Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
6.1 MEDIUM
CVE-2026-58305 — Samsung Escargot Type Confusion Vulnerability

Access of resource using incompatible type ('type confusion') vulnerability in Samsung Open Source Escargot allows Pointer Manipulation. This issue affects Escargot: before 779f6bedf58f334dec64b0a51…

| Memory Corruption
Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
6.1 MEDIUM
CVE-2026-58304 — Samsung Escargot Buffer Overflow Vulnerability

Out-of-bounds read, Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: before 779f6bedf58f334dec64b0a51ebb724b4708b84a.

| Memory Corruption
Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
6.1 MEDIUM
CVE-2026-58303 — Samsung Escargot Stack-based Buffer Overflow

Stack-based buffer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: before b30b63fc63b403907d8137da1c65aaa4521fe74e.

| Memory Corruption
Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
10.0 CRITICAL
CVE-2026-56291 — Joomla Extension - balbooa.com - Unauthenticated file upload in Balbooa Forms extension <…

The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.

Remote | Misconfiguration
Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
4.6 MEDIUM
CVE-2026-56289 — Loop with Unreachable Exit Condition in GNU patch

GNU patch is vulnerable to a denial of service (DoS) due to improper validation of hunk (single block of changes in diff) line offsets in unified-diff input. A specially crafted patch can specify an …

| Denial of Service
Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
4.6 MEDIUM
CVE-2026-56288 — NULL Pointer Dereference in GNU patch

GNU patch is vulnerable to a NULL pointer dereference when processing a specially crafted unified-diff patch file. Improper handling of consecutive end-of-file newline markers can corrupt internal hu…

| Denial of Service
Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
8.6 HIGH
CVE-2026-50644 — SQL Injection in SOPlanning Audit Retention Configuration

SOPlanning is vulnerable to SQL injection in the audit retention configuration. An attacker holding parameters_all rights can inject SQL commands into the audit configuration form which is then saved…

Remote | Injection
Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
4.3 MEDIUM
CVE-2026-4298 — DSGVO All in one for WP <= 4.9 - Missing Authorization to Authenticated (Subscriber+) Set…

The DSGVO All in one for WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 4.9. This is due to the dsgvo_reset_policy_service_func() function lacking …

dsgvo_all_in_one_for_wp | Remote | Authorization
Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
8.8 HIGH
CVE-2026-4275 — Divi Torque Lite <= 4.2.3 - Cross-Site Request Forgery to Arbitrary Plugin Installation v…

The Divi Torque Lite – Divi Theme, Divi Builder & Extra Theme plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.3. This is due to the use of '…

Remote | Cross-Site Request Forgery
Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
7.1 HIGH
CVE-2026-14372 — Bit Form <= 3.1.1 - Authenticated (Subscriber+) Arbitrary File Deletion via '_old' Parame…

The Bit Form – Contact Form, Payment Forms, Multi Step Forms, Calculator & Custom Form Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation i…

Remote | Path Traversal
Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
7.2 HIGH
CVE-2026-13441 — EventPrime <= 4.3.4.2 - Unauthenticated Stored Cross-Site Scripting via 'new_event_type_b…

The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'new_event_type_background_color' parameter in all versions up to, and…

Remote | Cross-Site Scripting
Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
3.7 LOW
CVE-2026-12590 — body-parser vulnerable to denial of service when invalid limit value silently disables si…

Impact: In body-parser versions prior to 1.20.6 (1.x line) and 2.3.0 (2.x line), when the parser is configured with an invalid limit option value such as an unparseable string or NaN, bytes.parse ret…

| Denial of Service
Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
6.5 MEDIUM
CVE-2026-12428 — Blocks for ACF Fields <= 1.6.2 - Missing Authorization to Authenticated (Author+) Arbitra…

The Blocks for ACF Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_all_values() function in the /wp-json/acf-field-blocks/v1/valu…

Remote | Authorization
Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
9.8 CRITICAL
CVE-2026-5955 — SQLi in Inrove Software's BiEticaret

Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Inrove Software and Internet Services BiEticaret allows SQL Injection. This issue affects BiEtic…

Remote | Injection
Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
6.1 MEDIUM
CVE-2026-5793 — XSS in Inrove Software's BiEticaret

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Inrove Software and Internet Services BiEticaret allows Reflected XSS. This issue affects BiEtic…

Remote | Cross-Site Scripting
Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
6.5 MEDIUM
CVE-2026-56460 — HCL DevOps Deploy / HCL Launch is susceptible to an Insertion of Sensitive Information In…

HCL DevOps Deploy / HCL Launch could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attacks against the system.

Remote | Information Disclosure
Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
6.2 MEDIUM
CVE-2026-56459 — HCL DevOps Deploy / HCL Launch is susceptible to sensitive information disclosure

HCL DevOps Deploy / HCL Launch is susceptible to sensitive information disclosure.  The application stores potentially sensitive information in log files that could be read by a local user.

| Information Disclosure
Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
5.4 MEDIUM
CVE-2026-56458 — HCL DevOps Deploy is susceptible to a Permissive Cross-domain Security Policy with Untrus…

HCL DevOps Deploy uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to…

Remote | Misconfiguration
Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
9.3 CRITICAL
CVE-2026-2342 — XSS in Oceanicsoft's ValeApp

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OceanicSoft Informatics Systems Ltd. ValeApp allows Stored XSS. This issue affects ValeApp: thro…

Remote | Cross-Site Scripting
Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
7.5 HIGH
CVE-2026-1989 — IDOR in PAVO Inc.'s PAVO Pay

Authorization bypass through User-Controlled key vulnerability in PAVO Financial Technology Solutions Inc. PAVO Pay allows Exploitation of Trusted Identifiers. This issue affects PAVO Pay: through 0…

Remote | Authorization
Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
Showing 20 of 7695 Results