Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
6.5 MEDIUM
CVE-2026-35162 — Dell PowerFlex Manager Improper Access Control Denial of Service

Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Improper Access Control vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, le…

Jun 17, 2026 Jun 25, 2026
Jun 17, 2026
Jun 25, 2026
8.0 HIGH
CVE-2026-35067 — Dell PowerFlex Manager Improper Access Control

Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Improper Access Control vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnera…

Jun 17, 2026 Jun 25, 2026
Jun 17, 2026
Jun 25, 2026
7.1 HIGH
CVE-2026-35066 — Dell PowerFlex Manager Improper Access Control Denial of Service

Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Improper Access Control vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, le…

Jun 17, 2026 Jun 25, 2026
Jun 17, 2026
Jun 25, 2026
8.8 HIGH
CVE-2026-35065 — Dell PowerFlex Manager Missing Authentication for Critical Function

Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) a Missing Authentication for Critical Function vulnerability. An unauthenticated attacker with adjacent network access could potentiall…

Jun 17, 2026 Jun 25, 2026
Jun 17, 2026
Jun 25, 2026
8.1 HIGH
CVE-2026-32804 — Dell PowerFlex Manager Improper Authentication

Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulne…

Jun 17, 2026 Jun 25, 2026
Jun 17, 2026
Jun 25, 2026
7.5 HIGH
CVE-2026-22283 — Dell PowerFlex Manager Control Sphere Information Disclosure

Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Inclusion of Functionality from Untrusted Control Sphere vulnerability. An unauthenticated attacker with remote access could potenti…

powerflex_presentation_server powerflex_manager | Remote | Information Disclosure
Jun 17, 2026 Jun 25, 2026
Jun 17, 2026
Jun 25, 2026
5.4 MEDIUM
CVE-2026-12528 — 389-ds-base: 389-ds-base: heap-buffer-overflows in __aclp__normalize_acltxt()

A flaw was found in 389 Directory Server in the __aclp__normalize_acltxt() function of aclparse.c. A malformed ACI (Access Control Instruction) string can trigger heap-buffer-overflow writes and read…

Jun 17, 2026 Jun 28, 2026
Jun 17, 2026
Jun 28, 2026
6.9 MEDIUM
CVE-2026-10850 — Plane 1.3.1 - Stored XSS in intake issue description_html

Plane CE 1.3.1 allows a low-privileged project member to submit arbitrary HTML/JS in the description_html field when creating an intake work item through the API v1 intake endpoint.

plane | Remote | Cross-Site Scripting
Jun 17, 2026 Jun 23, 2026
Jun 17, 2026
Jun 23, 2026
6.5 MEDIUM
CVE-2024-47477 — Dell PowerFlex Manager Improper Certificate Validation Leading to Man-in-the-Middle Attack

Dell PowerFlex Manager, versions prior to 4.5.1.1, contain an improper certificate validation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability leading to …

powerflex_manager | Remote | Cryptography
Jun 17, 2026 Jun 22, 2026
Jun 17, 2026
Jun 22, 2026
8.3 HIGH
CVE-2026-9591 — Cross-Site Request Forgery (CSRF) in SimplCommerce News Module

Cross-site request forgery (CSRF) in NewsItemApiController in SimplCommerce prior to commit 6233d73e allows an unauthenticated remote attacker to create or modify news items as an administrator via a…

simplcommerce | Remote | Cross-Site Request Forgery
Jun 17, 2026 Jun 18, 2026
Jun 17, 2026
Jun 18, 2026
8.8 HIGH
CVE-2026-55738 — Stack Buffer Overflow in rxi/microtar raw_to_header() via non-null-terminated TAR name fi…

A stack-based buffer overflow exists in the raw_to_header() function in src/microtar.c in rxi microtar 0.1.0. The function copies the 100-byte name and linkname fields of a TAR header with strcpy() w…

Remote | Memory Corruption
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.3 CRITICAL
CVE-2026-54819 — WordPress Listdom plugin <= 5.4.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Webilia Inc. Listdom allows Blind SQL Injection. This issue affects Listdom: from n/a through 5.…

Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.5 HIGH
CVE-2026-54818 — WordPress Slimstat Analytics plugin <= 5.4.11 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VeronaLabs Slimstat Analytics allows Blind SQL Injection. This issue affects Slimstat Analytics:…

slimstat_analytics | Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
6.5 MEDIUM
CVE-2026-54817 — WordPress MStore API plugin <= 4.18.4 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in FluxBuilder MStore API allows Password Recovery Exploitation. This issue affects MStore API: from n/a through 4.18.4.

mstore_api | Remote | Authentication
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
7.5 HIGH
CVE-2026-54816 — WordPress Advanced Ads plugin <= 2.0.21 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code ('Code Injection') vulnerability in Monetizemore Advanced Ads allows Remote Code Inclusion. This issue affects Advanced Ads: from n/a through 2.0.21.

Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.3 CRITICAL
CVE-2026-54815 — WordPress Cargo Shipping Location for WooCommerce plugin <= 5.6 - SQL Injection vulnerabi…

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cargo RD Cargo Shipping Location for WooCommerce allows Blind SQL Injection. This issue affects …

Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.1 HIGH
CVE-2026-54814 — WordPress Motors plugin <= 1.4.109 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in StylemixThemes Motors allows PHP Local File Inclusion. This issue affects Mot…

Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.5 HIGH
CVE-2026-54813 — WordPress SureDash plugin <= 1.8.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Brainstorm Force SureDash allows Blind SQL Injection. This issue affects SureDash: from n/a thro…

Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.3 CRITICAL
CVE-2026-54809 — WordPress GIFT4U plugin <= 1.0.10 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VillaTheme GIFT4U allows Blind SQL Injection. This issue affects GIFT4U: from n/a through 1.0.10.

Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.3 CRITICAL
CVE-2026-54808 — WordPress WP Travel Gutenberg Blocks plugin <= 3.9.4 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel WP Travel Gutenberg Blocks allows Blind SQL Injection. This issue affects WP Travel Gu…

Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Showing 20 of 7983 Results