Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
4.9 MEDIUM
CVE-2026-3439 — SonicOS Stack-based Buffer Overflow Vulnerability

A post-authentication Stack-based Buffer Overflow vulnerability in SonicOS certificate handling allows a remote attacker to crash a firewall.

sonicos | Remote | Memory Corruption
Mar 04, 2026 Mar 04, 2026
Mar 04, 2026
Mar 04, 2026
6.1 MEDIUM
CVE-2026-1706 — All-in-One Video Gallery <= 4.7.1 - Reflected Cross-Site Scripting via 'vi' Parameter

The All-in-One Video Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'vi' parameter in all versions up to, and including, 4.7.1 due to insufficient input sanitiza…

all-in-one_video_gallery | Remote | Cross-Site Scripting
Mar 04, 2026 Mar 04, 2026
Mar 04, 2026
Mar 04, 2026
7.5 HIGH
CVE-2023-7337 — JS Help Desk – AI-Powered Support & Ticketing System 2.8.2 - Unauthenticated SQL Injectio…

The JS Help Desk – AI-Powered Support & Ticketing System plugin for WordPress is vulnerable to SQL Injection via the 'js-support-ticket-token-tkstatus' cookie in version 2.8.2 due to an incomplete fi…

Remote | Injection
Mar 04, 2026 Mar 04, 2026
Mar 04, 2026
Mar 04, 2026
7.8 HIGH
CVE-2026-3094 — File Parsing Out-Of-Bounds Write in CNCSoft-G2

Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the cur…

cncsoft-g2 | Injection
Mar 04, 2026 Mar 04, 2026
Mar 04, 2026
Mar 04, 2026
7.8 HIGH
CVE-2026-2748 — S/MIME Certificate Subject Whitespace

SEPPmail Secure Email Gateway before version 15.0.1 improperly validates S/MIME certificates issued for email addresses containing whitespaces, allowing signature spoofing.

seppmail_secure_email_gateway | Remote | Cryptography
Mar 04, 2026 Mar 04, 2026
Mar 04, 2026
Mar 04, 2026
6.9 MEDIUM
CVE-2026-2747 — PGP Mixed Plaintext and Encrypted Content

SEPPmail Secure Email Gateway before version 15.0.1 decrypts inline PGP messages without isolating them from surrounding unencrypted content, allowing exposure of sensitive information to an unauthor…

seppmail_secure_email_gateway | Remote | Information Disclosure
Mar 04, 2026 Mar 04, 2026
Mar 04, 2026
Mar 04, 2026
6.9 MEDIUM
CVE-2026-2746 — Missing PGP Signature Tag

SEPPmail Secure Email Gateway before version 15.0.1 does not properly communicate PGP signature verification results, leaving users unable to detect forged emails.

seppmail_secure_email_gateway | Remote | Cryptography
Mar 04, 2026 Mar 04, 2026
Mar 04, 2026
Mar 04, 2026
9.3 CRITICAL
CVE-2026-27446 — Apache Artemis, Apache ActiveMQ Artemis: Auth bypass for Core downstream federation

Missing Authentication for Critical Function (CWE-306) vulnerability in Apache Artemis, Apache ActiveMQ Artemis. An unauthenticated remote attacker can use the Core protocol to force a target broker …

activemq_artemis | Remote | Authentication
Mar 04, 2026 Mar 04, 2026
Mar 04, 2026
Mar 04, 2026
6.9 MEDIUM
CVE-2026-27445 — PGP Signature Reflection

SEPPmail Secure Email Gateway before version 15.0.1 does not properly verify that a PGP signature was generated by the expected key, allowing signature spoofing.

seppmail_secure_email_gateway | Remote | Cryptography
Mar 04, 2026 Mar 04, 2026
Mar 04, 2026
Mar 04, 2026
7.8 HIGH
CVE-2026-27444 — Header Email Address Parsing

SEPPmail Secure Email Gateway before version 15.0.1 incorrectly interprets email addresses in the email headers, causing an interpretation conflict with other mail infrastructure that allows an attac…

seppmail_secure_email_gateway | Remote | Misconfiguration
Mar 04, 2026 Mar 04, 2026
Mar 04, 2026
Mar 04, 2026
8.2 HIGH
CVE-2026-27443 — S/MIME Decryption Tag Sanitization Bypass

