Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
6.8 MEDIUM
CVE-2025-15641 — Netskope Client Exposed IOCTL with Insufficient Access Controls

Netskope was notified about a potential gap in its Netskope Client for Windows systems where a malicious insider with administrative privileges can potentially tamper with the customer IOCTL by sendi…

netskope | Misconfiguration
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.9 CRITICAL
CVE-2024-52488 — WordPress Grip theme <= 1.0.9 - Arbitrary Plugin Activation/Deactivation to RCE vulnerabi…

Subscriber Arbitrary File Upload in Grip <= 1.0.9 versions.

Remote | Misconfiguration
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
7.1 HIGH
CVE-2024-49269 — WordPress my flatonica theme <= 0.0.8 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in my flatonica <= 0.0.8 versions.

Remote | Cross-Site Scripting
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
4.3 MEDIUM
CVE-2024-37496 — WordPress Metro Magazine theme <= 1.3.7 - Broken Access Control on Notice Dismissal vulne…

Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Metro Magazine: from n/a through 1.3.7.

Remote | Authorization
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
6.5 MEDIUM
CVE-2024-37210 — WordPress AliExpress Dropshipping with AliNext Lite plugin <= 3.3.5 - Broken Access Contr…

Missing Authorization vulnerability in ali2woo AliNext allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects AliNext: from n/a through 3.3.5.

Remote | Authorization
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
6.5 MEDIUM
CVE-2024-35690 — WordPress Widget Options plugin <= 4.0.1 - Subscriber+ User Meta Data Exposure Vulnerabil…

Insertion of sensitive information into sent data vulnerability in MarketingFire Widget Options allows Retrieve Embedded Sensitive Data. This issue affects Widget Options: from n/a through 4.0.1.

Remote | Information Disclosure
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
4.3 MEDIUM
CVE-2024-35648 — WordPress Emergency Password Reset plugin <= 8.0 - Cross Site Request Forgery (CSRF) vuln…

Cross-Site request forgery (CSRF) vulnerability in Andy Moyle Emergency Password Reset allows Cross Site Request Forgery. This issue affects Emergency Password Reset: from n/a through 8.0.

Remote | Cross-Site Request Forgery
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
4.3 MEDIUM
CVE-2024-34810 — WordPress Skyline WP theme <= 1.0.10 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site request forgery (CSRF) vulnerability in Extend Themes Skyline WP allows Cross Site Request Forgery. This issue affects Skyline WP: from n/a through 1.0.10.

Remote | Cross-Site Request Forgery
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
5.3 MEDIUM
CVE-2024-33909 — WordPress iPages Flipbook plugin <= 1.5.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Avirtum iPages Flipbook allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects iPages Flipbook: from n/a through 1.5.1.

ipages_flipbook | Remote | Authorization
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
4.3 MEDIUM
CVE-2024-33685 — WordPress Startupzy theme <= 1.1.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Jegstudio Startupzy startupzy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Startupzy: from n/a through 1.1.1.

Remote | Authorization
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.3 HIGH
CVE-2024-32949 — WordPress Integrate Google Drive plugin <= 1.3.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in Prince Integrate Google Drive allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Integrate Google Drive: from n/a thro…

Remote | Authorization
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
7.5 HIGH
CVE-2024-32729 — WordPress ChatBot Conversational Forms plugin <= 1.1.8 - Arbitrary File Download vulnerab…

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in QuantumCloud Conversational Forms for ChatBot allows Path Traversal. This issue affects Conversational…

conversational_forms_for_chatbot | Remote | Path Traversal
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
4.3 MEDIUM
CVE-2024-31435 — WordPress Social Media Share Buttons & Social Sharing Icons plugin <= 2.8.6 - Broken Acce…

: Missing Authorization vulnerability in Inisev Social Media & Share Icons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Social Media & Share Icons: fro…

Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
4.3 MEDIUM
CVE-2024-24709 — WordPress Shareaholic plugin <= 9.7.11 - Broken Access Control vulnerability

Missing Authorization vulnerability in Shareaholic allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Shareaholic: from n/a through 9.7.11.

shareaholic | Remote | Authorization
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.1 CRITICAL
CVE-2026-48776 — LangGraph SDK has unsafe URL path construction

LangGraph Python SDK is used to connect to running LangGraph API servers, manage assistants, threads and stream runs from Python applications. Versions 0.3.14 and prior have unsafe URL path construct…

langgraph-checkpoint langgraph-sdk | Remote | Authorization
Jun 17, 2026 Jun 26, 2026
Jun 17, 2026
Jun 26, 2026
8.2 HIGH
CVE-2026-48294 — Adobe Acrobat PDF Extension (Chrome) UXSS Data Disclosure

Adobe Acrobat PDF Extension (Chrome) versions 26.5.2.2 and earlier are affected by a UXSS-class cross-origin data disclosure vulnerability. An attacker could exploit this vulnerability to gain access…

acrobat | Remote | Cross-Site Scripting
Jun 17, 2026 Jun 29, 2026
Jun 17, 2026
Jun 29, 2026
6.5 MEDIUM

Vulnerability in the PeopleSoft Enterprise CS Campus Community product of Oracle PeopleSoft (component: Integration and Interfaces). The supported version that is affected is 9.2.38. Easily exploit…

Jun 17, 2026 Jun 26, 2026
Jun 17, 2026
Jun 26, 2026
10.0 CRITICAL

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Remote Administration Daemon). The supported version that is affected is 11.4. Easily exploitable vulnerability allows unau…

solaris solaris | Remote
Jun 17, 2026 Jun 26, 2026
Jun 17, 2026
Jun 26, 2026
3.2 LOW

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: VMSVGA device). The supported version that is affected is 7.2.8. Easily exploitable vulnerability allows high …

Jun 17, 2026 Jun 18, 2026
Jun 17, 2026
Jun 18, 2026
7.2 HIGH

Vulnerability in the Oracle Public Sector Payroll product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vul…

Jun 17, 2026 Jun 18, 2026
Jun 17, 2026
Jun 18, 2026
Showing 20 of 7983 Results