Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
7.5 HIGH
CVE-2026-54846 — WordPress Syncee Premium Dropshipping & Wholesale plugin <= 1.0.27 - Broken Access Contro…

Unauthenticated Broken Access Control in Syncee Premium Dropshipping &amp; Wholesale <= 1.0.27 versions.

syncee_-_global_dropshipping | Remote | Authorization
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
7.3 HIGH
CVE-2026-54840 — WordPress Newsletters plugin <= 4.13 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Newsletters <= 4.13 versions.

newsletters | Remote | Authorization
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
7.5 HIGH
CVE-2026-54839 — WordPress Trinity Backup – Backup, Migrate, Restore, Clone & Schedule Backups plugin <= 2…

Unauthenticated Sensitive Data Exposure in Trinity Backup &#8211; Backup, Migrate, Restore, Clone &amp; Schedule Backups <= 2.0.9 versions.

Remote | Information Disclosure
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
7.5 HIGH
CVE-2026-54837 — WordPress Intranet & Private Site – All-In-One Intranet plugin <= 1.8.1 - Broken Access C…

Unauthenticated Broken Access Control in Intranet &amp; Private Site &#8211; All-In-One Intranet <= 1.8.1 versions.

Remote | Authorization
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
7.5 HIGH
CVE-2026-54835 — WordPress Five Star Restaurant Menu plugin <= 2.5.2 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Five Star Restaurant Menu <= 2.5.2 versions.

five_star_restaurant_menu | Remote | Authorization
Jun 26, 2026 Jun 29, 2026
Jun 26, 2026
Jun 29, 2026
7.5 HIGH
CVE-2026-54834 — WordPress Object Cache 4 everyone plugin <= 2.3.2 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in Object Cache 4 everyone <= 2.3.2 versions.

Remote | Information Disclosure
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
7.4 HIGH
CVE-2026-54833 — WordPress Enable CORS plugin <= 2.0.3 - Backdoor vulnerability

Unauthenticated Backdoor in Enable CORS <= 2.0.3 versions.

Remote | Authentication
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
7.5 HIGH
CVE-2026-54832 — WordPress Gutenverse Companion plugin <= 2.5.0 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Gutenverse Companion <= 2.5.0 versions.

Remote | Authorization
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
9.3 CRITICAL
CVE-2026-54831 — WordPress GeoDirectory plugin <= 2.8.162 - SQL Injection vulnerability

Unauthenticated SQL Injection in GeoDirectory <= 2.8.162 versions.

geodirectory | Remote | Injection
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
9.3 CRITICAL
CVE-2026-54827 — WordPress Real Estate 7 theme <= 3.5.9 - SQL Injection vulnerability

Unauthenticated SQL Injection in Real Estate 7 <= 3.5.9 versions.

Remote | Injection
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
7.6 HIGH
CVE-2026-54826 — WordPress SupportCandy plugin <= 3.4.6 - Insecure Direct Object References (IDOR) vulnera…

Subscriber Insecure Direct Object References (IDOR) in SupportCandy <= 3.4.6 versions.

supportcandy | Remote | Authorization
Jun 26, 2026 Jun 29, 2026
Jun 26, 2026
Jun 29, 2026
9.3 CRITICAL
CVE-2026-54825 — WordPress wpDataTables plugin <= 7.4 - SQL Injection vulnerability

Unauthenticated SQL Injection in wpDataTables <= 7.4 versions.

wpdatatables | Remote | Injection
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
7.5 HIGH
CVE-2026-54824 — WordPress Ads by WPQuads plugin <= 3.0.3 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in Ads by WPQuads <= 3.0.3 versions.

ads | Remote | Information Disclosure
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
9.3 CRITICAL
CVE-2026-54820 — WordPress JetBooking plugin <= 4.0.4.1 - SQL Injection vulnerability

Unauthenticated SQL Injection in JetBooking <= 4.0.4.1 versions.

Remote | Injection
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
6.5 MEDIUM
CVE-2026-52701 — WordPress User Registration plugin <= 5.2.2 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in User Registration <= 5.2.2 versions.

Remote | Authorization
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
6.5 MEDIUM
CVE-2026-4339 — SSRF via unvalidated attachment URLs in Mattermost Agents plugin MCP server

Mattermost versions 10.11.x <= 10.11.18, 11.6.x <= 11.6.3, 11.5.x <= 11.5.6 fail to validate attachment URLs against internal or private IP ranges in the Mattermost Agents plugin MCP server which all…

mattermost_server legal_hold | Server-Side Request Forgery
Jun 26, 2026 Jun 29, 2026
Jun 26, 2026
Jun 29, 2026
7.8 HIGH
CVE-2026-45257 — Arbitrary file overwrite via the KTLS receive path

The KTLS receive path decrypted each record in place, assuming that the mbufs holding received data were anonymous and safe to modify. This assumption does not hold for data placed on a socket by se…

freebsd | Memory Corruption
Jun 26, 2026 Jun 27, 2026
Jun 26, 2026
Jun 27, 2026
5.5 MEDIUM
CVE-2026-45256 — Missing permission check in thr_kill2(2)

When used to deliver a signal to a specific thread, thr_kill2(2) called p_cansignal() to determine whether the operation was permitted but did not check the result before delivering the signal. The …

freebsd | Authorization
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
3.5 LOW
CVE-2026-3472 — Markdown image rendering bypass in AI bot tool result posts in Mattermost

Mattermost versions 10.11.x <= 10.11.18, 11.6.x <= 11.6.3, 11.5.x <= 11.5.6 fail to properly apply markdown image rendering restrictions to AI bot tool result posts, which allows an authenticated att…

mattermost_server legal_hold | Remote | Cross-Site Scripting
Jun 26, 2026 Jun 29, 2026
Jun 26, 2026
Jun 29, 2026
7.5 HIGH

An integer overflow in the PSD parser compnent of FastStone Image Viewer v8.3 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via supplying a crafted PSD file.

Remote | Memory Corruption
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
Showing 20 of 7989 Results