Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
0.0 NA
CVE-2026-56015 — Net::IP::LPM versions through 1.10 for Perl allow a heap out-of-bounds read via an unboun…

Net::IP::LPM versions through 1.10 for Perl allow a heap out-of-bounds read via an unbounded prefix length. add() passes the prefix string to the trie builder addPrefixToTrie() without checking it a…

| Memory Corruption
Jul 03, 2026 Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
4.2 MEDIUM

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 thro…

powerprotect_data_domain | Authorization
Jul 03, 2026 Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
6.9 MEDIUM
CVE-2026-59234 — Authorization Bypass Through User-Controlled Key in Prospero Flow CRM calendar event dele…

Authorization Bypass Through User-Controlled Key (CWE-639) in CalendarDeleteEventController (app/Http/Controllers/Calendar/CalendarDeleteEventController.php), exposed at GET /calendar/event/delete/{i…

Remote | Authorization
Jul 03, 2026 Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
3.3 LOW
CVE-2026-56085 — Dell PowerProtect Data Domain Use of Uninitialized Resource Information Exposure

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 thro…

powerprotect_data_domain | Information Disclosure
Jul 03, 2026 Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
6.5 MEDIUM
CVE-2026-26355 — Dell PowerProtect Data Domain OS Command Injection

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 thro…

powerprotect_data_domain | Remote | Injection
Jul 03, 2026 Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
6.7 MEDIUM
CVE-2026-54483 — Dell PowerProtect Data Domain OS Command Injection

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 thro…

Jul 03, 2026 Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
4.3 MEDIUM
CVE-2026-41123 — Dell PowerProtect Data Domain RBAC Information Tampering Vulnerability

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 thro…

powerprotect_data_domain | Remote | Authorization
Jul 03, 2026 Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
2.3 LOW
CVE-2026-41124 — Dell PowerProtect Data Domain Path Traversal

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 thro…

powerprotect_data_domain | Path Traversal
Jul 03, 2026 Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
4.4 MEDIUM
CVE-2026-44268 — Dell PowerProtect Data Domain Incorrect Permission Assignment

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 thro…

powerprotect_data_domain | Authorization
Jul 03, 2026 Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
4.4 MEDIUM
CVE-2026-44269 — Dell PowerProtect Data Domain Local Privilege Escalation via Link Following

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 thro…

powerprotect_data_domain | Path Traversal
Jul 03, 2026 Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
8.5 HIGH
CVE-2026-10055 — Eclipse Theia Request Service Server-Side Request Forgery

In Eclipse Theia since version 1.26.0, the backend /services/request-service RPC accepts an attacker-controlled URL from any client connected to the standard /services messaging endpoint, performs th…

theia | Remote | Server-Side Request Forgery
Jul 03, 2026 Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
7.4 HIGH
CVE-2026-13341 — Prompt Injection and Credential Exposure via Untrusted Analytics Data in Kong Konnect MCP

A vulnerability exists in the Kong Konnect Model Context Protocol (MCP) server prior to version 1.0.0, which could allow a remote attacker to perform an indirect prompt injection attack and execute u…

Remote | Injection
Jul 03, 2026 Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
8.8 HIGH
CVE-2026-10054 — Eclipse Theia: Insecure WebSocket Terminal Access

In affected versions of Eclipse Theia (1.8.1 and later), the browser backend exposes privileged terminal RPC over WebSocket (/services/shell-terminal, /services/terminals/:id) without service-level a…

theia | Remote | Authentication
Jul 03, 2026 Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
4.3 MEDIUM
CVE-2026-5137 — RTMKit <= 2.0.7 - Authenticated (Contributor+) Limited Local File Inclusion via 'template…

The RTMKit (rometheme-for-elementor) plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.0.7 This is due to insufficient path validation on the 'template' p…

Remote | Path Traversal
Jul 03, 2026 Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
6.1 MEDIUM
CVE-2026-4322 — XSS in Raera's Destekz

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Raera - Ankara Web Design and Digital Advertising Agency Destekz allows Reflected XSS. This issu…

Remote | Cross-Site Scripting
Jul 03, 2026 Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
9.8 CRITICAL
CVE-2026-4321 — SQLi in Raera's Destekz

Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Raera - Ankara Web Design and Digital Advertising Agency Destekz allows SQL Injection. This issu…

Remote | Injection
Jul 03, 2026 Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
5.3 MEDIUM
CVE-2026-35159 — Dell Client Platform BIOS Authentication Bypass

Dell Client Platform BIOS contains an Authentication Bypass by Primary Weakness vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading t…

Jul 03, 2026 Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
5.3 MEDIUM
CVE-2026-11398 — LatePoint <= 5.6.1 - Missing Authorization to Unauthenticated Arbitrary Customer Data Mod…

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.6.1. This is due to the plugin n…

Remote | Authorization
Jul 03, 2026 Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
6.4 MEDIUM
CVE-2026-4804 — Zakra <= 4.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta R…

The Zakra theme for WordPress is vulnerable to Stored Cross-Site Scripting via post meta values in all versions up to, and including, 4.2.0. This is due to the theme registering three post meta field…

Remote | Cross-Site Scripting
Jul 03, 2026 Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
6.4 MEDIUM
CVE-2026-9756 — GenerateBlocks <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via He…

The GenerateBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Headline Block 'linkMetaFieldType' Dynamic Link Attribute in all versions up to, and including, 2.2.1 due to i…

generateblocks | Remote | Cross-Site Scripting
Jul 03, 2026 Jul 03, 2026
Jul 03, 2026
Jul 03, 2026
Showing 20 of 7941 Results