Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
0.0 NA
CVE-2026-13236 — AI Agents - Less critical - Access bypass - SA-CONTRIB-2026-056

Missing Authorization vulnerability in Drupal AI Agents allows Forceful Browsing. This issue affects AI Agents versions: from 0.0.0 to 1.1.4, from 1.2.0 to 1.2.5, from 1.3.0 to 1.3.1.

| Authorization
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
0.0 NA
CVE-2026-13235 — AI (Artificial Intelligence) - Moderately critical - Access bypass - SA-CONTRIB-2026-055

Missing Authorization vulnerability in Drupal AI (Artificial Intelligence) allows Forceful Browsing. This issue affects AI (Artificial Intelligence) versions: from 0.0.0 to 1.2.17, from 1.3.0 to 1.3.…

| Authorization
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
0.0 NA
CVE-2026-13234 — AI (Artificial Intelligence) - Moderately critical - Information Disclosure / Cross-site …

Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal AI (Artificial Intelligence) allows Cross-Site Scripting (XSS). This issue affects AI (Art…

| Cross-Site Scripting
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
0.0 NA
CVE-2026-13233 — OpenAI Provider - Moderately critical - Server-side Request Forgery - SA-CONTRIB-2026-053

Server-Side Request Forgery (SSRF) vulnerability in Drupal OpenAI Provider allows Server Side Request Forgery. This issue affects OpenAI Provider versions: from 0.0.0 to 1.1.1, from 1.2.0 to 1.2.2.

| Server-Side Request Forgery
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
0.0 NA
CVE-2026-13232 — Advanced Content Feedback (aka admin_feedback) - Moderately critical - Access bypass / In…

Incorrect Authorization vulnerability in Drupal Advanced Content Feedback (aka admin_feedback) allows Forceful Browsing. This issue affects Advanced Content Feedback (aka admin_feedback) versions: fr…

| Authorization
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
0.0 NA
CVE-2026-13231 — Advanced Content Feedback (aka admin_feedback) - Moderately critical - Cross-site scripti…

Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Advanced Content Feedback (aka admin_feedback) allows Stored XSS. This issue affects Advan…

| Cross-Site Scripting
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
0.0 NA
CVE-2026-12535 — Formatter Field - Critical - PHP object injection - SA-CONTRIB-2026-048

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Formatter Field allows Object Injection. This issue affects Formatter Field versions: from 0.0.0…

| Injection
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
0.0 NA
CVE-2026-11909 — Examples for Developers - Moderately critical - Access bypass - SA-CONTRIB-2026-044

Missing Authorization vulnerability in Drupal Examples for Developers allows Forceful Browsing. This issue affects Examples for Developers versions: from 0.0.0 to 4.0.6.

| Authorization
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
0.0 NA
CVE-2026-11908 — Tagify - Moderately critical - Cross-site scripting (XSS) - SA-CONTRIB-2026-043

Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Tagify allows Stored XSS. This issue affects Tagify versions: from 0.0.0 to 1.2.52.

| Cross-Site Scripting
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
0.0 NA
CVE-2026-10770 — Anti-Spam by CleanTalk - Moderately critical - Cross site scripting - SA-CONTRIB-2026-042

Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Anti-Spam by CleanTalk allows Reflected XSS. This issue affects Anti-Spam by CleanTalk ver…

| Cross-Site Scripting
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
0.0 NA
CVE-2026-10769 — Commerce Core - Moderately critical - Cross site scripting - SA-CONTRIB-2026-041

Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Commerce Core allows Stored XSS. This issue affects Commerce Core versions: from 3.3.0 to …

| Cross-Site Scripting
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
0.0 NA
CVE-2026-10768 — LocalGov Workflows - Moderately critical - Information disclosure - SA-CONTRIB-2026-039

Missing Authorization vulnerability in Drupal LocalGov Workflows allows Forceful Browsing. This issue affects LocalGov Workflows versions: from 0.0.0 to 1.6.0.

| Authorization
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
0.0 NA
CVE-2026-9726 — Drupal AlternativeCommerce (Basket) - Highly critical - Arbitrary PHP code execution - SA…

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal AlternativeCommerce (Basket) allows Object Injection. This issue affects Drupal Alternati…

| Injection
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
0.0 NA
CVE-2026-7639 — GPU DDK - Page UAF read in PMMETA_PROTECT heap memory

Software installed and run as a non-privileged user may conduct a sequence of improper GPU system calls causing use after free, which helps in facilitating unprivileged memory access from a shader co…

| Memory Corruption
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
8.2 HIGH
CVE-2026-58499 — Path traversal in EverOS /api/v1/memory/add via unvalidated sender_id

EverOS is a memory runtime for agents. Prior to 1.0.1, EverOS is vulnerable to path traversal in the POST /api/v1/memory/add ingestion endpoint because the per-message sender_id field was not validat…

Remote | Path Traversal
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
9.8 CRITICAL
CVE-2026-57807 — WordPress OAuth Single Sign On - SSO (OAuth Client) plugin <= 38.5.8 - Broken Authenticat…

Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Security Software Pvt Ltd. OAuth Single Sign On - SSO (OAuth Client) allows Password Recovery Exploitation. This …

Remote | Authentication
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
6.9 MEDIUM
CVE-2026-57575 — Misskey: SSRF bypass in URL Preview

Misskey is an open source, federated social media platform. Prior to 2026.6.0, Misskey contains a Server-Side Request Forgery (SSRF) vulnerability in URL preview functionality in UrlPreviewService. D…

Remote | Server-Side Request Forgery
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
7.4 HIGH
CVE-2026-57574 — Misskey: TOTP tokens can be reused

Misskey is an open source, federated social media platform. Prior to 2026.6.0, Misskey contains a vulnerability in Time-based One-Time Password (TOTP) authentication in UserAuthService where insuffic…

Remote | Authentication
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
5.4 MEDIUM
CVE-2026-57230 — OpenReplay: Authenticated ClickHouse SQL injection via session search

OpenReplay is a self-hosted session replay suite. Prior to 1.27.0, the session search and analytics API in enterprise editions with multi-tenancy enabled built ClickHouse queries by inserting user in…

Remote | Injection
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
5.3 MEDIUM
CVE-2026-57221 — RabbitMQ: Passive queue/exchange declaration bypasses authorization checks, leaking queue…

RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, RabbitMQ does not perform authorization checks on passive queue.declare and exchange.declare AMQP 0-9-1 oper…

Remote | Authorization
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
Showing 20 of 7413 Results