Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
8.6 HIGH
CVE-2026-53876 — RadiX Command Injection

RadiX AX6600 WiFi 6 Tri-Band Gaming Router contains an OS command injection vulnerability, which may lead to arbitrary command execution with the root privilege by a user who logs in to the web conso…

| Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.8 CRITICAL
CVE-2026-52706 — WordPress JetEngine plugin <= 3.8.10 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in JetEngine <= 3.8.10 versions.

jetengine | Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.0 CRITICAL
CVE-2026-52705 — WordPress SigmaForms Pro – AI Generated Forms plugin <= 1.4.5 - Arbitrary File Upload vul…

Unauthenticated Arbitrary File Upload in SigmaForms Pro – AI Generated Forms <= 1.4.5 versions.

Remote | Misconfiguration
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
7.4 HIGH
CVE-2026-52698 — WordPress PushEngage – Web Push Notifications, eCommerce Automation & Chat Widget plugin …

Subscriber Sensitive Data Exposure in PushEngage – Web Push Notifications, eCommerce Automation &amp; Chat Widget <= 4.2.3 versions.

Remote | Information Disclosure
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
7.5 HIGH
CVE-2026-52696 — WordPress JetBlog plugin <= 2.4.8 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in JetBlog <= 2.4.8 versions.

Remote | Information Disclosure
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.1 CRITICAL
CVE-2026-50203 — Apache Airflow SFTP provider: Path traversal in SFTPHook.retrieve_directory allows local …

A path traversal in the SFTP provider (`SFTPHook.retrieve_directory` / `SFTPOperator(operation=get)`) let a malicious or compromised remote SFTP server write files outside the configured local destin…

apache-airflow-providers-sftp | Remote | Path Traversal
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
7.1 HIGH
CVE-2026-49778 — WordPress WPFunnels Pro plugin <= 2.9.4 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in WPFunnels Pro <= 2.9.4 versions.

Remote | Cross-Site Scripting
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.8 CRITICAL
CVE-2026-49767 — WordPress wpForo Forum plugin <= 3.1.0 - Broken Authentication vulnerability

Unauthenticated Broken Authentication in wpForo Forum <= 3.1.0 versions.

wpforo_forum | Remote | Authentication
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.5 HIGH
CVE-2026-49113 — WordPress Cornerstone plugin < 7.8.8 - Arbitrary Code Execution vulnerability

Subscriber Arbitrary Code Execution in Cornerstone < 7.8.8 versions.

Remote | Memory Corruption
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.8 CRITICAL
CVE-2026-49107 — WordPress Thrive Apprentice plugin < 10.8.10.2 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Thrive Apprentice < 10.8.10.2 versions.

thrive_apprentice | Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.3 CRITICAL
CVE-2026-49084 — WordPress JetEngine plugin < 3.8.9.1 - SQL Injection vulnerability

Unauthenticated SQL Injection in JetEngine < 3.8.9.1 versions.

jetengine | Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.2 HIGH
CVE-2026-49081 — WordPress User Registration Stripe plugin <= 1.3.12 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in User Registration Stripe <= 1.3.12 versions.

Remote | Authorization
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.3 CRITICAL
CVE-2026-49080 — WordPress wpDataTables plugin <= 7.3.6 - SQL Injection vulnerability

Unauthenticated SQL Injection in wpDataTables <= 7.3.6 versions.

Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.3 CRITICAL
CVE-2026-49079 — WordPress JetSearch plugin <= 3.5.17 - SQL Injection vulnerability

Unauthenticated SQL Injection in JetSearch <= 3.5.17 versions.

Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.3 CRITICAL
CVE-2026-49076 — WordPress JetEngine plugin <= 3.8.9.1 - SQL Injection vulnerability

Unauthenticated SQL Injection in JetEngine <= 3.8.9.1 versions.

jetengine | Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.8 CRITICAL
CVE-2026-49075 — WordPress JetEngine plugin <= 3.8.9.1 - PHP Object Injection vulnerability

Contributor PHP Object Injection in JetEngine <= 3.8.9.1 versions.

jetengine | Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
7.1 HIGH
CVE-2026-49074 — WordPress JetEngine plugin <= 3.8.9.1 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.9.1 versions.

jetengine | Remote | Cross-Site Scripting
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.5 HIGH
CVE-2026-49073 — WordPress Directorist Booking plugin <= 3.0.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpWax Directorist Booking allows Blind SQL Injection. This issue affects Directorist Booking: fr…

Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
6.5 MEDIUM
CVE-2026-49072 — WordPress WooCommerce Anti-Fraud plugin <= 7.2.6 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in WooCommerce Anti-Fraud <= 7.2.6 versions.

Remote | Authorization
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
6.5 MEDIUM
CVE-2026-49071 — WordPress WooCommerce Dropshipping plugin <= 5.2.4 - Broken Authentication vulnerability

Unauthenticated Broken Authentication in WooCommerce Dropshipping <= 5.2.4 versions.

woocommerce_dropshipping | Remote | Authentication
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Showing 20 of 7988 Results