Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
8.5 HIGH
CVE-2026-56012 — WordPress Media LIbrary Assistant plugin <= 3.35 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David Lingren Media LIbrary Assistant allows Blind SQL Injection. This issue affects Media LIbra…

media_library_assistant | Remote | Injection
Jun 18, 2026 Jun 18, 2026
Jun 18, 2026
Jun 18, 2026
5.9 MEDIUM
CVE-2026-56009 — WordPress Bricksable for Bricks Builder plugin <= 1.6.83 - Cross Site Scripting (XSS) vul…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bricksable for Bricks Builder allows Stored XSS. This issue affects Bricksable for Bricks Builde…

bricksable_for_bricks_builder | Remote | Cross-Site Scripting
Jun 18, 2026 Jun 18, 2026
Jun 18, 2026
Jun 18, 2026
5.9 MEDIUM
CVE-2026-56007 — WordPress Ocean Product Sharing plugin <= 2.2.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OceanWP Ocean Product Sharing allows Stored XSS. This issue affects Ocean Product Sharing: from …

Remote | Cross-Site Scripting
Jun 18, 2026 Jun 18, 2026
Jun 18, 2026
Jun 18, 2026
9.8 CRITICAL
CVE-2026-54419 — PIAF-HMS multiple unauthenticated SQL injection vulnerabilities via mysql_query

claudiopizzillo PIAF-HMS (PBX-In-A-Flash Hotel Management System; no released versions, latest commit 389d2633441b65ced1c104212cd62be2bfca21e5) contains multiple unauthenticated SQL injection vulnera…

Remote | Injection
Jun 18, 2026 Jun 22, 2026
Jun 18, 2026
Jun 22, 2026
7.1 HIGH
CVE-2026-54224 — Denial of Service in UBB.threads

UBB.threads is vulnerable to Denial of Service (DoS). By sending multiple concurrent requests to view any user profile on instances with many registered users, an authenticated attacker can easily ex…

Remote | Denial of Service
Jun 18, 2026 Jun 18, 2026
Jun 18, 2026
Jun 18, 2026
8.6 HIGH
CVE-2026-54223 — Remote Code Execution via arbitrary file read and write in UBB.threads

UBB.threads is vulnerable to Path traversal, allowing attackers with privilege to edit templates to read and write any file on the application’s server that application has privileges to, what result…

Remote | Path Traversal
Jun 18, 2026 Jun 18, 2026
Jun 18, 2026
Jun 18, 2026
8.6 HIGH
CVE-2026-54222 — Blind SQL Injection in UBB.threads

UBB.threads is vulnerable to Blind SQL Injection, allowing attackers with access to the Members in Control Panel to interact with the underlying database. Due to insufficient input sanitization, an a…

Remote | Injection
Jun 18, 2026 Jun 18, 2026
Jun 18, 2026
Jun 18, 2026
5.1 MEDIUM
CVE-2026-54221 — Reflected XSS in UBB.threads

UBB.threads is vulnerable to Reflected XSS. The application improperly handles user input in certain requests, enabling attackers to execute arbitrary JavaScript in the context of a victim's browser …

Remote | Cross-Site Scripting
Jun 18, 2026 Jun 18, 2026
Jun 18, 2026
Jun 18, 2026
8.6 HIGH
CVE-2026-54220 — Cross-Site Request Forgery in UBB.threads

uBB.threads is vulnerable to a Cross-Site Request Forgery (CSRF) due to a lack of protective mechanisms. This allows an attacker to trick an authenticated user into executing unintended actions. Bec…

Remote | Cross-Site Request Forgery
Jun 18, 2026 Jun 18, 2026
Jun 18, 2026
Jun 18, 2026
5.1 MEDIUM
CVE-2026-54219 — Stored XSS in UBB.threads

UBB.threads is vulnerable to Stored XSS via user posts and user profile fields. The application fails to properly sanitize user input, allowing low privileged attackers to inject arbitrary JavaScript…

