Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
9.1 CRITICAL
CVE-2026-54400 — UniFi Access Application Improper Access Control Privilege Escalation

A malicious actor with access to the network and high privileges could exploit an Improper Access Control vulnerability found in UniFi Access Application to escalate privileges on the host device.

unifi_access | Remote | Authorization
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
0.0 NA
CVE-2026-53358 — Bluetooth: L2CAP: use chan timer to close channels in cleanup_listen()

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: use chan timer to close channels in cleanup_listen() l2cap_chan_close() removes the channel from conn->chan_l, …

linux_kernel | Race Condition
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
0.0 NA
CVE-2026-53357 — Bluetooth: fix UAF in l2cap_sock_cleanup_listen() vs l2cap_conn_del()

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix UAF in l2cap_sock_cleanup_listen() vs l2cap_conn_del() bt_accept_dequeue() unlinks a not-yet-accepted child from t…

linux_kernel | Memory Corruption
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
9.9 CRITICAL

A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UniFi Access Application to execute a Command Injection on the host d…

unifi_access | Remote | Injection
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
9.9 CRITICAL
CVE-2026-50747 — UniFi Talk SQL Injection Privilege Escalation

A malicious actor with access to the network and low privileges could exploit a series of authenticated SQL Injection vulnerabilities found in UniFi Talk Application to escalate privileges on the hos…

Remote | Injection
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
10.0 CRITICAL
CVE-2026-50746 — UniFi Connect Improper Access Control Command Injection

A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Connect Application to execute a Command Injection on the host device.

Remote | Injection
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
7.8 HIGH
CVE-2026-12168 — CVE-2026-12168

An improper validation vulnerability for driver `GFAC_Sys_x64.sys` in Little Orbit GFAC allows a local attacker to escalate privileges to SYSTEM and execute arbitrary code in kernel mode via crafted …

| Misconfiguration
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
7.8 HIGH
CVE-2026-12167 — CVE-2026-12167

The Minifilter communication port for driver `GFAC_Sys_x64.sys` in Little Orbit GFAC allows a local attacker to access privileged driver functionality via a communication interface that lacks appropr…

| Authorization
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
5.5 MEDIUM
CVE-2026-12166 — CVE-2026-12166

A NULL pointer dereference vulnerability for driver `GFAC_Sys_x64.sys` in Little Orbit GFAC allows a local attacker to cause a denial of service via crafted requests that trigger a system crash.

| Memory Corruption
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
9.8 CRITICAL
CVE-2026-4767 — Improper Access Control in TR7's WAF-ASP

Missing authentication for critical function vulnerability in TR7 Cyber ​​Defense Inc. WAF-ASP allows Authentication Abuse. This issue affects WAF-ASP: from v1.0.324.900 before v1.4.0.117.

Remote | Authentication
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
9.8 CRITICAL
CVE-2026-5524 — Divi Form Builder <= 5.1.8 - Unauthenticated Arbitrary File Upload Leading to Remote Code…

The Divi Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload leading to Remote Code Execution in all versions up to and including 5.1.8. This is due to insufficient file extensio…

Remote | Authentication
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
5.3 MEDIUM
CVE-2026-58653 — PraisonAI - Authorization Bypass via Unvalidated project_id in Issue Create/Update

PraisonAI before 0.1.7 fails to validate that project_id in issue create and update request bodies belongs to the URL workspace. An attacker can create issues referencing projects from other workspac…

praisonai | Remote | Authorization
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
7.7 HIGH
CVE-2026-58652 — luci-app-travelmate - Arbitrary Command Execution via UCI Script Parameter

luci-app-travelmate (and the travelmate package) contain a privilege-escalation flaw: a LuCI/rpcd session holding the luci-app-travelmate write ACL is granted config-wide UCI write access to the trav…

Remote | Authorization
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
5.4 MEDIUM
CVE-2026-4772 — Stored XSS in TR7's WAF-ASP

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in TR7 Cyber ​​Defense Inc. WAF-ASP allows Stored XSS. This issue affects WAF-ASP: from v1.0.324.90…

Remote | Cross-Site Scripting
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
4.6 MEDIUM
CVE-2026-4770 — DOM-Based XSS in TR7's WAF-ASP

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in TR7 Cyber ​​Defense Inc. Web Application Firewall allows DOM-Based XSS. This issue affects Web A…

Remote | Cross-Site Scripting
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
8.8 HIGH
CVE-2026-57766 — WordPress WPIDE – File Manager & Code Editor plugin <= 3.5.6 - Cross Site Request Forgery…

Unauthenticated Cross Site Request Forgery (CSRF) in WPIDE – File Manager & Code Editor <= 3.5.6 versions.

wpide | Remote | Cross-Site Request Forgery
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
8.5 HIGH
CVE-2026-57765 — WordPress WP EasyCart plugin <= 5.9.0 - SQL Injection vulnerability

Contributor SQL Injection in WP EasyCart <= 5.9.0 versions.

Remote | Injection
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
6.5 MEDIUM
CVE-2026-57764 — WordPress Surbma | Yoast SEO Breadcrumb Shortcode plugin <= 1.2 - Cross Site Scripting (X…

Contributor Cross Site Scripting (XSS) in Surbma | Yoast SEO Breadcrumb Shortcode <= 1.2 versions.

Remote | Cross-Site Scripting
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
6.5 MEDIUM
CVE-2026-57763 — WordPress Structured Content plugin <= 1.7.0 - Cross Site Scripting (XSS) vulnerability

Contributor Cross Site Scripting (XSS) in Structured Content <= 1.7.0 versions.

Remote | Cross-Site Scripting
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
5.9 MEDIUM
CVE-2026-57762 — WordPress Simple URLs plugin <= 151 - Cross Site Scripting (XSS) vulnerability

Author Cross Site Scripting (XSS) in Simple URLs <= 151 versions.

Remote | Cross-Site Scripting
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Showing 20 of 8017 Results