Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
4.8 MEDIUM
CVE-2026-34097 — Guardian Language-System XSS via id Parameter in text_file.php

Guardian language-system fails to sanitize the id GET parameter before inserting it into multiple HTML form action attributes in text_file.php (lines 94, 101, 323, 403, 826, 852). An authenticated at…

Remote | Cross-Site Scripting
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
4.8 MEDIUM
CVE-2026-34096 — Guardian Language-System XSS via name Parameter in designer.php

Guardian language-system fails to sanitize the name GET parameter before outputting it into an HTML input value attribute in designer.php (line 57). An authenticated attacker can craft a URL containi…

Remote | Cross-Site Scripting
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
5.3 MEDIUM
CVE-2026-27409 — WordPress Webba Booking plugin <= 6.4.13 - Broken Access Control vulnerability

Missing Authorization vulnerability in Webba Plugins Webba Booking allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Webba Booking: from n/a through 6.4.13.

Remote | Authorization
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
7.5 HIGH
CVE-2026-20244 — ClamAV DMG File Processing Denial of Service Vulnerability

A vulnerability in the DMG file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption …

secure_endpoint | Remote | Memory Corruption
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
7.5 HIGH
CVE-2026-20243 — ClamAV ALZ Archive Processing Denial of Service Vulnerability

A vulnerability in the ALZ file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption …

secure_endpoint | Remote | Memory Corruption
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
7.5 HIGH
CVE-2026-20217 — ClamAV PESpin File Format Processing Out-of-Bounds Memory Corruption Vulnerability

A vulnerability in the PESpin file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corrupti…

secure_endpoint | Remote | Memory Corruption
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
7.5 HIGH
CVE-2026-20216 — ClamAV InstallShield File Format Processing Resource Exhaustion Vulnerability

A vulnerability in the InstallShield file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to impro…

secure_endpoint | Remote | Denial of Service
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
7.5 HIGH
CVE-2026-20215 — ClamAV 7Zip File Format Processing Out-of-Bounds Memory Corruption Vulnerability

A vulnerability in the 7z file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption o…

secure_endpoint | Remote | Memory Corruption
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
7.5 HIGH
CVE-2026-20214 — ClamAV FSG File Format Processing Out-of-Bounds Memory Corruption Vulnerability

A vulnerability in the FSG file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption …

secure_endpoint | Remote | Memory Corruption
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
7.5 HIGH
CVE-2026-20213 — ClamAV PE File Format Processing Out-of-Bounds Memory Corruption Vulnerability

A vulnerability in the PE file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption o…

secure_endpoint | Remote | Memory Corruption
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
7.5 HIGH
CVE-2026-20191 — Cisco Catalyst Center Arbitrary File Read Vulnerability

A vulnerability in Cisco Catalyst Center could allow an unauthenticated, remote attacker to read arbitrary files from a restricted container.&nbsp; This vulnerability is due to insufficient valida…

catalyst_center | Remote | Path Traversal
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
4.3 MEDIUM
CVE-2026-13211 — Genucenter Disclosure of SNMP Credentials

The genucenter web interface before version 8.0p11 unnecessarily exposes sensitive SNMP authentication and encryption keys in its HTTP responses to users with the “Service” or “Admin” role.

Remote | Information Disclosure
Jul 01, 2026 Jul 02, 2026
Jul 01, 2026
Jul 02, 2026
5.5 MEDIUM
CVE-2026-12480 — Arbitrary HDF5 File Read via Virtual Dataset Bypass in keras-team/keras

Keras versions up to and including 3.13.2 are vulnerable to an arbitrary HDF5 file read due to an incomplete fix for CVE-2026-1669. The vulnerability resides in the `H5IOStore._verify_dataset()` and …

keras | Information Disclosure
Jul 01, 2026 Jul 02, 2026
Jul 01, 2026
Jul 02, 2026
0.0 NONE
CVE-2026-8857 — Full RCE using EasyTimeline Extension

A vulnerability in Wikimedia Foundation timeline. This vulnerability is associated with program files scripts/EasyTimeline.Pl, includes/Timeline.Php. This issue affects timeline: from * before 1…

Remote | Misconfiguration
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
4.3 MEDIUM
CVE-2026-8480 — Connection possible to the Administration portal with a revoked certificate

A vulnerability was discovered on Stormshield Network Security 4.3.0  to 4.3.41 (included), 4.4.0 to 4.8.15 (included) , 5.0.2 EA to 5.0.5 (included) A revoked client certificate can still be used…

network_security | Authentication
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
9.8 CRITICAL
CVE-2026-58127 — PACSgear MediaWriter 5.2.1 Unauthenticated RCE via .NET Remoting TCP Service

PACSgear MediaWriter 5.2.1 exposes a .NET Remoting TCP service on port 9000 via PacsgearMediaServerEngine.dll, registered with ObjectURIs RemoteObj and UIRemoteObj, without any authentication require…

Remote | Authentication
Jul 01, 2026 Jul 02, 2026
Jul 01, 2026
Jul 02, 2026
9.8 CRITICAL
CVE-2026-58126 — PACSgear PACS Scan 5.2.1 Unauthenticated RCE via .NET Remoting TCP Service

PACSgear PACS Scan 5.2.1 contains an unauthenticated remote code execution vulnerability that allows remote attackers to read and write arbitrary files by exploiting an exposed .NET Remoting TCP serv…

Remote | Authentication
Jul 01, 2026 Jul 02, 2026
Jul 01, 2026
Jul 02, 2026
0.0 NONE
CVE-2026-58038 — Stored XSS through javascript URLs in SVGs generated by EasyTimeline

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation timeline. This vulnerability is associated with program files inclu…

Remote | Cross-Site Scripting
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
0.0 NONE
CVE-2026-58037 — Core log entries for exceptions and XSS issues in log entry formatting code that may be c…

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files incl…

mediawiki | Remote | Cross-Site Scripting
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
2.1 LOW
CVE-2026-58036 — Users API leaks whether privileged users have their user groups disabled for lack of 2FA

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiQueryAllUsers.Php, in…

mediawiki | Remote | Information Disclosure
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
Showing 20 of 7891 Results