Latest CVE Feed
CVE Intelligence
Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.
Score
Vulnerability
Published
7.5
HIGH
CVE-2026-10056
— CORS misconfiguration in Nx Witness VMS allows session token exfiltration via cross-origi…
CORS misconfiguration in the REST API of Network Optix Nx Witness VMS before version 6.1.2, when running in the default Standard security mode, on Linux and Windows allows an unauthenticated remote a…
Remote
|
Misconfiguration
May 29, 2026
Jun 01, 2026
May 29, 2026
Jun 01, 2026
4.1
MEDIUM
CVE-2026-10052
— Quay/config-tool: quay/config-tool: ssrf via unfiltered ldap and smtp config validation e…
A flaw was found in the Quay config-tool's LDAP and SMTP validation functions. An attacker with config editor access can exploit these functions, which make outbound connections to user-supplied endp…
May 29, 2026
May 29, 2026
May 29, 2026
May 29, 2026
4.9
MEDIUM
CVE-2026-10039
— Frontend Admin by DynamiApps <= 3.28.28 - Authenticated (Administrator+) SQL Injection vi…
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to generic SQL Injection via the 'order' parameter in all versions up to, and including, 3.28.28 due to insufficient escaping on th…
May 29, 2026
May 29, 2026
May 29, 2026
May 29, 2026