Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
8.7 HIGH
CVE-2025-32424 — AutoGPT has a DoS vulnerability in ScreenshotWebPageBlock

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.63, ScreenshotWebPageBlock will store the captured screenshots …

autogpt_platform | Remote | Denial of Service
Jun 18, 2026 Jun 18, 2026
Jun 18, 2026
Jun 18, 2026
8.7 HIGH
CVE-2025-32422 — AutoGPT has a DoS vulnerability in FileStoreBlock with StepThroughItemsBlock

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.63, `StepThroughItemsBlock` can iterate all the contents in a l…

autogpt_platform | Remote | Denial of Service
Jun 18, 2026 Jun 18, 2026
Jun 18, 2026
Jun 18, 2026
8.7 HIGH
CVE-2025-32392 — AutoGPT has a DoS vulnerability in LoopVideoBlock

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.63, AutoGPT's LoopVideoBLock allows users to input a video file…

autogpt_platform | Remote | Denial of Service
Jun 18, 2026 Jun 18, 2026
Jun 18, 2026
Jun 18, 2026
8.8 HIGH

In Eclipse Theia versions prior to 1.71.0, files matching the pattern .prompts/*.prompttemplate in a workspace were automatically loaded and could override or extend the AI agent's system prompts. An…

theia | Remote | Injection
Jun 18, 2026 Jun 22, 2026
Jun 18, 2026
Jun 22, 2026
8.8 HIGH
CVE-2026-44691 — Eclipse Theia Workspace Trust Bypass via Malicious Task Definitions

In Eclipse Theia versions prior to 1.69.0, custom task definitions in workspace files (e.g. .theia/tasks.json, .vscode/tasks.json) could be executed without requiring workspace trust. An attacker cou…

theia | Remote | Authentication
Jun 18, 2026 Jun 22, 2026
Jun 18, 2026
Jun 22, 2026
8.8 HIGH
CVE-2026-44688 — Eclipse Theia Indirect Prompt Injection

In Eclipse Theia versions prior to 1.71.0, the AI chat agent processed workspace file and directory names as part of its prompt context without distinguishing them from system instructions. An attack…

theia | Remote | Injection
Jun 18, 2026 Jun 22, 2026
Jun 18, 2026
Jun 22, 2026
6.7 MEDIUM
CVE-2026-22551 — Eclipse Theia Improper Neutralization of Special Elements used in an Image URI (Image Pat…

In Eclipse Theia versions prior to 1.71.0, the AI chat rendered Markdown image tags from AI responses, triggering HTTP requests to arbitrary external URLs without restriction. Combined with prompt in…

theia | Server-Side Request Forgery
Jun 18, 2026 Jun 22, 2026
Jun 18, 2026
Jun 22, 2026
5.0 MEDIUM
CVE-2026-11791 — 389-ds-base: 389-ds-base: use-after-free in schema reload via attr_syntax_swap_ht()

A flaw was found in 389 Directory Server. During schema reload, the attr_syntax_swap_ht() function unconditionally frees attribute syntax information nodes, bypassing the refcount-based deferred dele…

Jun 18, 2026 Jun 30, 2026
Jun 18, 2026
Jun 30, 2026
8.2 HIGH
CVE-2025-58175 — GeoServer has a Server-Side Request Forgery (SSRF) Vulnerability in its XML Entity Resolu…

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.26.4 and 2.27.3, a GeoServer that uses `ENTITY_RESOLUTION_ALLOWLIST` may allow attacker to …

geoserver | Remote | Server-Side Request Forgery
Jun 18, 2026 Jun 22, 2026
Jun 18, 2026
Jun 22, 2026
7.2 HIGH
CVE-2025-52465 — GeoServer has an arbitrary file write vulnerability in its Master Password Dump Page

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.26.4 and 2.27.3, a vulnerability exists that allows an authenticated administrator with acc…

geoserver | Remote | Information Disclosure
Jun 18, 2026 Jun 24, 2026
Jun 18, 2026
Jun 24, 2026
7.2 HIGH
CVE-2025-27511 — GeoServer DB2 DataStore Extension has a JNDI Vulnerability via Store Connection

