Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
0.0 NA
CVE-2026-46453 — Apache Camel: Camel-Elasticsearch-Rest-Client: Exchange header constants without the Came…

Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel ElasticSearch Rest Client. The camel-elasticsearch-rest-client component reads several Excha…

camel | Authorization
Jul 06, 2026 Jul 06, 2026
Jul 06, 2026
Jul 06, 2026
7.0 HIGH
CVE-2026-44934 — Exposed tokens in SUSE Rancher AI Agent logs

A information disclosure when DEBUG loglevel is set in SUSE Rancher AI Agent 1.0 before 1.0.2 could leak API keys or LLM response text with potential sensitive data into logfiles, allowing local atta…

rancher | Information Disclosure
Jul 06, 2026 Jul 06, 2026
Jul 06, 2026
Jul 06, 2026
0.0 NA
CVE-2026-43867 — Apache Camel: Camel-PQC: The AWS Secrets Manager key-lifecycle manager deserializes persi…

Deserialization of Untrusted Data vulnerability in Apache Camel PQC Component. The camel-pqc component persists post-quantum key metadata (KeyMetadata) through pluggable KeyLifecycleManager implemen…

camel | Injection
Jul 06, 2026 Jul 06, 2026
Jul 06, 2026
Jul 06, 2026
0.0 NA
CVE-2026-43866 — Apache Camel, Apache Camel: Camel JMS - CVE-2026-40860 fix bypass via DefaultExchangeHold…

Deserialization of Untrusted Data vulnerability in Apache Camel, Apache Camel JMS component. JmsBinding.extractBodyFromJms() in camel-jms - and the equivalent JmsBinding in camel-sjms - deserializes…

camel | Information Disclosure
Jul 06, 2026 Jul 06, 2026
Jul 06, 2026
Jul 06, 2026
0.0 NA
CVE-2026-43865 — Apache Camel: Camel-Hazelcast: Unsafe Java deserialization in default-configured managed …

Deserialization of Untrusted Data vulnerability in Apache Camel Hazelcast component. The camel-hazelcast component creates and manages Hazelcast instances using a default configuration that applies …

camel | Injection
Jul 06, 2026 Jul 06, 2026
Jul 06, 2026
Jul 06, 2026
0.0 NA
CVE-2026-42527 — Apache Camel: Permissive default ObjectInputFilter pattern admits java.net.** and enables…

Deserialization of Untrusted Data vulnerability in Apache Camel. The default ObjectInputFilter pattern shipped with several Apache Camel components for defense-in-depth deserialization filtering ('j…

camel | Misconfiguration
Jul 06, 2026 Jul 06, 2026
Jul 06, 2026
Jul 06, 2026
0.0 NA
CVE-2026-40859 — Apache Camel: Camel-Vertx-Http: Unsafe Java deserialization of HTTP response bodies via a…

Deserialization of Untrusted Data vulnerability in Apache Camel. The camel-vertx-http component deserializes HTTP response bodies carrying the Content-Type application/x-java-serialized-object using…

camel | Misconfiguration
Jul 06, 2026 Jul 06, 2026
Jul 06, 2026
Jul 06, 2026
0.0 NA
CVE-2026-40047 — Apache Camel: Camel-Docling: Insufficient validation of custom CLI arguments enables argu…

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Apache Camel Docling component. The camel-docling component invokes the external `docling` command…

camel | Injection
Jul 06, 2026 Jul 06, 2026
Jul 06, 2026
Jul 06, 2026
0.0 NA
CVE-2026-24014 — Apache IoTDB: Path Traversal in DataNode Internal RPC Trigger JAR Upload Allows Arbitrary…

Apache IoTDB DataNode’s internal RPC interface for creating Trigger instances uses the uploaded Trigger JAR name to build a file path without sufficient validation. If the internal DataNode RPC port …

iotdb | Path Traversal
Jul 06, 2026 Jul 06, 2026
Jul 06, 2026
Jul 06, 2026
0.0 NA
CVE-2026-24013 — Apache IoTDB: Authentication Bypass via Forged SessionID in Thrift RPC

