Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
9.3 CRITICAL
CVE-2026-12076 — SQL Injection in Raytha CMS

Raytha CMS is vulnerable to SQL Injection within the OData filter parsing pipeline.  The vulnerability allows a remote, unauthenticated attacker to execute arbitrary SQL statements against the under…

raytha | Remote | Injection
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
7.0 HIGH
CVE-2026-10763 — PROMOD V Insecure HTTP Communication

PROMOD V is using insecure HTTP communication instead of HTTPS. The vulnerability is due to the lack of HTTPS support from 3rd party Digipede server.

Remote | Misconfiguration
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
7.8 HIGH
CVE-2025-7406 — A Sudo Privilege Escalation Vulnerability in Nokia MantaRay NM

Nokia MantaRay NM is vulnerable to a sudo privilege escalation vulnerability where a local attacker possessing administrative (local admin) privileges can escalate to full root privileges on the host…

mantaray_nm | Authorization
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
6.5 MEDIUM
CVE-2025-24816 — An Improper Access Control vulnerability in Nokia MantaRay NM

Nokia MantaRay is subject to an Improper Access Control vulnerability due to insufficient authorization within the API. Successful exploitation could allow an authenticated attacker to retrieve confi…

mantaray_nm | Remote | Authorization
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
7.8 HIGH
CVE-2025-24815 — An unrestricted file upload vulnerability in Nokia MantaRay NM

Nokia MantaRay NM is subject to an unrestricted file upload vulnerability due to insufficient file type validation. Successful exploitation could allow an authenticated attacker to upload malicious f…

mantaray_nm | Misconfiguration
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
7.5 HIGH
CVE-2026-49434 — Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All: LdapNetworkConnector instan…

Improper Input Validation vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. An attacker that has access to publish or modify entries in LDAP that match the configured se…

activemq activemq_broker | Remote | Misconfiguration
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
7.5 HIGH
CVE-2026-49432 — Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp: STOMP negative content-lengt…

Improper Input Validation vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. A remote unauthenticated peer that can reach an exposed STOMP connector can trigger denial-of-…

activemq | Remote | Denial of Service
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
8.1 HIGH
CVE-2026-49877 — Apache ActiveMQ: Authenticated web users retain admin access by default in the Web Console

Improper Authorization vulnerability in Apache ActiveMQ. An authenticated low-privilege Web Console user by default can access /admin/* paths in the Web Console. The default Jetty settings incorrect…

activemq | Remote | Authorization
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
7.5 HIGH
CVE-2026-50734 — Apache ActiveMQ Client, Apache ActiveMQ, Apache ActiveMQ All: Pre-authentication OpenWire…

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ Client, Apache ActiveMQ, Apache ActiveMQ All. An unauthenticated network attacker can cause a broker DoS by sending a cra…

activemq | Remote | Denial of Service
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
7.5 HIGH
CVE-2026-50750 — Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All: Pre-authentication OpenWire…

Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. Following the fix for CVE-2026-49270 an unauthenticated attacker can now cause bro…

activemq activemq_broker | Remote | Denial of Service
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
6.1 MEDIUM
CVE-2026-52760 — Apache ActiveMQ, Apache ActiveMQ Web Console: Stored XSS via Unescaped values in ActiveMQ…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache ActiveMQ, Apache ActiveMQ Web Console. The browse page in the web console renders a messa…

activemq | Remote | Cross-Site Scripting
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
7.5 HIGH
CVE-2026-53916 — Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp: Unbounded header buffer in S…

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. An unauthenticated client that opens a STOMP NIO connection can send header…

activemq | Remote | Memory Corruption
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
7.5 HIGH
CVE-2026-53917 — Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Client, Apache ActiveMQ Broker: Unb…

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Client, Apache ActiveMQ Broker. An authenticated user can cause a broker DoS by sen…

activemq activemq_broker | Remote | Denial of Service
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
7.5 HIGH
CVE-2026-54475 — Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Temporary destination owner…

Missing Authorization vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Apache ActiveMQ Classic temporary destinations are expected to be isolated to the connection that…

activemq activemq_broker | Remote | Authorization
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
6.6 MEDIUM
CVE-2026-45822 — decode-uri-component Denial of Service

decode-uri-component through 0.4.1 is vulnerable to denial of service. The decode() function splits input on '%' producing N tokens and calls decodeComponents(), exhibiting super-linear parsing time:…

Remote | Denial of Service
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
8.4 HIGH
CVE-2026-12578 — DTMSoft - Deserialization of Untrusted Data Vulnerability

The affected product is vulnerable to a deserialization of untrusted data, which may allow an attacker to execute arbitrary code.

dtmsoft | Injection
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
4.9 MEDIUM
CVE-2026-9576 — Fluent Booking < 2.1.2 - Calendar Manager+ Sensitive Information Disclosure via Attendee …

The Fluent Booking WordPress plugin before 2.1.2 does not verify ownership of the requested group_id before exporting attendee data via the export endpoint, allowing users with at least the Calendar…

Remote | Authorization
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
6.1 MEDIUM
CVE-2026-56809 — Ricoh Web Image Monitor Reflected Cross-Site Scripting

Multiple laser printers and MFPs (multifunction printers) which implement Ricoh Web Image Monitor contain a reflected cross-site scripting vulnerability. An arbitrary script may be executed on the we…

| Cross-Site Scripting
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
8.6 HIGH
CVE-2026-56808 — AVTECH DGM3103SCT OS Command Injection

DGM3103SCT provided by AVTECH Security Corporation contains an OS command injection vulnerability, which may lead to arbitrary command execution with the root privilege by a user who can log in to th…

| Injection
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
8.4 HIGH
CVE-2026-56137 — Gotcha Gotcha Games RPG MAKER OS Command Injection

RPG MAKER MV and MZ provided by Gotcha Gotcha Games Inc. contain an OS command injection vulnerability. If a user loads a specially crafted save-file, arbitrary OS command may be executed.

| Injection
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
Showing 20 of 7941 Results