Latest CVE Feed
CVE Intelligence
Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.
Score
Vulnerability
Published
6.4
MEDIUM
CVE-2026-6427
— a3 Lazy Load <= 2.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Vide…
The a3 Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.7.6 This is due to a regex bug in the _filter_videos() method that breaks HT…
Remote
|
Cross-Site Scripting
May 28, 2026
May 28, 2026
May 28, 2026
May 28, 2026
7.0
HIGH
CVE-2026-44604
— Rpm: command injection in rpmuncompress dountar() via unescaped archive top-level directo…
A command injection vulnerability was discovered in the `rpmuncompress` utility of RPM. When extracting certain archive formats (ZIP, 7z, GEM) to a specified destination directory, the tool inserts t…
enterprise_linux
openshift_container_platform
satellite
enterprise_linux
satellite
hardened_images
|
Injection
May 28, 2026
May 28, 2026
May 28, 2026
May 28, 2026