Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
8.5 HIGH
CVE-2026-22335 — WordPress WooCommerce Frontend Manager – Ultimate plugin < 6.7.7 - SQL Injection vulnerab…

Subscriber SQL Injection in WooCommerce Frontend Manager – Ultimate < 6.7.7 versions.

Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
7.5 HIGH
CVE-2026-22334 — WordPress Woocommerce Book Price plugin <= 1.3 - Arbitrary File Download vulnerability

Subscriber Arbitrary File Download in Woocommerce Book Price <= 1.3 versions.

Remote | Path Traversal
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.3 CRITICAL
CVE-2026-22332 — WordPress Tutor LMS Pro plugin <= 3.9.6 - SQL Injection vulnerability

Unauthenticated SQL Injection in Tutor LMS Pro <= 3.9.6 versions.

tutor_lms | Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.1 HIGH
CVE-2026-22331 — WordPress AutoParts theme <= 1.5.8 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in AutoParts <= 1.5.8 versions.

Remote | Path Traversal
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.1 HIGH
CVE-2026-22330 — WordPress Right Way theme <= 4.0 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Right Way <= 4.0 versions.

Remote | Path Traversal
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
7.1 HIGH
CVE-2026-22329 — WordPress Skillate theme <= 1.2.10 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in Skillate <= 1.2.10 versions.

Remote | Cross-Site Scripting
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
7.1 HIGH
CVE-2026-22328 — WordPress Auto Repair theme <= 22.6 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in Auto Repair <= 22.6 versions.

Remote | Cross-Site Scripting
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.9 CRITICAL
CVE-2026-22327 — WordPress Restaurt theme <= 1.0.4 - Arbitrary File Upload vulnerability

Subscriber Arbitrary File Upload in Restaurt <= 1.0.4 versions.

Remote | Misconfiguration
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.1 HIGH
CVE-2026-22326 — WordPress Reprizo theme <= 1.0.8 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Reprizo <= 1.0.8 versions.

Remote | Path Traversal
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.1 HIGH
CVE-2026-22325 — WordPress Promo theme <= 1.3.0 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Promo <= 1.3.0 versions.

Remote | Path Traversal
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
4.8 MEDIUM
CVE-2026-12491 — Vllm: vllm: image exif rotation & png trns transparency not normalized, causing mismatch …

A flaw was found in vLLM, an open-source library for large language model inference. This vulnerability arises from improper handling of image metadata, specifically EXIF orientation and PNG transpar…

Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
4.3 MEDIUM
CVE-2026-12469 — Google Chrome GPU Uninitialized Use Information Leak

Uninitialized Use in GPU in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

android chrome chrome edge_chromium | Remote | Information Disclosure
Jun 17, 2026 Jun 18, 2026
Jun 17, 2026
Jun 18, 2026
8.3 HIGH
CVE-2026-12468 — Google Chrome Updater Sandbox Escape

Race in Updater in Google Chrome on Mac prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Ch…

chrome macos chrome edge_chromium | Remote | Race Condition
Jun 17, 2026 Jun 18, 2026
Jun 17, 2026
Jun 18, 2026
8.3 HIGH
CVE-2026-12467 — Google Chrome Use-After-Free Sandbox Escape

Use after free in Extensions in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML pag…

linux_kernel chrome macos chrome windows edge_chromium | Remote | Memory Corruption
Jun 17, 2026 Jun 18, 2026
Jun 17, 2026
Jun 18, 2026
8.8 HIGH
CVE-2026-12466 — Google Chrome Heap Buffer Overflow

Heap buffer overflow in WebRTC in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

chrome chrome windows edge_chromium | Remote | Memory Corruption
Jun 17, 2026 Jun 18, 2026
Jun 17, 2026
Jun 18, 2026
8.3 HIGH
CVE-2026-12465 — Google Chrome Sandbox Escape

Object lifecycle issue in Metrics in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTM…

linux_kernel chrome macos chrome windows edge_chromium | Remote | Memory Corruption
Jun 17, 2026 Jun 18, 2026
Jun 17, 2026
Jun 18, 2026
8.3 HIGH
CVE-2026-12464 — Google Chrome Use After Free Sandbox Escape

Use after free in Browser in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. …

linux_kernel chrome macos chrome windows edge_chromium | Remote | Memory Corruption
Jun 17, 2026 Jun 18, 2026
Jun 17, 2026
Jun 18, 2026
4.7 MEDIUM
CVE-2026-12463 — Google Chrome UXSS

Inappropriate implementation in Views in Google Chrome on Linux prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to inject arbitrary scripts or HTML (UXSS) v…

linux_kernel chrome chrome edge_chromium | Remote | Cross-Site Scripting
Jun 17, 2026 Jun 18, 2026
Jun 17, 2026
Jun 18, 2026
7.5 HIGH
CVE-2026-12462 — Google Chrome Use-After-Free in Media

Use after free in Media in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page.…

linux_kernel chrome macos chrome windows edge_chromium | Remote | Memory Corruption
Jun 17, 2026 Jun 18, 2026
Jun 17, 2026
Jun 18, 2026
6.5 MEDIUM
CVE-2026-12461 — Google Chrome Out-of-Bounds Read Information Disclosure

Out of bounds read in WebRTC in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Ch…

chrome chrome windows edge_chromium | Remote | Information Disclosure
Jun 17, 2026 Jun 18, 2026
Jun 17, 2026
Jun 18, 2026
Showing 20 of 7989 Results