Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
0.0 NA
CVE-2026-46104 — selinux: use sk blob accessor in socket permission helpers

In the Linux kernel, the following vulnerability has been resolved: selinux: use sk blob accessor in socket permission helpers SELinux socket state lives in the composite LSM socket blob. sock_has…

| Authorization
May 28, 2026 May 28, 2026
May 28, 2026
May 28, 2026
8.5 HIGH
CVE-2025-48977 — Apache Ignite: REST HTTP arbitrary file read vulnerability

Relative Path Traversal vulnerability in Apache Ignite REST API. Authenticated REST API users can read any file on the server with "cmd=log" command and a log path crafted in a certain way. This iss…

Remote | Path Traversal
May 28, 2026 May 28, 2026
May 28, 2026
May 28, 2026
4.3 MEDIUM
CVE-2026-9807 — Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed a blocked…

Remote | Authorization
May 28, 2026 May 28, 2026
May 28, 2026
May 28, 2026
7.7 HIGH
CVE-2026-9804 — Kubevirt: kubevirt: vmexport directory symlink escape enables exporter pod file read

A flaw was found in KubeVirt's virt-exportserver component. An attacker with specific namespace-level access can exploit a path traversal vulnerability in the VMExport directory endpoint. By placing …

Remote | Path Traversal
May 28, 2026 May 28, 2026
May 28, 2026
May 28, 2026
4.3 MEDIUM
CVE-2026-9015 — Equalize Digital Accessibility Checker <= 1.42.0 - Missing Authorization to Authenticated…

The Equalize Digital Accessibility Checker – WCAG, ADA, EAA and Section 508 compliance plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.42.0. This is…

Remote | Authorization
May 28, 2026 May 28, 2026
May 28, 2026
May 28, 2026
4.3 MEDIUM
CVE-2026-8689 — Visualizer: Tables and Charts Manager for WordPress <= 3.11.14 - Missing Authorization to…

The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.11.14. This is due to a missing capability …

Remote | Authorization
May 28, 2026 May 28, 2026
May 28, 2026
May 28, 2026
4.3 MEDIUM
CVE-2026-7526 — PDF Embedder <= 4.9.3 - Authenticated (Contributor+) Information Exposure via Block Edito…

The PDF Embedder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.9.3 via the enqueue_block_assets. This makes it possible for authenticate…

Remote | Information Disclosure
May 28, 2026 May 28, 2026
May 28, 2026
May 28, 2026
6.5 MEDIUM
CVE-2026-7048 — Photo Gallery by 10Web <= 1.8.40 - Authenticated (Contributor+) SQL Injection via 'order_…

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'order_by' parameter in all versions up to, and including, 1.8.…

Remote | Injection
May 28, 2026 May 28, 2026
May 28, 2026
May 28, 2026
5.3 MEDIUM
CVE-2026-6937 — Appointment Booking Calendar <= 1.6.11.8 - Missing Authorization to Unauthenticated Arbit…

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.6.11.8 due to the pl…

Remote | Authorization
May 28, 2026 May 28, 2026
May 28, 2026
May 28, 2026
8.8 HIGH
CVE-2026-6226 — Frontend Admin by DynamiApps <= 3.29.2 - Unauthenticated Privilege Escalation via Form Co…

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to unauthenticated privilege escalation in versions up to and including 3.29.2. This is due to insecure form submission handling th…

Remote | Authorization
May 28, 2026 May 28, 2026
May 28, 2026
May 28, 2026
9.0 CRITICAL
CVE-2026-4408 — Samba: remote code execution in samr

A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is config…

Remote | Misconfiguration
May 28, 2026 May 28, 2026
May 28, 2026
May 28, 2026
6.4 MEDIUM
CVE-2026-4334 — Shariff Wrapper <= 4.6.20 - Authenticated (Contributor+) Cross-Site Scripting

The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'headline' parameter in the [shariff] shortcode in all versions up to, and including, 4.6.20 due to insuf…

Remote | Cross-Site Scripting
May 28, 2026 May 28, 2026
May 28, 2026
May 28, 2026
5.1 MEDIUM
CVE-2024-47097 — Reflected Cross-Site Scripting in Follet School Solutions Destiny

Cross Site Scripting vulnerability in Follet School Solutions Destiny before v22.0.1 AU1 allows a remote attacker to run arbitrary client-side code via the site parameter of handleloginform.do.

Remote | Cross-Site Scripting
May 28, 2026 May 28, 2026
May 28, 2026
May 28, 2026
5.1 MEDIUM
CVE-2024-47096 — Reflected Cross-Site Scripting in Follet School Solutions Destiny

Cross Site Scripting vulnerability in Follet School Solutions Destiny before v22.0.1 AU1 allows a remote attacker to run arbitrary client-side code via the showSupportExpiredMessage parameter of hand…

Remote | Cross-Site Scripting
May 28, 2026 May 28, 2026
May 28, 2026
May 28, 2026
6.3 MEDIUM
CVE-2026-9806 — Stored Cross-Site Scripting (XSS) in CTI Transmute Notification Panel via Malicious Conve…

A stored cross-site scripting (XSS) vulnerability exists in the notification panel of CTI Transmute in versions prior to the patched release. Notification messages containing user-controlled convert …

Remote | Cross-Site Scripting
May 28, 2026 May 28, 2026
May 28, 2026
May 28, 2026
4.3 MEDIUM
CVE-2026-9618 — PeachPay <= 1.120.46 - Cross-Site Request Forgery to Stripe Unlink

The PeachPay — Payments & Express Checkout for WooCommerce (supports Stripe, PayPal, Square, Authorize.net, NMI) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to…

Remote | Cross-Site Request Forgery
May 28, 2026 May 28, 2026
May 28, 2026
May 28, 2026
8.8 HIGH
CVE-2026-9227 — GutenBee <= 2.20.1 - Authenticated (Author+) Arbitrary File Upload via wp_check_filetype_…

The GutenBee – Gutenberg Blocks plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 2.20.1 via the gutenbee_file_and_ext_json function. This is due to a …

Remote | Authentication
May 28, 2026 May 28, 2026
May 28, 2026
May 28, 2026
4.3 MEDIUM
CVE-2026-8682 — 3D Viewer <= 2.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugi…

The 3D Viewer – 3D Model Viewer – Augmented Reality – Virtual Try On plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.0.1. This is due to the plugin …

Remote | Authorization
May 28, 2026 May 28, 2026
May 28, 2026
May 28, 2026
0.0 NA
CVE-2026-7862 — Eupago Gateway For Woocommerce < 4.7.2 - Unauthenticated Arbitrary Refund Initiation

The Eupago Gateway For Woocommerce WordPress plugin before 4.7.2 does not properly restrict access to its refund request handler, allowing unauthenticated attackers to initiate refunds against any Wo…

| Authentication
May 28, 2026 May 28, 2026
May 28, 2026
May 28, 2026
7.5 HIGH
CVE-2026-7797 — Appointment Booking Calendar <= 1.6.11.8 - Unauthenticated SQL Injection via 'append_wher…

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'append_where_sql' parameter in all version…

Remote | Injection
May 28, 2026 May 28, 2026
May 28, 2026
May 28, 2026
Showing 20 of 6702 Results