Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
4.3 MEDIUM
CVE-2026-7523 — Alba Board <= 2.1.3 - Missing Authorization to Authenticated (Subscriber+) Sensitive Info…

The Alba Board plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.1.3. This is due to the plugin not properly verifying that a user is authorized to pe…

Remote | Authorization
Jun 05, 2026 Jun 17, 2026
Jun 05, 2026
Jun 17, 2026
6.9 MEDIUM
CVE-2026-45409 — Internationalized Domain Names in Applications (IDNA): Specially crafted inputs to idna.e…

Internationalized Domain Names in Applications (IDNA) for Python provides support for Internationalized Domain Names in Applications (IDNA) and Unicode IDNA Compatibility Processing. In versions prio…

internationalized_domain_names_in_applications | Remote | Denial of Service
Jun 05, 2026 Jun 17, 2026
Jun 05, 2026
Jun 17, 2026
8.3 HIGH
CVE-2026-11431 — Path Traversal in Altium Projects Service Allows Arbitrary File Read

A path traversal vulnerability exists in the Projects Service download endpoint shared by Altium Enterprise Server and Altium 365. An authenticated user can supply a crafted path parameter that bypas…

on-prem_enterprise_server | Remote | Path Traversal
Jun 05, 2026 Jun 17, 2026
Jun 05, 2026
Jun 17, 2026
10.0 CRITICAL
CVE-2026-11429 — Path Traversal in Altium Vault ScriptsController Allows Unauthenticated Remote Code Execu…

Two endpoints in the Vault Service ScriptsController, shared by Altium Enterprise Server and Altium 365, accept file uploads where a user-supplied filename component is used to construct the destinat…

on-prem_enterprise_server | Remote | Path Traversal
Jun 05, 2026 Jun 17, 2026
Jun 05, 2026
Jun 17, 2026
8.3 HIGH
CVE-2026-11424 — Server-Side Request Forgery in Altium Platform Design GraphQL Service Allows Information …

A server-side request forgery (SSRF) vulnerability exists in a GraphQL service component shared by Altium Enterprise Server and Altium 365. An authenticated user can submit a request whose input is t…

on-prem_enterprise_server | Remote | Server-Side Request Forgery
Jun 05, 2026 Jun 17, 2026
Jun 05, 2026
Jun 17, 2026
8.1 HIGH
CVE-2026-11416 — MoviePilot Path Traversal via Cloud Storage Download Handlers

MoviePilot contains a path traversal vulnerability in the AliPan, U115, and Rclone cloud storage download handlers where the local destination path is constructed by concatenating the configured down…

Remote | Path Traversal
Jun 05, 2026 Jun 17, 2026
Jun 05, 2026
Jun 17, 2026
7.5 HIGH
CVE-2026-36785 — Tenda Stack Overflow Denial of Service

Shenzhen Tenda Technology Co., Ltd Tenda FH451 V1.0.0.9 was discovered to contain a stack overflow in the page parameter of the fromDhcpListClient function. This vulnerability allows attackers to cau…

Remote | Denial of Service
Jun 05, 2026 Jun 17, 2026
Jun 05, 2026
Jun 17, 2026
9.4 CRITICAL
CVE-2026-11423 — Path Traversal in Altium Enterprise Server Collaboration Service Allows Privilege Escalat…

A path traversal vulnerability exists in the Altium Enterprise Server Collaboration Service due to improper handling of user-supplied filenames in the MCAD and Simulation file download flows. A regul…

on-prem_enterprise_server | Remote | Path Traversal
Jun 05, 2026 Jun 17, 2026
Jun 05, 2026
Jun 17, 2026
8.4 HIGH
CVE-2026-11422 — Markdown Preview Enhanced 0.8.x Code Injection via WaveDrom Rendering

Markdown Preview Enhanced 0.8.x with crossnote engine 0.9.28 contains a code injection vulnerability in the WaveDrom rendering pipeline that allows attackers to execute arbitrary JavaScript by embedd…

Jun 05, 2026 Jun 17, 2026
Jun 05, 2026
Jun 17, 2026
Showing 20 of 7389 Results