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.27.0 of the GeoServer DB2 DataStore Extension, an administrator can perform a JNDI attack th…

geoserver | Remote | Misconfiguration
Jun 18, 2026 Jun 24, 2026
Jun 18, 2026
Jun 24, 2026
9.8 CRITICAL
CVE-2026-9158 — 4diac FORTE Use-After-Free Vulnerability

In Eclipse 4diac FORTE versions 3.0.0 to 3.1.0, a specially crafted DELETE connection command to the management interface can lead to a dangling pointer. This allows subsequent commands to access fre…

Remote | Memory Corruption
Jun 18, 2026 Jun 22, 2026
Jun 18, 2026
Jun 22, 2026
8.8 HIGH
CVE-2026-8461 — Heap out-of-bounds write via odd slice_height in FFmpeg MagicYUV decoder

An out-of-bounds write vulnerability in FFmpeg's libavcodec library, specifically in the MagicYUV decoder, allows denial-of-service and, in some cases, can be exploited for remote code execution. T…

ffmpeg | Remote | Memory Corruption
Jun 18, 2026 Jun 30, 2026
Jun 18, 2026
Jun 30, 2026
9.8 CRITICAL
CVE-2026-8024 — Deserialization vulnerability in ibaPDA and ibaDatCoordinator

A remote, unauthenticated attacker may exploit a deserialization of untrusted data vulnerability in ibaPDA or ibaDatCoordinator to gain full access to the affected systems.

ibadatcoordinator ibapda | Remote | Authentication
Jun 18, 2026 Jun 22, 2026
Jun 18, 2026
Jun 22, 2026
8.5 HIGH
CVE-2026-56012 — WordPress Media LIbrary Assistant plugin <= 3.35 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David Lingren Media LIbrary Assistant allows Blind SQL Injection. This issue affects Media LIbra…

media_library_assistant | Remote | Injection
Jun 18, 2026 Jun 18, 2026
Jun 18, 2026
Jun 18, 2026
5.9 MEDIUM
CVE-2026-56009 — WordPress Bricksable for Bricks Builder plugin <= 1.6.83 - Cross Site Scripting (XSS) vul…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bricksable for Bricks Builder allows Stored XSS. This issue affects Bricksable for Bricks Builde…

bricksable_for_bricks_builder | Remote | Cross-Site Scripting
Jun 18, 2026 Jun 18, 2026
Jun 18, 2026
Jun 18, 2026
5.9 MEDIUM
CVE-2026-56007 — WordPress Ocean Product Sharing plugin <= 2.2.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OceanWP Ocean Product Sharing allows Stored XSS. This issue affects Ocean Product Sharing: from …

Remote | Cross-Site Scripting
Jun 18, 2026 Jun 18, 2026
Jun 18, 2026
Jun 18, 2026
9.8 CRITICAL
CVE-2026-54419 — PIAF-HMS multiple unauthenticated SQL injection vulnerabilities via mysql_query

claudiopizzillo PIAF-HMS (PBX-In-A-Flash Hotel Management System; no released versions, latest commit 389d2633441b65ced1c104212cd62be2bfca21e5) contains multiple unauthenticated SQL injection vulnera…

Remote | Injection
Jun 18, 2026 Jun 22, 2026
Jun 18, 2026
Jun 22, 2026
7.1 HIGH
CVE-2026-54224 — Denial of Service in UBB.threads

UBB.threads is vulnerable to Denial of Service (DoS). By sending multiple concurrent requests to view any user profile on instances with many registered users, an authenticated attacker can easily ex…

Remote | Denial of Service
Jun 18, 2026 Jun 18, 2026
Jun 18, 2026
Jun 18, 2026
8.6 HIGH
CVE-2026-54223 — Remote Code Execution via arbitrary file read and write in UBB.threads

UBB.threads is vulnerable to Path traversal, allowing attackers with privilege to edit templates to read and write any file on the application’s server that application has privileges to, what result…

Remote | Path Traversal
Jun 18, 2026 Jun 18, 2026
Jun 18, 2026
Jun 18, 2026
Showing 20 of 7989 Results