Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
0.0 NA
CVE-2026-12297 — Sandbox escape due to incorrect boundary conditions in the Networking component

Sandbox escape due to incorrect boundary conditions in the Networking component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37.

firefox | Misconfiguration
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
0.0 NA
CVE-2026-12296 — Sandbox escape in the Security: Process Sandboxing component

Sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.

firefox | Misconfiguration
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
0.0 NA
CVE-2026-12295 — Sandbox escape in the DOM: Navigation component

Sandbox escape in the DOM: Navigation component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37.

firefox | Misconfiguration
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
0.0 NA
CVE-2026-12294 — Sandbox escape in the DOM: Workers component

Sandbox escape in the DOM: Workers component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37.

firefox | Misconfiguration
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
0.0 NA
CVE-2026-12293 — Use-after-free in the Graphics: WebGPU component

Use-after-free in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 152.

firefox | Memory Corruption
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
0.0 NA
CVE-2026-12292 — Incorrect boundary conditions in the Web Audio component

Incorrect boundary conditions in the Web Audio component. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.

firefox | Memory Corruption
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
0.0 NA
CVE-2026-12291 — Use-after-free in the Networking: HTTP component

Use-after-free in the Networking: HTTP component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37.

firefox | Memory Corruption
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
0.0 NA
CVE-2026-12290 — Memory safety bug fixed in Firefox 152

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37.

firefox | Memory Corruption
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
0.0 NA
CVE-2026-12289 — Privilege escalation in the Graphics: WebRender component

Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37.

firefox | Authorization
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
5.1 MEDIUM
CVE-2026-9507 — Session fixation vulnerability in Enhancesoft's osTicket

A session fixation vulnerability has been identified in osTicket v1.18.2. This security flaw allows an attacker to hijack a victim’s account by keeping the initial session identifier (OSTSESSID) acti…

osticket | Remote | Authentication
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
8.1 HIGH
CVE-2026-8442 — WP Review Slider Pro <= 12.6.8 - Authenticated (Subscriber+) Arbitrary File Deletion via …

The WP Review Slider Pro plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 12.6.8. This is due to missing authorization checks on the wpfb_hide_review and …

Remote | Path Traversal
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
7.5 HIGH
CVE-2026-8176 — LatePoint <= 5.5.1 - Authenticated (Agent+) Privilege Escalation to Administrator via IDO…

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation to Administrator in versions up to, and including, 5.5.1. The plugin cha…

Remote | Authentication
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
8.8 HIGH
CVE-2026-5416 — Command Injection via name parameter

Due to the improper neutralization of special elements used in a name parameter a low privileged remote attacker can exploit a command injection vulnerability in the Managed Ethernet Switch, resultin…

Remote | Injection
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
7.1 HIGH
CVE-2026-54198 — WordPress Media LIbrary Assistant plugin <= 3.35 - Reflected Cross Site Scripting (XSS) v…

Unauthenticated Cross Site Scripting (XSS) in Media LIbrary Assistant <= 3.35 versions.

media_library_assistant | Remote | Cross-Site Scripting
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
6.5 MEDIUM
CVE-2026-54197 — WordPress GetGenie plugin <= 4.4.1 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in GetGenie <= 4.4.1 versions.

Remote | Information Disclosure
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
7.1 HIGH
CVE-2026-54191 — WordPress Pods plugin <= 3.3.8 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in Pods <= 3.3.8 versions.

Remote | Cross-Site Scripting
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
6.5 MEDIUM
CVE-2026-54190 — WordPress Envira Photo Gallery plugin <= 1.12.5 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Envira Photo Gallery <= 1.12.5 versions.

Remote | Authorization
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
9.3 CRITICAL
CVE-2026-52715 — WordPress GEO my WordPress plugin <= 4.5.5 - SQL Injection vulnerability

Unauthenticated SQL Injection in GEO my WordPress <= 4.5.5 versions.

Remote | Injection
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
5.9 MEDIUM
CVE-2026-52714 — WordPress SEO Plugin by Squirrly SEO plugin <= 12.4.16 - Broken Access Control vulnerabil…

Unauthenticated Broken Access Control in SEO Plugin by Squirrly SEO <= 12.4.16 versions.

Remote | Authorization
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
7.6 HIGH
CVE-2026-52712 — WordPress Attendance Manager plugin <= 0.6.2 - SQL Injection vulnerability

Subscriber SQL Injection in Attendance Manager <= 0.6.2 versions.

Remote | Injection
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Showing 20 of 6909 Results