Remote | Cross-Site Scripting
Jun 18, 2026 Jun 18, 2026
Jun 18, 2026
Jun 18, 2026
7.1 HIGH
CVE-2026-50141 — Woodpecker gRPC agent_id metadata can be spoofed- cross-tenant agent impersonation

Woodpecker is a CI/CD engine. Starting in version 3.0.0 and prior to version 3.14.1, a vulnerability in Woodpecker CI's gRPC layer allowed any authenticated agent to impersonate any other agent on th…

woodpecker | Remote | Authentication
Jun 18, 2026 Jun 23, 2026
Jun 18, 2026
Jun 23, 2026
6.5 MEDIUM
CVE-2026-44942 — libzypp .repo files can have an optional path which can lead to path traversal attacks

A path traversal in handling the "path" component of .repo files processed by libzypp before 17.38.13 in the 17.x series, or before 16.22.19 could be used by attackers to fill directories on the syst…

libzypp | Remote | Path Traversal
Jun 18, 2026 Jun 22, 2026
Jun 18, 2026
Jun 22, 2026
6.5 MEDIUM
CVE-2026-42490 — domctl lock open to abuse

[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To create and manage guests, domctl operations are used by the contro…

xen | Remote | Race Condition
Jun 18, 2026 Jun 22, 2026
Jun 18, 2026
Jun 22, 2026
5.3 MEDIUM
CVE-2026-42489 — domctl lock open to abuse

[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To create and manage guests, domctl operations are used by the contro…

xen | Race Condition
Jun 18, 2026 Jun 22, 2026
Jun 18, 2026
Jun 22, 2026
8.1 HIGH
CVE-2026-42488 — x86: mismatched mapcache metadata

Some shadow paging errors paths will switch the page-tables without updating the currently running vCPU reference. This causes a mismatch between the loaded page-tables and the mapcache metadata whi…

xen | Remote | Memory Corruption
Jun 18, 2026 Jun 22, 2026
Jun 18, 2026
Jun 22, 2026
7.9 HIGH
CVE-2026-42487 — x86 HVM I/O port list traversal

HVM guest I/O port accesses are subject to either emulation or at least translation. Translations are managed by the device model (via XEN_DOMCTL_ioport_mapping), and hence the linked list used may …

xen | Race Condition
Jun 18, 2026 Jun 22, 2026
Jun 18, 2026
Jun 22, 2026
2.1 LOW
CVE-2026-40457 — Reflected XSS in LMS

A Reflected Cross-Site Scripting (XSS) vulnerability exists in LMS (LAN Management System) before commit 9c5651b in the "dbrecover.php" and "netremap.php" modules where unsanitized GET parameters are…

lms | Remote | Cross-Site Scripting
Jun 18, 2026 Jun 22, 2026
Jun 18, 2026
Jun 22, 2026
8.6 HIGH
CVE-2026-40456 — OS Command Injection in LMS

An OS Command Injection vulnerability exists in LMS (LAN Management System) before commit 9fcb4de due to an IP address parameter being passed to the "exec()" function without proper validation, allow…

lms | Injection
Jun 18, 2026 Jun 22, 2026
Jun 18, 2026
Jun 22, 2026
8.6 HIGH
CVE-2026-40455 — SQL Injection in LMS

An SQL Injection vulnerability exists in LMS (LAN Management System) before commit 4cb30a7 within the "tarifflist.php" module due to insufficient sanitization of the POST "tg[]" parameter. The applic…

lms | Injection
Jun 18, 2026 Jun 22, 2026
Jun 18, 2026
Jun 22, 2026
5.7 MEDIUM
CVE-2026-12539 — Docker Sandboxes ICMP egress restriction bypass after daemon restart

Docker Sandboxes (sbx) blocks ICMP egress with an authorizer applied only at network-creation time, and does not re-apply it to networks rebuilt from disk when the Docker daemon restarts, so a restar…

sandboxes | Misconfiguration
Jun 18, 2026 Jun 30, 2026
Jun 18, 2026
Jun 30, 2026
Showing 20 of 7983 Results