Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
5.3 MEDIUM
CVE-2026-12349 — Premium Addons for KingComposer <= 1.1.1 - Missing Authorization to Unauthenticated Arbit…

The Premium Addons for KingComposer plugin for WordPress is vulnerable to unauthorized modification and loss of data in versions up to, and including, 1.1.1. This is due to missing authorization and …

Remote | Authorization
Jun 30, 2026 Jul 01, 2026
Jun 30, 2026
Jul 01, 2026
9.8 CRITICAL
CVE-2026-12073 — ProfileGrid - User Profiles, Groups and Communities <= 5.9.9.5 - Unauthenticated Privileg…

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.9.9.5. This is due to t…

profilegrid | Remote | Authentication
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
6.5 MEDIUM
CVE-2026-11367 — PixMagix <= 1.7.2 - Authenticated (Author+) Path Traversal in 'layers[].id' Parameter

The PixMagix – WordPress Image Editor plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.7.2 via the move_image_on_server function. This makes it possib…

Remote | Path Traversal
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
5.9 MEDIUM
CVE-2026-14160 — Samsung Escargot TOCTOU Race Condition

Time-of-check time-of-use (TOCTOU) race condition vulnerability in Samsung Open Source Escargot allows Leveraging Race Conditions. This issue affects Escargot: bab3a5797557014ce3c2e28419a6310cfba90d…

escargot | Race Condition
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
4.4 MEDIUM
CVE-2026-12114 — Team Members <= 8.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'cus…

The Team Members – Multi Language Supported Team Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 8.7 due to insuffici…

Remote | Cross-Site Scripting
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
8.4 HIGH
CVE-2026-58302 — LinuxCNC rtapi_app Privilege Escalation

rtapi_app in linuxcnc-uspace in LinuxCNC before 2.9.9 allows privilege escalation. It is installed SUID root and loads shared library modules via dlopen() by using a user-supplied module name. Insuff…

| Path Traversal
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
7.5 HIGH
CVE-2026-12243 — Path Traversal via Percent-Encoding in nltk.data.find() and nltk.data.load()

NLTK version 3.9.4 is vulnerable to a path traversal attack due to an incomplete fix for GitHub Issue #3504. The `_UNSAFE_NO_PROTOCOL_RE` regex in `nltk/data.py` checks for literal `../` sequences bu…

nltk | Remote | Path Traversal
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
7.5 HIGH
CVE-2026-52196 — UTT nv518G Buffer Overflow

Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_416f28 component

Remote | Memory Corruption
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
9.8 CRITICAL
CVE-2026-37106 — DokuWiki Remote Code Execution via register Function

An issue in DokuWiki 2025-05-14b "Librarian" 56.2 allows a remote attacker to execute arbitrary code via the register function in inc/auth.php

Remote | Authentication
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
7.5 HIGH
CVE-2026-52197 — UTT nv518G Denial of Service

An issue in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_44af70 component

Remote | Denial of Service
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
7.5 HIGH
CVE-2026-52195 — UTT nv518G Buffer Overflow Denial of Service

Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_472f08 component

Remote | Memory Corruption
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
7.5 HIGH
CVE-2026-52193 — UTT nv518G Buffer Overflow Denial of Service

Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_447CAC component

Remote | Memory Corruption
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
7.5 HIGH
CVE-2026-52198 — UTT nv518G Buffer Overflow

Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_425994 component

Remote | Memory Corruption
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
7.5 HIGH
CVE-2026-8023 — Path traversal in Zephyr HTTP server static-filesystem resource handler allows unauthenti…

Zephyr's HTTP server (subsys/net/lib/http) provides a static-filesystem resource type (HTTP_RESOURCE_TYPE_STATIC_FS, available when CONFIG_FILE_SYSTEM is enabled) that serves files from a configured …

zephyr zephyr | Path Traversal
Jun 29, 2026 Jun 30, 2026
Jun 29, 2026
Jun 30, 2026
8.1 HIGH
CVE-2026-7656 — Broken IPv6 Neighbor Discovery input validation allows spoofed RA/NS/NA acceptance in Zep…

The IPv6 Neighbor Discovery handlers in subsys/net/ip/ipv6_nbr.c (handle_ra_input, handle_ns_input, handle_na_input) used an incorrect boolean expression that combined the RFC 4861 validity checks wi…

zephyr zephyr | Misconfiguration
Jun 29, 2026 Jun 30, 2026
Jun 29, 2026
Jun 30, 2026
6.5 MEDIUM
CVE-2026-51219 — lib60870 Heap Buffer Overflow

A heap buffer overflow in the HighPriorityASDUQueue_hasUnconfirmedIMessages function of lib60870 v2.3.3 to v2.3.6 allows attackers to cause a Denial of Service (DoS) via a crafted payload.

Remote | Memory Corruption
Jun 29, 2026 Jun 30, 2026
Jun 29, 2026
Jun 30, 2026
6.5 MEDIUM
CVE-2026-51218 — Snap7 Heap Buffer Overflow

A heap buffer overflow in the TS7Worker::PerformFunctionWrite() function (/core/s7_server.cpp) of snap7 v1.4.3 allows attackers to cause a Denial of Service (DoS) via a crafted packet.

Remote | Memory Corruption
Jun 29, 2026 Jun 30, 2026
Jun 29, 2026
Jun 30, 2026
6.2 MEDIUM
CVE-2026-10648 — NULL-pointer dereference in MCUmgr serial/console SMP transport on buffer-pool exhaustion

mcumgr_serial_process_frag() in subsys/mgmt/mcumgr/transport/src/serial_util.c calls net_buf_reset() on the result of smp_packet_alloc() before checking it for NULL. smp_packet_alloc() uses net_buf_a…

zephyr zephyr | Denial of Service
Jun 29, 2026 Jul 01, 2026
Jun 29, 2026
Jul 01, 2026
6.3 MEDIUM
CVE-2026-57997 — Strapi users-permissions - JWT Algorithm Confusion via Missing Algorithm Configuration

Strapi users-permissions plugin fails to restrict JWT algorithms when plugin::users-permissions.jwt.algorithm is not explicitly configured, allowing acceptance of HS384 and HS512 tokens alongside HS2…

strapi | Remote | Authentication
Jun 29, 2026 Jul 01, 2026
Jun 29, 2026
Jul 01, 2026
7.5 HIGH
CVE-2026-51221 — EIPStackGroup OpENer: Buffer Overflow Denial of Service

A buffer overflow in the Get_Attribute_List function of EIPStackGroup OpENer commit 76b95c allows attackers to cause a Denial of Service (DoS) via supplying a crafted Common Packet Format (CPF) packe…

Remote | Memory Corruption
Jun 29, 2026 Jun 30, 2026
Jun 29, 2026
Jun 30, 2026
Showing 20 of 7990 Results