Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
4.4 MEDIUM
CVE-2026-10100 — Simple Custom Login Page <= 1.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting

The Simple Custom Login Page plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the color settings fields (Page Background, Form Background, Text Color, Link Color) in versions up …

Remote | Cross-Site Scripting
Jun 02, 2026 Jun 02, 2026
Jun 02, 2026
Jun 02, 2026
6.5 MEDIUM
CVE-2026-10559 — SourceCodester Pizzafy Ecommerce System index.php file inclusion

A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. The affected element is an unknown function of the file /index.php. Executing a manipulation of the argument page can lead to fil…

pizzafy_ecommerce_system | Remote | Path Traversal
Jun 02, 2026 Jun 02, 2026
Jun 02, 2026
Jun 02, 2026
6.5 MEDIUM
CVE-2026-10558 — SourceCodester Pizzafy Ecommerce System index.php file inclusion

A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Impacted is an unknown function of the file /admin/index.php. Performing a manipulation of the argument page results in fi…

pizzafy_ecommerce_system | Remote | Path Traversal
Jun 02, 2026 Jun 02, 2026
Jun 02, 2026
Jun 02, 2026
6.5 MEDIUM
CVE-2026-10550 — elunez eladmin Application Deployment App.java command injection

A weakness has been identified in elunez eladmin up to 2.7. This vulnerability affects unknown code of the file App.java of the component Application Deployment Module. This manipulation of the argum…

eladmin | Remote | Injection
Jun 02, 2026 Jun 02, 2026
Jun 02, 2026
Jun 02, 2026
5.3 MEDIUM
CVE-2026-10548 — NousResearch hermes-agent Credential Pool Synchronization credential_pool.py _sync_anthro…

A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.23. This affects the function _sync_anthropic_entry_from_credentials_file of the file agent/credential_pool.py of the com…

hermes-agent | Authentication
Jun 02, 2026 Jun 03, 2026
Jun 02, 2026
Jun 03, 2026
3.3 LOW
CVE-2026-10529 — westboy CicadasCMS Task Scheduling Management ScheduleJobController.java cross site scrip…

A weakness has been identified in westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab. Impacted is an unknown function of the file src/main/java/com/zhiliao/module/web/system/ScheduleJo…

cicadascms | Remote | Cross-Site Scripting
Jun 02, 2026 Jun 02, 2026
Jun 02, 2026
Jun 02, 2026
Showing 20 of 7946 Results