Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
5.4 MEDIUM
CVE-2026-3829 — WP Encryption - One Click SSL & Force HTTPS <= 7.8.5.10 - Missing Authorization to Authen…

The WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL Scan plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks…

Remote | Authorization
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
4.3 MEDIUM
CVE-2026-3607 — Access Control Check Implemented After Asset is Accessed in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.3 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with develo…

gitlab | Remote | Authorization
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
5.8 MEDIUM
CVE-2026-3160 — Unintended Proxy or Intermediary ('Confused Deputy') in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to view Jir…

gitlab | Remote | Authorization
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
4.3 MEDIUM
CVE-2026-3074 — Authorization Bypass Through User-Controlled Key in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to downlo…

gitlab | Remote | Authorization
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
4.3 MEDIUM
CVE-2026-3073 — Authorization Bypass Through User-Controlled Key in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.6 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with develo…

gitlab | Remote | Authorization
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
2.7 LOW
CVE-2026-2900 — Missing Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 16.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that when instance-level approval rule editing prevention w…

gitlab | Remote | Authorization
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
7.5 HIGH
CVE-2026-1659 — Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.0 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to cause d…

gitlab | Remote | Denial of Service
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
4.3 MEDIUM
CVE-2026-1338 — Authorization Bypass Through User-Controlled Key in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with devel…

gitlab | Remote | Authorization
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
6.8 MEDIUM
CVE-2026-1322 — Business Logic Errors in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.0 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with a read…

gitlab | Remote | Authorization
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
6.5 MEDIUM
CVE-2026-1184 — Deserialization of Untrusted Data in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 11.9 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to cause den…

gitlab | Remote | Denial of Service
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
6.1 MEDIUM
CVE-2025-15345 — MapGeo - Interactive Geo Maps <= 1.6.27 - Reflected Cross-Site Scripting via 'map' Parame…

The MapGeo – Interactive Geo Maps plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'map' parameter in the display-map shortcode in all versions up to, and including, 1.6.2…

interactive_geo_maps | Remote | Cross-Site Scripting
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
7.5 HIGH
CVE-2025-14870 — Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to cause …

gitlab | Remote | Denial of Service
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
7.5 HIGH
CVE-2025-14869 — Improper Validation of Specified Quantity in Input in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to cause …

gitlab | Remote | Denial of Service
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
4.3 MEDIUM
CVE-2025-13874 — Authorization Bypass Through User-Controlled Key in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with Guest …

gitlab | Remote | Authorization
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
5.4 MEDIUM
CVE-2025-12669 — Improper Control of Generation of Code ('Code Injection') in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.11 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to inject …

gitlab | Remote | Cross-Site Scripting
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
4.3 MEDIUM
CVE-2026-7648 — LearnPress – WordPress LMS Plugin for Create and Sell Online Courses <= 4.3.5 - Authentic…

The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to payment bypass through user-controlled key in all versions up to, and including, 4.3.5. …

learnpress | Remote | Authentication
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
4.3 MEDIUM
CVE-2026-7525 — My Calendar <= 3.7.9 - Authenticated (Custom+) Missing Authorization to Unauthorized Even…

The My Calendar – Accessible Event Manager plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.7.9. This is due to the plugin not properly verifying tha…

Remote | Authorization
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
6.4 MEDIUM
CVE-2026-5361 — Envira Gallery <= 1.12.4 - Authenticated (Author+) Stored Cross-Site Scripting via 'arrow…

The Envira Gallery Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API in versions up to and including 1.12.4. This is due to insufficient input sanitization in th…

envira_gallery | Remote | Cross-Site Scripting
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
6.5 MEDIUM
CVE-2026-5486 — Unlimited Elements For Elementor <= 2.0.7 - Authenticated (Contributor+) SQL Injection vi…

The Unlimited Elements for Elementor plugin for WordPress is vulnerable to SQL Injection via the 'data[filter_search]' parameter in the get_cat_addons AJAX action in versions up to and including 2.0.…

unlimited_elements_for_elementor | Remote | Injection
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
7.1 HIGH
CVE-2026-46446 — SOGo PostgreSQL/MariaDB SQL Injection

SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored, allows SQL injection. This is related to c_password = '%@' in changePasswordForLogin.

sogo | Remote | Injection
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
Showing 20 of 6402 Results