Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
9.5 CRITICAL
CVE-2026-44946 — SAML Authentication Replay in Rancher

A SAML authentication replay vulnerability in Rancher's Assertion Consumer Service (ACS) handler did not enforce one-time use of SAML assertion, potentially allowing person in the middle attacks ag…

rancher | Remote | Authentication
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
7.5 HIGH
CVE-2026-53433 — Denial of Service in fzf

fzf is vulnerable to a Denial of Service (DoS) due to inefficient HTTP body processing in the --listen mode due to inefficient HTTP body processing using repeated string concatenation, resulting in q…

Remote | Denial of Service
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
7.5 HIGH
CVE-2026-53432 — Integer Overflow in fzf

fzf is vulnerable to Integer Overflow leading to crash in FuzzyMatchV2 function. When input line length is approximately 2,200,000 bytes and pattern length is 999 bytes, the product overflows. The Go…

Remote | Memory Corruption
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
8.8 HIGH
CVE-2026-41053 — Over-inclusive team membership expansion in GitHub App authentication provider for Rancher

Incorrect authentication caching in the team member ship expansion of the Rancher Github authentication provider caused it granting principal access to any logged in user, in 2.13 before 2.13.6 and 2…

rancher rancher | Remote | Authentication
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
4.4 MEDIUM
CVE-2026-13316 — Foreman: ssrf to cloud metada service through unvalidated test_url parameters in foreman …

A flaw has been found in foreman when HTTP parameters are modified in http_proxies_controller and http_proxy files. Attackers can perform an SSRF attack and steal cloud metadata service on AWS/GCP/Az…

satellite satellite | Server-Side Request Forgery
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
9.8 CRITICAL
CVE-2026-9711 — EventON - WordPress Virtual Event Calendar Plugin <= 5.0.11 - Unauthenticated Blind SQL I…

The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress (full) is vulnerable to SQL Injection via the WordPress 'search' parameter in versions up to, and including, 5.0.11 due to i…

eventon | Remote | Injection
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
7.2 HIGH
CVE-2026-8141 — Ajax Load More - Filters <= 3.4.1 - Unauthenticated Stored Cross-Site Scripting via 'taxo…

The Ajax Load More - Filters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'taxonomy_include_children' parameter in all versions up to, and including, 3.4.1 due to insuffi…

Remote | Cross-Site Scripting
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
5.1 MEDIUM
CVE-2026-6954 — Multiple vulnerabilities in Intermark IT's WebControl CMS

Cross-Site Scripting (XSS) vulnerability in Intermark IT's WebControl CMS v3.5. This vulnerability allows an attacker to execute JavaScript code or inject a dynamic iframe into the victim’s browser b…

Remote | Cross-Site Scripting
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
5.1 MEDIUM
CVE-2026-6953 — Multiple vulnerabilities in Intermark IT's WebControl CMS

HTML injection vulnerability in Intermark IT's WebControl CMS v3.5. This vulnerability allows an attacker to send an email containing malicious HTML code to a victim via the contact form. To exploit …

Remote | Injection
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
7.7 HIGH
CVE-2026-13149 — brace-expansion Denial of Service

brace-expansion through 5.0.6 is vulnerable to denial of service. The expand() function exhibits exponential-time complexity in the number of consecutive non-expanding '{}' brace groups. An attacker …

brace-expansion | Remote | Denial of Service
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
6.4 MEDIUM
CVE-2026-12610 — Sssd: use-after-free crash in sssd' 'sssd_pam' process

A flaw was found in sssd. When authenticating with a YubiKey, the SSSD PAM responder can crash due to a use-after-free vulnerability, where a memory pointer is incorrectly handled. A local attacker c…

Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
9.3 CRITICAL
CVE-2026-12076 — SQL Injection in Raytha CMS

Raytha CMS is vulnerable to SQL Injection within the OData filter parsing pipeline.  The vulnerability allows a remote, unauthenticated attacker to execute arbitrary SQL statements against the under…

raytha | Remote | Injection
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
7.0 HIGH
CVE-2026-10763 — PROMOD V Insecure HTTP Communication

PROMOD V is using insecure HTTP communication instead of HTTPS. The vulnerability is due to the lack of HTTPS support from 3rd party Digipede server.

Remote | Misconfiguration
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
7.8 HIGH
CVE-2025-7406 — A Sudo Privilege Escalation Vulnerability in Nokia MantaRay NM

Nokia MantaRay NM is vulnerable to a sudo privilege escalation vulnerability where a local attacker possessing administrative (local admin) privileges can escalate to full root privileges on the host…

mantaray_nm | Authorization
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
6.5 MEDIUM
CVE-2025-24816 — An Improper Access Control vulnerability in Nokia MantaRay NM

Nokia MantaRay is subject to an Improper Access Control vulnerability due to insufficient authorization within the API. Successful exploitation could allow an authenticated attacker to retrieve confi…

mantaray_nm | Remote | Authorization
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
7.8 HIGH
CVE-2025-24815 — An unrestricted file upload vulnerability in Nokia MantaRay NM

Nokia MantaRay NM is subject to an unrestricted file upload vulnerability due to insufficient file type validation. Successful exploitation could allow an authenticated attacker to upload malicious f…

mantaray_nm | Misconfiguration
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
7.5 HIGH
CVE-2026-49434 — Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All: LdapNetworkConnector instan…

Improper Input Validation vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. An attacker that has access to publish or modify entries in LDAP that match the configured se…

activemq activemq_broker | Remote | Misconfiguration
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
7.5 HIGH
CVE-2026-49432 — Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp: STOMP negative content-lengt…

Improper Input Validation vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. A remote unauthenticated peer that can reach an exposed STOMP connector can trigger denial-of-…

activemq | Remote | Denial of Service
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
8.1 HIGH
CVE-2026-49877 — Apache ActiveMQ: Authenticated web users retain admin access by default in the Web Console

Improper Authorization vulnerability in Apache ActiveMQ. An authenticated low-privilege Web Console user by default can access /admin/* paths in the Web Console. The default Jetty settings incorrect…

activemq | Remote | Authorization
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
7.5 HIGH
CVE-2026-50734 — Apache ActiveMQ Client, Apache ActiveMQ, Apache ActiveMQ All: Pre-authentication OpenWire…

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ Client, Apache ActiveMQ, Apache ActiveMQ All. An unauthenticated network attacker can cause a broker DoS by sending a cra…

activemq | Remote | Denial of Service
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
Showing 20 of 7990 Results