Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
7.5 HIGH
CVE-2026-54829 — WordPress WP Photo Album Plus plugin <= 9.1.13.005 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jacob N. Breetvelt WP Photo Album Plus allows Blind SQL Injection. This issue affects WP Photo A…

Remote | Injection
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
7.5 HIGH
CVE-2026-54828 — WordPress Motors plugin <= 1.4.109 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Motors <= 1.4.109 versions.

Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
9.9 CRITICAL
CVE-2026-54823 — WordPress Widget Options plugin <= 4.2.3 - Remote Code Execution (RCE) vulnerability

Contributor Remote Code Execution (RCE) in Widget Options <= 4.2.3 versions.

Remote | Injection
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
8.5 HIGH
CVE-2026-54822 — WordPress SALESmanago & Leadoo plugin <= 3.11.2 - SQL Injection vulnerability

Subscriber SQL Injection in SALESmanago & Leadoo <= 3.11.2 versions.

salesmanago | Remote | Injection
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
7.4 HIGH
CVE-2026-54821 — WordPress Visual Link Preview plugin <= 2.3.1 - Sensitive Data Exposure vulnerability

Subscriber Sensitive Data Exposure in Visual Link Preview <= 2.3.1 versions.

visual_link_preview | Remote | Information Disclosure
Jun 25, 2026 Jun 26, 2026
Jun 25, 2026
Jun 26, 2026
5.9 MEDIUM
CVE-2026-52690 — Spoofed answers can mark an authoritative non-EDNS capable

Spoofing replies to Recursor might mark an IP of an authoritative server as not supporting EDNS, causing valdiation of DNSSEC records served by that server to fail.

recursor | Remote | Misconfiguration
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
7.1 HIGH
CVE-2026-4526 — Global ZCL command parser missing minimum-length validation in EmberZNet v9.0.2

In EmberZNet v9.0.2 and earlier, malformed global ZCL messages can trigger out-of-bounds reads in framework parsing logic and terminate the process. These messages must come from a device that has al…

emberznet | Remote | Memory Corruption
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
7.2 HIGH
CVE-2026-49506 — Dell Wyse Management Suite Path Traversal RCE

Dell Wyse Management Suite, versions prior to WMS 5.5 HF1, contain an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. A high privileged attacker with rem…

wyse_management_suite | Remote | Path Traversal
Jun 25, 2026 Jun 26, 2026
Jun 25, 2026
Jun 26, 2026
7.1 HIGH
CVE-2026-47154 — Simple Metering GetProfileResponse interval-bounds bug in EmberZNet v9.0.2

In EmberZNet v9.0.2 and earlier, a malformed GetProfileResponse message can trigger out-of-bounds reads while iterating interval entries and terminate the process. These messages must come from a dev…

emberznet | Remote | Memory Corruption
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
7.1 HIGH
CVE-2026-47153 — Level Control Step With On/Off divide-by-zero in EmberZNet v9.0.2

In EmberZNet v9.0.2 and earlier, a malformed Level Control Step command can terminate the process through a divide-by-zero fault. This command must come from a device that has already joined the netw…

emberznet | Remote | Denial of Service
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
7.1 HIGH
CVE-2026-47152 — Level Control Move divide-by-zero in EmberZNet v9.0.2

In EmberZNet v9.0.2 and earlier, a malformed Level Control Move command can terminate the process through a divide-by-zero fault. This command must come from a device that has already joined the netw…

emberznet | Remote | Denial of Service
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
7.1 HIGH
CVE-2026-47151 — Door Lock ClearWeekdaySchedule invalid table index and write in EmberZNet v9.0.2

In EmberZNet v9.0.2 and earlier, malformed ClearWeekdaySchedule messages can trigger out-of-bounds writes into Door Lock schedule state. The size and location of this data is limited. These messages …

emberznet | Remote | Memory Corruption
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
7.1 HIGH
CVE-2026-47150 — IAS Zone enroll invalid table index and write in EmberZNet 9.0.2

In EmberZNet v9.0.2 and earlier, malformed IAS Zone enrollment messages can trigger an out-of-bounds state-table write and terminate the process. The size and location of this write is limited. These…

emberznet | Remote | Memory Corruption
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
7.1 HIGH
CVE-2026-47149 — Door Lock GetUserType invalid table index in EmberZNet v9.0.2

In EmberZNet v9.0.2 and earlier, malformed or out-of-range Door Lock user identifiers can trigger out-of-bounds table reads and terminate the process. These messages must come from a device that has …

emberznet | Remote | Denial of Service
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
7.1 HIGH
CVE-2026-47148 — Groups GetGroupMembership count/list-length mismatch in EmberZNet v9.0.2

In EmberZNet v9.0.2 and earlier, malformed GetGroupMembership commands can trigger repeated reads past the end of the message payload and terminate the process. These messages must come from a device…

emberznet | Remote | Denial of Service
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
7.1 HIGH
CVE-2026-47147 — OTA server raw parser missing per-field bounds validation in EmberZNet v9.0.2

In EmberZNet v9.0.2 and earlier, malformed OTA requests can drive the OTA server parser into out-of-bounds reads. A limited amount of data from RAM is read back to the requester. The size and locatio…

emberznet | Remote | Information Disclosure
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
7.1 HIGH
CVE-2026-47146 — Color Control color-temperature assertion abort in EmberZNet v9.0.2

In EmberZNet v9.0.2 and earlier, malformed Color Control messages can lead to asserts that terminate the process. These messages must come from a device that has already joined the network. Only devi…

emberznet | Remote | Denial of Service
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
7.1 HIGH
CVE-2026-47145 — Color Control hue/saturation assertion abort in EmberZNet v9.0.2

In EmberZNet v9.0.2 and earlier, malformed Color Control messages can lead to asserts that terminate the process. These messages must come from a device that has already joined the network. Only devi…

emberznet | Remote | Denial of Service
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
7.8 HIGH

Dell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain an Improper Certificate Validation vulnerability. A low privileged attacker with local access could potentially exploit …

display_and_peripheral_manager | Misconfiguration
Jun 25, 2026 Jun 29, 2026
Jun 25, 2026
Jun 29, 2026
7.8 HIGH
CVE-2026-46733 — Dell Display and Peripheral Manager Improper Access Control Vulnerability

Dell Display and Peripheral Manager (DDPM Windows), versions prior to 2.3, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this…

Jun 25, 2026 Jun 29, 2026
Jun 25, 2026
Jun 29, 2026
Showing 20 of 7970 Results