Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
10.0 CRITICAL
CVE-2026-28575 — Android PackageInstaller Denial of Service via Memory Exhaustion

In PackageInstaller.Session#transfer of frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java, there is a possible memory exhaustion attack due to a logic error in the…

android | Remote | Memory Corruption
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
4.8 MEDIUM
CVE-2026-27870 — CROSS-SITE SCRIPTING (XSS) VIA MALICIOUS FILE UPLOAD ON REGESTA SMART HD-PLC OF TELDAT

An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat (in this case, registration action IS required) who has the vulnerable software could, introduce arbitrary JavaS…

regesta_smart_hd-plc_-_tldph16d2 | Remote | Cross-Site Scripting
Jun 17, 2026 Jul 01, 2026
Jun 17, 2026
Jul 01, 2026
6.9 MEDIUM
CVE-2026-27869 — WEB SERVICE (HTTP) DENIAL OF SERVICE VIA SLOW HEADERS ON REGESTA SMART HD-PLC OF TELDAT

An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat (in this case, NO registration action is required) who has the vulnerable software could, with a Slow Loris atta…

regesta_smart_hd-plc_-_tldph16d2 | Remote | Denial of Service
Jun 17, 2026 Jul 01, 2026
Jun 17, 2026
Jul 01, 2026
6.9 MEDIUM
CVE-2026-27868 — PUBLICATION OF SENSITIVE INFORMATION ON REGESTA SMART HD-PLC OF TELDAT

An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat (in this case, NO registration action is required) who has the vulnerable software could obtain privilege inform…

regesta_smart_hd-plc_-_tldph16d2 | Remote | Information Disclosure
Jun 17, 2026 Jul 01, 2026
Jun 17, 2026
Jul 01, 2026
9.8 CRITICAL
CVE-2026-27429 — WordPress Nifty theme <= 1.4.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Nifty <= 1.4.1 versions.

Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
6.5 MEDIUM
CVE-2026-27410 — WordPress Slimstat Analytics plugin < 5.4.0 - Deserialization of untrusted data vulnerabi…

Unauthenticated Deserialization of untrusted data in Slimstat Analytics < 5.4.0 versions.

slimstat_analytics | Remote | Misconfiguration
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.6 HIGH
CVE-2026-27400 — WordPress BookPro plugin <= 1.1.0 - Arbitrary File Deletion vulnerability

Unauthenticated Arbitrary File Deletion in BookPro <= 1.1.0 versions.

Remote | Authentication
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.8 CRITICAL
CVE-2026-27395 — WordPress Support Board plugin < 3.8.9 - Privilege Escalation vulnerability

Unauthenticated Privilege Escalation in Support Board < 3.8.9 versions.

support_board | Remote | Authentication
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.9 CRITICAL
CVE-2026-27041 — WordPress Unlimited Elements for Elementor (Premium) plugin <= 2.0.6 - Arbitrary File Upl…

Contributor Arbitrary File Upload in Unlimited Elements for Elementor (Premium) <= 2.0.6 versions.

Remote | Path Traversal
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
10.0 CRITICAL
CVE-2026-25470 — WordPress ACPT (Pro) - Custom Post Types plugin for WordPress plugin <= 2.0.47 - Remote C…

Improper Control of Generation of Code ('Code Injection') vulnerability in ACPT ACPT (Pro) - Custom Post Types Plugin for WordPress allows Remote Code Inclusion. This issue affects ACPT (Pro) - Cust…

Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.9 CRITICAL
CVE-2026-25446 — WordPress WishList Member X plugin <= 3.29.0 - Arbitrary File Upload vulnerability

Subscriber Arbitrary File Upload in WishList Member X <= 3.29.0 versions.

Remote | Misconfiguration
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.1 HIGH
CVE-2026-25439 — WordPress Booknetic plugin <= 4.8.5 - Account Takeover vulnerability

Unauthenticated Broken Authentication in Booknetic <= 4.8.5 versions.

booknetic | Remote | Authentication
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.1 CRITICAL
CVE-2026-24611 — WordPress MetForm Pro plugin <= 3.9.1 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in MetForm Pro <= 3.9.1 versions.

Remote | Authorization
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
4.3 MEDIUM
CVE-2026-24610 — WordPress MetForm Pro plugin <= 3.9.1 - Broken Access Control vulnerability

Subscriber Broken Access Control in MetForm Pro <= 3.9.1 versions.

Remote | Authorization
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
4.3 MEDIUM
CVE-2026-24575 — WordPress WishList Member X plugin <= 3.29.0 - Broken Access Control vulnerability

Subscriber Broken Access Control in WishList Member X <= 3.29.0 versions.

Remote | Authorization
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.6 HIGH
CVE-2026-22343 — WordPress WordPress Dating Theme theme <= 11.2.0 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in WordPress Dating Theme <= 11.2.0 versions.

Remote | Authorization
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.8 HIGH
CVE-2026-22342 — WordPress WordPress Dating Theme theme <= 11.2.0 - Cross Site Request Forgery (CSRF) to A…

Unauthenticated Cross Site Request Forgery (CSRF) in WordPress Dating Theme <= 11.2.0 versions.

Remote | Cross-Site Request Forgery
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.3 CRITICAL
CVE-2026-22340 — WordPress WPJobster theme <= 6.3.5 - SQL Injection vulnerability

Unauthenticated SQL Injection in WPJobster <= 6.3.5 versions.

Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
7.1 HIGH
CVE-2026-22339 — WordPress WPJobster theme <= 6.3.5 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in WPJobster <= 6.3.5 versions.

Remote | Cross-Site Scripting
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.1 HIGH
CVE-2026-22338 — WordPress EcoBlue theme <= 1.15 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in EcoBlue <= 1.15 versions.

Remote | Path Traversal
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Showing 20 of 7989 Results