Authentication Bypass by Spoofing vulnerability in Apache IoTDB. Certain Thrift RPC query handlers lack strict validation of the sessionId parameter. An attacker can construct requests with a forged …

iotdb | Authentication
Jul 06, 2026 Jul 06, 2026
Jul 06, 2026
Jul 06, 2026
0.0 NA
CVE-2026-24012 — Apache IoTDB: Denial of Service via Resource Exhaustion in Aggregation Query

Uncontrolled Resource Consumption vulnerability in Apache IoTDB.  Some interface fails to impose reasonable limits on the time span and aggregation interval of the query. An attacker can construct a…

iotdb | Denial of Service
Jul 06, 2026 Jul 06, 2026
Jul 06, 2026
Jul 06, 2026
4.8 MEDIUM
CVE-2026-1433 — uniFLOW Universal Login Manager (ULM) Standalone Improper Protection of Sensitive Informa…

uniFLOW Universal Login Manager (ULM) Standalone contains an information disclosure vulnerability that may allow an authenticated administrator to access sensitive configuration information through t…

| Information Disclosure
Jul 06, 2026 Jul 06, 2026
Jul 06, 2026
Jul 06, 2026
8.7 HIGH
CVE-2026-14809 — PROG MIS|Prog Management System - SQL Injection

Prog Management System developed by PROG MIS has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.

Remote | Injection
Jul 06, 2026 Jul 06, 2026
Jul 06, 2026
Jul 06, 2026
0.0 NA
CVE-2026-6382 — Multiple elFinder Plugins - Authenticated OS Command Injection

The FileOrganizer WordPress plugin before 1.1.9, Advanced File Manager WordPress plugin before 5.4.12, File Manager Pro WordPress plugin before 2.1.1, File Manager WordPress plugin before 8.0.4 do…

| Injection
Jul 06, 2026 Jul 06, 2026
Jul 06, 2026
Jul 06, 2026
9.8 CRITICAL
CVE-2026-14808 — PROG MIS|Prog Management System - Exposure of Sensitive Information

Prog Management System developed by PROG MIS has a Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to view a specific page and obtain the database acc…

Remote | Information Disclosure
Jul 06, 2026 Jul 06, 2026
Jul 06, 2026
Jul 06, 2026
9.8 CRITICAL
CVE-2026-14807 — PROG MIS|ERP App - Use of Hard-coded Credentials

ERP App developed by PROG MIS has a Use of Hard-coded Credentials vulnerability, allowing unauthenticated remote attackers to log in to view application code and obtain the database account and passw…

Remote | Authentication
Jul 06, 2026 Jul 06, 2026
Jul 06, 2026
Jul 06, 2026
7.5 HIGH
CVE-2026-14802 — react create-react-app react-dev-utils openBrowser.js startBrowserProcess os command inje…

A vulnerability was detected in react create-react-app up to 5.0.1 on macOS. This affects the function startBrowserProcess of the file openBrowser.js of the component react-dev-utils. Performing a ma…

Remote | Injection
Jul 06, 2026 Jul 06, 2026
Jul 06, 2026
Jul 06, 2026
4.8 MEDIUM
CVE-2026-14801 — GPAC TeXML File load_text.c txtin_probe_duration divide by zero

A security vulnerability has been detected in GPAC 26.03-DEV-rev342-g80071f700-master. The impacted element is the function txtin_probe_duration of the file src/filters/load_text.c of the component T…

| Denial of Service
Jul 06, 2026 Jul 06, 2026
Jul 06, 2026
Jul 06, 2026
5.0 MEDIUM
CVE-2026-14800 — imhamzaazam ecommerceFlask cross-site request forgery

A weakness has been identified in imhamzaazam ecommerceFlask up to cb7d9e24c30a99379651b7493b32048126ef402b. The affected element is an unknown function. This manipulation causes cross-site request f…

Remote | Cross-Site Request Forgery
Jul 06, 2026 Jul 06, 2026
Jul 06, 2026
Jul 06, 2026
0.0 NA
CVE-2026-12083 — Admin and Site Enhancements < 8.8.4 - Unauthenticated Administrator-Role Restoration via …

The Admin and Site Enhancements (ASE) WordPress plugin before 8.8.4, admin-site-enhancements-pro WordPress plugin before 8.8.4 does not perform authentication, authorization, or nonce checks on a rol…

| Authorization
Jul 06, 2026 Jul 06, 2026
Jul 06, 2026
Jul 06, 2026
Showing 20 of 7431 Results