Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
5.1 MEDIUM
CVE-2026-10836 — Improper neutralization of HTTP headers in Password Manager

Improper handling of HTTP headers that allows a remote attacker to manipulate the value of the Host header using specially crafted requests. A successful exploit could result in the generation of man…

Remote | Information Disclosure
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
7.2 HIGH
CVE-2026-5667 — Information Disclosure, Information Tampering, or Denial-of-Service (DoS) Vulnerability i…

Use of Hard-coded Credentials vulnerability in Mitsubishi Electric Room Air Conditioners (for Japan and outside Japan); Wireless LAN Adapters for Room Air Conditioners (for Japan and outside Japan); …

| Authentication
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
4.3 MEDIUM
CVE-2024-34810 — WordPress Skyline WP theme <= 1.0.10 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site request forgery (CSRF) vulnerability in Extend Themes Skyline WP allows Cross Site Request Forgery. This issue affects Skyline WP: from n/a through 1.0.10.

Remote | Cross-Site Request Forgery
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
4.8 MEDIUM
CVE-2026-12491 — Vllm: vllm: image exif rotation & png trns transparency not normalized, causing mismatch …

A flaw was found in vLLM, an open-source library for large language model inference. This vulnerability arises from improper handling of image metadata, specifically EXIF orientation and PNG transpar…

openshift_ai ai_inference_server enterprise_linux_ai | Remote | Misconfiguration
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.3 CRITICAL
CVE-2026-54811 — WordPress WP eMember plugin < v10.9.4 - SQL Injection vulnerability

Unauthenticated SQL Injection in WP eMember < v10.9.4 versions.

Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.8 CRITICAL
CVE-2026-54807 — WordPress Registration Form for WooCommerce plugin <= 1.0.9 - Privilege Escalation vulner…

Unauthenticated Privilege Escalation in Registration Form for WooCommerce <= 1.0.9 versions.

Remote | Authentication
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.8 CRITICAL
CVE-2026-54806 — WordPress WP Activity Log plugin <= 5.6.3.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in WP Activity Log <= 5.6.3.1 versions.

wp_activity_log | Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.8 HIGH
CVE-2026-54805 — WordPress Falang multilanguage plugin <= 1.4.2 - Privilege Escalation vulnerability

Subscriber Privilege Escalation in Falang multilanguage <= 1.4.2 versions.

Remote | Authorization
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
7.6 HIGH
CVE-2026-54804 — WordPress Melhor Envio plugin <= 2.16.3 - Broken Authentication vulnerability

Subscriber Broken Authentication in Melhor Envio <= 2.16.3 versions.

Remote | Authentication
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.8 CRITICAL
CVE-2026-54803 — WordPress SMS Alert Order Notifications plugin <= 3.9.4 - Privilege Escalation vulnerabil…

Subscriber Privilege Escalation in SMS Alert Order Notifications <= 3.9.4 versions.

Remote | Authorization
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
7.5 HIGH
CVE-2026-54802 — WordPress SMS Alert Order Notifications plugin <= 3.9.3 - Broken Authentication vulnerabi…

Unauthenticated Broken Authentication in SMS Alert Order Notifications <= 3.9.3 versions.

Remote | Authentication
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
6.8 MEDIUM
CVE-2026-54196 — WordPress JetFormBuilder plugin <= 3.6.1 - Privilege Escalation vulnerability

Subscriber Privilege Escalation in JetFormBuilder <= 3.6.1 versions.

Remote | Authorization
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
7.1 HIGH
CVE-2026-54195 — WordPress JetFormBuilder plugin <= 3.6.0.1 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in JetFormBuilder <= 3.6.0.1 versions.

Remote | Cross-Site Scripting
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
7.1 HIGH
CVE-2026-54192 — WordPress Popup box plugin <= 6.2.9 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in Popup box <= 6.2.9 versions.

Remote | Cross-Site Scripting
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
7.1 HIGH
CVE-2026-54189 — WordPress JetEngine plugin <= 3.8.10 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions.

Remote | Cross-Site Scripting
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
7.1 HIGH
CVE-2026-54188 — WordPress JetEngine plugin <= 3.8.10 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions.

Remote | Cross-Site Scripting
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.3 CRITICAL
CVE-2026-54187 — WordPress JetEngine plugin <= 3.8.10.1 - SQL Injection vulnerability

Unauthenticated SQL Injection in JetEngine <= 3.8.10.1 versions.

Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.3 CRITICAL
CVE-2026-54186 — WordPress JobSearch plugin <= 3.2.9 - SQL Injection vulnerability

Unauthenticated SQL Injection in JobSearch <= 3.2.9 versions.

jobsearch | Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.5 HIGH
CVE-2026-54185 — WordPress Cornerstone plugin < 7.8.8 - SQL Injection vulnerability

Subscriber SQL Injection in Cornerstone < 7.8.8 versions.

Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.2 HIGH
CVE-2026-54184 — WordPress Clean Login plugin <= 1.15 - Insecure Direct Object References (IDOR) vulnerabi…

Unauthenticated Insecure Direct Object References (IDOR) in Clean Login <= 1.15 versions.

Remote | Authorization
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Showing 20 of 7621 Results