-57880 — GV-LPC2011/LPC2211 - unauthorized buffer overflow via RTSP Digest username (ssvr)

An unauthenticated stack-based buffer overflow vulnerability exists in ssvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when …

Remote | Memory Corruption
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
9.8 CRITICAL
CVE-2026-57879 — GV-LPC2011/LPC2211 - unauthorized buffer overflow via AuthMode/AuthValue path (ssvr)

An unauthenticated stack-based buffer overflow vulnerability exists in ssvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when …

Remote | Memory Corruption
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
9.8 CRITICAL
CVE-2026-57878 — GV-LPC2011/LPC2211 - unauthorized buffer overflow vulnerability (thttpd)

An unauthenticated stack-based buffer overflow vulnerability exists in thttpd in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking whe…

Remote | Memory Corruption
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
8.6 HIGH
CVE-2026-57877 — GV-LPC2011/LPC2211 - unauthorized format string vulnerability (vlsvr)

An unauthenticated format string vulnerability exists in vlsvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper handling of externally controlled inpu…

Remote | Information Disclosure
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
7.5 HIGH
CVE-2026-57876 — GV-LPC2011/LPC2211 - unauthorized out-of-bounds writing vulnerability (onvif.cgi)

An unauthenticated out-of-bounds write vulnerability exists in onvif.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when pro…

Remote | Memory Corruption
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
7.5 HIGH
CVE-2026-57875 — GV-LPC2011/LPC2211 - unauthorized null pointer dereference vulnerability in packet parsing

An unauthenticated NULL pointer dereference vulnerability exists in the HTTP request parsing logic of multiple CGI components in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerabili…

Remote | Denial of Service
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
7.5 HIGH
CVE-2026-57874 — GV-LPC2011/LPC2211 - unauthorized buffer overflow vulnerability (IEEE8021x_upload.cgi)

An unauthenticated buffer overflow vulnerability exists in IEEE8021x_upload.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking w…

Remote | Memory Corruption
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
7.5 HIGH
CVE-2026-57873 — GV-LPC2011/LPC2211 - unauthorized null pointer dereference vulnerability (IEEE8021x_uploa…

An unauthenticated NULL pointer dereference vulnerability exists in IEEE8021x_upload.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper validation o…

Remote | Denial of Service
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
7.5 HIGH
CVE-2026-57872 — GV-LPC2011/LPC2211 - unauthorized directory traversal vulnerability (get_fcont.cgi)

An unauthenticated directory traversal vulnerability exists in get_fcont.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient validation of user-s…

Remote | Path Traversal
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
0.0 NA
CVE-2026-49486 — Apache Airflow FTP provider: FTP Provider does not protect FTPS data channel (missing PRO…

The Apache Airflow FTP provider's `FTPSHook.get_conn()` created an `ftplib.FTP_TLS` connection but never called `prot_p()`, so although the control channel was TLS-protected the data channel was tran…

| Cryptography
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
0.0 NA
CVE-2026-8380 — Frontend File Manager Plugin <= 23.6 - Author+ Arbitrary Post Deletion

The Frontend File Manager Plugin WordPress plugin through 23.6 does not properly verify ownership of every targeted post before permanent deletion, allowing authenticated users with author-level acce…

| Authorization
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
0.0 NA
CVE-2026-10835 — SALESmanago & Leadoo < 3.11.3 - Subscriber+ SQL Injection

The SALESmanago & Leadoo WordPress plugin before 3.11.3 does not properly sanitise and escape a parameter passed to one of its AJAX actions before using it in a SQL statement, and fails to enforce au…

| Injection
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
0.0 NA
CVE-2026-10823 — YMC Smart Filter < 3.11.3 - Unauthenticated Private/Draft Post Disclosure

The YMC Filter WordPress plugin before 3.11.3 does not properly authorize access to one of its REST API endpoints and does not validate a user-supplied query parameter, allowing unauthenticated attac…

| Authorization
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
0.0 NA
CVE-2025-10268 — Printcart Web to Print Product Designer for WooCommerce <= 2.4.8 - Unauthenticated Folder…

The Printcart Web to Print Product Designer for WooCommerce WordPress plugin through 2.4.8 is vulnerable to path traversal which makes it possible for the attacker to retrieve the directory listing f…

| Path Traversal
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
8.5 HIGH
CVE-2026-8797

An access control deficiency vulnerability exists in ExpressUpdate Agent for Windows. If a malicious user gains access to the product, arbitrary code could be executed with SYSTEM privileges.

| Authorization
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
Showing 20 of 8137 Results