SEPPmail Secure Email Gateway before version 15.0.1 does not properly sanitize the headers from S/MIME protected MIME entities, allowing an attacker to control trusted headers.

seppmail_secure_email_gateway | Remote | Misconfiguration
Mar 04, 2026 Mar 04, 2026
Mar 04, 2026
Mar 04, 2026
9.3 CRITICAL
CVE-2026-27442 — zip_attachments Path Traversal

The GINA web interface in SEPPmail Secure Email Gateway before version 15.0.1 does not properly check attachment filenames in GINA-encrypted emails, allowing an attacker to access files on the gatewa…

seppmail_secure_email_gateway | Remote | Path Traversal
Mar 04, 2026 Mar 04, 2026
Mar 04, 2026
Mar 04, 2026
9.5 CRITICAL
CVE-2026-27441 — PDF Password CMDi

SEPPmail Secure Email Gateway before version 15.0.1 insufficiently neutralizes the PDF encryption password, allowing OS command execution.

seppmail_secure_email_gateway | Remote | Injection
Mar 04, 2026 Mar 04, 2026
Mar 04, 2026
Mar 04, 2026
6.4 MEDIUM
CVE-2026-1236 — Envira Gallery for WordPress <= 1.12.3 - Authenticated (Author+) Stored Cross-Site Script…

The Envira Gallery for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'justified_gallery_theme' parameter in all versions up to, and including, 1.12.3 due to insu…

Remote | Cross-Site Scripting
Mar 04, 2026 Mar 04, 2026
Mar 04, 2026
Mar 04, 2026
5.4 MEDIUM
CVE-2025-66168 — Apache ActiveMQ, Apache ActiveMQ All Module, Apache ActiveMQ MQTT Module: MQTT control pa…

Apache ActiveMQ does not properly validate the remaining length field which may lead to an overflow during the decoding of malformed packets. When this integer overflow occurs, ActiveMQ may incorrect…

activemq | Remote | Denial of Service
Mar 04, 2026 Mar 04, 2026
Mar 04, 2026
Mar 04, 2026
9.2 CRITICAL
CVE-2026-29120 — Insecure, Hardcoded Root Password Stored in Anaconda Configuration File On IDC SFX2100 Sa…

The /root/anaconda-ks.cfg installation configuration file in International Datacasting Corporation (IDC) SFX Series(SFX2100) SuperFlex Satellite Receiver insecurely stores the hardcoded root password…

| Authentication
Mar 04, 2026 Mar 04, 2026
Mar 04, 2026
Mar 04, 2026
8.8 HIGH
CVE-2026-29119 — Hardcoded and Insecure Credentials for "Admin" Account providing Telnet Access on IDC SFX…

International Datacasting Corporation (IDC) SFX Series SuperFlex(SFX2100) SatelliteReceiver contains hardcoded and insecure credentials for the `admin` account. A remote unauthenticated attacker can …

Remote | Authentication
Mar 04, 2026 Mar 04, 2026
Mar 04, 2026
Mar 04, 2026
7.9 HIGH
CVE-2026-28778 — Hardcoded FTP Credentials and LPE(via Insecure Permissions) for `xd` Local Account on IDC…

International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver contains undocumented, hardcoded/insecure credentials for the `xd` user account. A remote unauthenticated attacker …

Remote | Authentication
Mar 04, 2026 Mar 04, 2026
Mar 04, 2026
Mar 04, 2026
9.2 CRITICAL
CVE-2026-28777 — Hardcoded and Insecure Credentials for "User" Local Account with SSH Access On IDC SFX210…

International Datacasting Corporation (IDC) SFX2100 Satellite Receiver, trivial password for the `user` (usr) account. A remote unauthenticated attacker can exploit this to gain unauthorized SSH ac…

Remote | Authentication
Mar 04, 2026 Mar 04, 2026
Mar 04, 2026
Mar 04, 2026
7.8 HIGH
CVE-2026-28776 — Hardcoded and Insecure Credentials for "monitor" account with SSH Access On IDC SFX2100 S…

International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver contains hardcoded credentials for the `monitor` account. A remote unauthenticated attacker can use these trivial, u…

Remote | Authentication
Mar 04, 2026 Mar 04, 2026
Mar 04, 2026
Mar 04, 2026
Showing 20 of 5047 Results