Latest CVE Vulnerabilities

6.5 MEDIUM

CVE-2026-8993 — Improper URL Handler Processing in D.Launcher 2 enables NTLM Credential Disclosure and SS…

D.Launcher 2 component of Slovak eID client ecosystem contains Improper URL Handler Processing vulnerability. Application registers multiple custom URL handlers that could be exploited to initiate fu…

Remote | Server-Side Request Forgery

Jun 02, 2026 Jun 02, 2026

Jun 02, 2026

7.1 HIGH

CVE-2026-42685 — WordPress WP Job Portal plugin <= 2.5.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ahmad WP Job Portal allows Reflected XSS. This issue affects WP Job Portal: from n/a through 2.5…

Remote | Cross-Site Scripting

Jun 02, 2026 Jun 02, 2026

Jun 02, 2026

9.3 CRITICAL

CVE-2026-42684 — WordPress WP Job Portal plugin <= 2.5.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ahmad WP Job Portal allows Blind SQL Injection. This issue affects WP Job Portal: from n/a throu…

Remote | Injection

Jun 02, 2026 Jun 02, 2026

Jun 02, 2026

0.0 NA

CVE-2026-42670 — WordPress Five Star Restaurant Reservations plugin <= 2.7.14 - Payment Bypass vulnerabili…

Missing Authorization vulnerability in Etoile Web Design Incorporated Five Star Restaurant Reservations allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Fi…

| Authorization

Jun 02, 2026 Jun 02, 2026

Jun 02, 2026

7.5 HIGH

CVE-2026-42669 — WordPress EventPrime plugin <= 4.3.2.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects EventPrime: from n/a through 4.3.2.0.

Remote | Authorization

Jun 02, 2026 Jun 02, 2026

Jun 02, 2026

8.1 HIGH

CVE-2026-39551 — WordPress Töbel theme <= 1.8.1 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Elated-Themes Töbel allows Object Injection. This issue affects Töbel: from n/a through 1.8.1.

Remote | Injection

Jun 02, 2026 Jun 02, 2026

Jun 02, 2026

8.1 HIGH

CVE-2026-39550 — WordPress Aperitif theme <= 1.6 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Elated-Themes Aperitif allows Object Injection. This issue affects Aperitif: from n/a through 1.6.

Remote | Injection

Jun 02, 2026 Jun 02, 2026

Jun 02, 2026

8.1 HIGH

CVE-2025-58705 — WordPress Crafti theme <= 1.12 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Crafti allows PHP Local File Inclusion. This issue affects Crafti…

Remote | Path Traversal

Jun 02, 2026 Jun 02, 2026

Jun 02, 2026

7.5 HIGH

CVE-2025-58024 — WordPress Accordion FAQ Plugin <= 2.2.1 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in UnboundStudio Accordion FAQ allows PHP Local File Inclusion. This issue affec…

Remote | Path Traversal

Jun 02, 2026 Jun 02, 2026

Jun 02, 2026

8.1 HIGH

CVE-2025-53440 — WordPress Confidant theme <= 1.4 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Confidant allows PHP Local File Inclusion. This issue affects Con…

Remote | Path Traversal

Jun 02, 2026 Jun 02, 2026

Jun 02, 2026

6.8 MEDIUM

CVE-2026-5422 — Path Traversal in jupyter/jupyter

A path traversal vulnerability exists in jupyter-server version 2.17.0 due to an incorrect root directory boundary check in the _get_os_path() function within jupyter_server/services/contents/fileio.…

Remote | Path Traversal

Jun 02, 2026 Jun 02, 2026

Jun 02, 2026

5.4 MEDIUM

CVE-2026-5191 — Tiled Gallery Carousel Without JetPack <= 3.1 - Authenticated (Contributor+) Stored Cross…

The Tiled Gallery Carousel Without JetPack plugin for WordPress is vulnerable to stored cross-site scripting via the 'data-image-title' parameter in all versions up to, and including, 3.1 due to insu…

Remote | Cross-Site Scripting

Jun 02, 2026 Jun 02, 2026

Jun 02, 2026

0.0 NA

CVE-2026-46718 — Apache Calcite: A user-controled model can load arbitrary classes, leading to code execut…

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Apache Calcite. This issue affects Apache Calcite: from 1.5.0 before 1.42. Users are recommended …

calcite | Misconfiguration

Jun 02, 2026 Jun 02, 2026

Jun 02, 2026

0.0 NA

CVE-2026-41115 — Apache Kafka: Improper Authorization in CONSUMER_GROUP_DESCRIBE API

An improper authorization vulnerability has been identified in Apache Kafka. The implementation of the CONSUMER_GROUP_DESCRIBE (69) API validates the DESCRIBE operation on the GROUP resource instead…

kafka | Authorization

Jun 02, 2026 Jun 02, 2026

Jun 02, 2026

5.1 MEDIUM

CVE-2026-34907 — Reflected Cross-Site Scripting (XSS) in Wirtualna Uczelnia

Wirtualna Uczelnia is vulnerable to Reflected Cross‑Site Scripting (XSS) due to insecure handling of the locale parameter across multiple endpoints. An attacker can craft a malicious URL with JavaScr…

Remote | Cross-Site Scripting

Jun 02, 2026 Jun 02, 2026

Jun 02, 2026

9.3 CRITICAL

CVE-2026-34906 — Server-Side Template Injection (SSTI) in Wirtualna Uczelnia

Server-Side Template Injection (SSTI) in Wirtualna Uczelnia allows an unauthenticated attacker to perform Remote Code Execution (RCE). In the endpoint redirectToUrl and parameter redirectUrlParameter…

Remote | Injection

Jun 02, 2026 Jun 02, 2026

Jun 02, 2026

5.3 MEDIUM

CVE-2026-10549 — Privilege escalation in Yandex Database

LDAP filter injection vulnerability in Yandex Database prior to 25.3.1.25 allows a remote attacker with valid LDAP credentials to bypass group membership checks resulting in unauthorized access to th…

Remote | Injection

Jun 02, 2026 Jun 02, 2026

Jun 02, 2026

4.3 MEDIUM

CVE-2025-53346 — WordPress Thim Core Plugin <= 2.3.3 - Broken Access Control Vulnerability

Missing Authorization vulnerability in ThimPress Thim Core allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Thim Core: from n/a through 2.3.3.

Remote | Authorization

Jun 02, 2026 Jun 02, 2026

Jun 02, 2026

8.8 HIGH

CVE-2025-53345 — WordPress Thim Core plugin <= 2.3.3 - Arbitrary Plugin Installation vulnerability

Missing Authorization vulnerability leading to code execution after installing malicious vulnerable plugin in ThimPress Thim Core. This issue affects Thim Core: from n/a through 2.3.3.

Remote | Authorization

Jun 02, 2026 Jun 02, 2026

Jun 02, 2026

5.3 MEDIUM

CVE-2025-53302 — WordPress Constructor theme <= 1.6.5 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Anton Shevchuk Constructor allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Constructor: from n/a through 1.6.5.

Remote | Authorization

Jun 02, 2026 Jun 02, 2026

Jun 02, 2026

Browse by Apps

Latest CVE Feed

Cookie Preferences