Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
0.0 NA

A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UniFi Access Application to execute a Command Injection on the host d…

| Injection
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
0.0 NA
CVE-2026-54408 — UniFi Protect Application Improper Access Control Data Streaming Bypass

A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Protect Application to bypass authentication for data streaming.

| Authentication
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
0.0 NA
CVE-2026-54409 — UniFi Protect Improper Initialization Authentication Bypass

A malicious actor with access to the network and under certain conditions could exploit an Improper Initialization vulnerability found in UniFi Protect Application to bypass authentication in UniFi P…

| Authentication
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
0.0 NA
CVE-2026-54403 — Ubiquiti UniFi OS Path Traversal Authentication Bypass

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in certain devices running UniFi OS to bypass authentication of such UniFi OS devices or instances.

| Path Traversal
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
0.0 NA
CVE-2026-54405 — UniFi Network Application Improper Input Validation Denial of Service

A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi Network Application to execute a Denial of Service (DoS) attack on the application.

| Denial of Service
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
0.0 NA
CVE-2026-54407 — UniFi Protect Application Improper Access Control

A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Protect Application to bypass authentication in certain UniFi Protect Application AP…

| Authorization
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
0.0 NA
CVE-2026-12168 — CVE-2026-12168

An improper validation vulnerability for driver `GFAC_Sys_x64.sys` in Little Orbit GFAC allows a local attacker to escalate privileges to SYSTEM and execute arbitrary code in kernel mode via crafted …

| Misconfiguration
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
0.0 NA
CVE-2026-12166 — CVE-2026-12166

A NULL pointer dereference vulnerability for driver `GFAC_Sys_x64.sys` in Little Orbit GFAC allows a local attacker to cause a denial of service via crafted requests that trigger a system crash.

| Memory Corruption
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
0.0 NA
CVE-2026-12167 — CVE-2026-12167

The Minifilter communication port for driver `GFAC_Sys_x64.sys` in Little Orbit GFAC allows a local attacker to access privileged driver functionality via a communication interface that lacks appropr…

| Authorization
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
8.7 HIGH
CVE-2026-8079 — Unintended limited set of actions with elevated privileges may be performed during PDF ge…

In Progress Flowmon versions prior to 12.5.9 and 13.0.10, a vulnerability exists whereby an authenticated low-privileged user may craft a request during the PDF generation process that results in ope…

flowmon | Remote | Authorization
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
8.7 HIGH
CVE-2026-9272 — Possibility of unintended database operations when querying data related to detected anom…

In Progress Flowmon ADS versions prior to 12.5.6 and 13.0.5, a vulnerability exists whereby an adversary who is authenticated as a low-privileged user in the Anomaly Detection System (ADS) may send s…

Remote | Authorization
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
0.0 NA
CVE-2026-53358 — Bluetooth: L2CAP: use chan timer to close channels in cleanup_listen()

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: use chan timer to close channels in cleanup_listen() l2cap_chan_close() removes the channel from conn->chan_l, …

| Race Condition
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
0.0 NA
CVE-2026-53357 — Bluetooth: fix UAF in l2cap_sock_cleanup_listen() vs l2cap_conn_del()

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix UAF in l2cap_sock_cleanup_listen() vs l2cap_conn_del() bt_accept_dequeue() unlinks a not-yet-accepted child from t…

| Memory Corruption
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
9.8 CRITICAL
CVE-2026-4767 — Improper Access Control in TR7's WAF-ASP

Missing authentication for critical function vulnerability in TR7 Cyber ​​Defense Inc. WAF-ASP allows Authentication Abuse. This issue affects WAF-ASP: from v1.0.324.900 before v1.4.0.117.

Remote | Authentication
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
5.4 MEDIUM
CVE-2026-4772 — Stored XSS in TR7's WAF-ASP

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in TR7 Cyber ​​Defense Inc. WAF-ASP allows Stored XSS. This issue affects WAF-ASP: from v1.0.324.90…

Remote | Cross-Site Scripting
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
4.6 MEDIUM
CVE-2026-4770 — DOM-Based XSS in TR7's WAF-ASP

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in TR7 Cyber ​​Defense Inc. Web Application Firewall allows DOM-Based XSS. This issue affects Web A…

Remote | Cross-Site Scripting
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
0.0 NA
CVE-2026-5524 — Divi Form Builder <= 5.1.8 - Unauthenticated Arbitrary File Upload Leading to Remote Code…

The Divi Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload leading to Remote Code Execution in all versions up to and including 5.1.8. This is due to insufficient file extensio…

| Authentication
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
5.3 MEDIUM
CVE-2026-58653 — PraisonAI - Authorization Bypass via Unvalidated project_id in Issue Create/Update

PraisonAI before 0.1.7 fails to validate that project_id in issue create and update request bodies belongs to the URL workspace. An attacker can create issues referencing projects from other workspac…

Remote | Authorization
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
7.7 HIGH
CVE-2026-58652 — luci-app-travelmate - Arbitrary Command Execution via UCI Script Parameter

luci-app-travelmate (and the travelmate package) contain a privilege-escalation flaw: a LuCI/rpcd session holding the luci-app-travelmate write ACL is granted config-wide UCI write access to the trav…

Remote | Authorization
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
6.4 MEDIUM
CVE-2026-14449 — POST-based reflected XSS via the thanks parameter in form components

u5CMS through v12.8.8 is vulnerable to reflected XSS via the ‘thanks’ parameter in multiple form components

Remote | Cross-Site Scripting
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Showing 20 of 8049 Results