Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
0.0 NA
CVE-2026-9521 — fraillt bitsery std_smart_ptr.h loadFromSharedState improper validation of specified type…

A security vulnerability has been detected in fraillt bitsery up to 5.2.4. Affected is the function loadFromSharedState in the library include/bitsery/ext/std_smart_ptr.h. Such manipulation leads to …

| Misconfiguration
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
6.5 MEDIUM
CVE-2026-4795 — Zyxel GS1200 Series Missing Authorization Vulnerability (Configuration Disclosure)

A missing authorization vulnerability in Zyxel GS1200-5v3 firmware versions through 1.00(ACPS.2)C0, GS1200-8v3 firmware versions through 1.00(ACPT.2)C0,  GS1200-5HPv3 firmware versions through 1.00(A…

| Authorization
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
0.0 NA
CVE-2026-9520 — blitz-js blitz Sign-in LoginForm.tsx cross site scripting

A weakness has been identified in blitz-js blitz up to 3.0.2 on GitHub. This impacts an unknown function of the file packages/generator/templates/app/src/app/auth/components/LoginForm.tsx of the comp…

| Cross-Site Scripting
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
1.8 LOW
CVE-2025-71310 — Backdrop CMS YouTube GDPR Cookies Module XSS

The GDPR cookies module for Backdrop CMS (before 1.x-1.3.5) doesn't sufficiently protect visitors from Cross Site Scripting (XSS) if a malicious value has been provided for the optional 'Info conte…

Remote | Cross-Site Scripting
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
0.0 NA
CVE-2026-9519 — stonith404 pingvin-share Sign-in Auto-Redirect signIn.tsx getServerSideProps cross site s…

A security flaw has been discovered in stonith404 pingvin-share up to 1.13.0. This affects the function getServerSideProps of the file frontend/src/pages/auth/signIn.tsx of the component Sign-in Auto…

| Cross-Site Scripting
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
0.0 NA
CVE-2026-9518 — hemant6488 CodeIgniter-StudentManagementSystem Students Controller view_students.php addS…

A vulnerability was identified in hemant6488 CodeIgniter-StudentManagementSystem. The impacted element is the function addStudent of the file view_students.php of the component Students Controller. T…

| Cross-Site Scripting
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
0.0 NA
CVE-2026-9538 — Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlle…

Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header. _read_tar() reads each entry's payload with $handle->read($$data, $block), …

| Memory Corruption
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
0.0 NA
CVE-2026-42497 — Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths…

Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory. _make_special_file() passes the tar header's linkname to link() without va…

| Path Traversal
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
0.0 NA
CVE-2026-42496 — Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targ…

Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. _make_special_file() passes the tar header's linkname to symlink() with…

| Path Traversal
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
0.0 NA
CVE-2026-9517 — hemant6488 CodeIgniter-StudentManagementSystem Student Management addStudentView access c…

A vulnerability was determined in hemant6488 CodeIgniter-StudentManagementSystem. The affected element is an unknown function of the file /index.php/students/addStudentView of the component Student M…

| Authorization
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
0.0 NA
CVE-2026-8376 — Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressi…

Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. Perl_study_chunk in regcomp_study.c checked the size of th…

| Memory Corruption
May 25, 2026 May 25, 2026
May 25, 2026
May 25, 2026
0.0 NA
CVE-2026-9515 — Totolink CA750-PoE Setting cstecgi.cgi setUnloadUserData os command injection

A vulnerability was detected in Totolink CA750-PoE 6.2c.510. The affected element is the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation…

| Injection
May 25, 2026 May 25, 2026
May 25, 2026
May 25, 2026
0.0 NA
CVE-2026-9514 — Totolink CA750-PoE Setting cstecgi.cgi setNetworkDiag os command injection

A security vulnerability has been detected in Totolink CA750-PoE 6.2c.510. Impacted is the function setNetworkDiag of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation …

| Injection
May 25, 2026 May 25, 2026
May 25, 2026
May 25, 2026
5.4 MEDIUM
CVE-2026-32389 — WordPress NanoCare theme < 1.2.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Linethemes NanoCare allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects NanoCare: from n/a before 1.2.2.

Remote | Authorization
May 25, 2026 May 25, 2026
May 25, 2026
May 25, 2026
6.5 MEDIUM
CVE-2026-42763 — WordPress SePay Gateway plugin <= 1.1.20 - Sensitive Data Exposure vulnerability

Missing Authorization vulnerability in SePay team SePay Gateway allows Retrieve Embedded Sensitive Data. This issue affects SePay Gateway: from n/a through 1.1.20.

Remote | Authorization
May 25, 2026 May 25, 2026
May 25, 2026
May 25, 2026
9.3 CRITICAL
CVE-2026-42773 — WordPress eMagicOne Store Manager plugin <= 1.3.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in eMagicOne eMagicOne Store Manager allows Blind SQL Injection. This issue affects eMagicOne Store…

Remote | Injection
May 25, 2026 May 25, 2026
May 25, 2026
May 25, 2026
9.3 CRITICAL
CVE-2026-42774 — WordPress JetEngine plugin <= 3.8.8.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Crocoblock JetEngine allows SQL Injection. This issue affects JetEngine: from n/a through 3.8.8.…

Remote | Injection
May 25, 2026 May 25, 2026
May 25, 2026
May 25, 2026
6.3 MEDIUM
CVE-2026-42776 — WordPress Sunshine Photo Cart plugin <= 3.6.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sunshine Photo Cart: from n/a throu…

Remote | Authorization
May 25, 2026 May 25, 2026
May 25, 2026
May 25, 2026
7.5 HIGH
CVE-2026-45209 — WordPress MyCryptoCheckout plugin <= 2.161 - Broken Access Control vulnerability

Missing Authorization vulnerability in edward_plainview MyCryptoCheckout allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MyCryptoCheckout: from n/a throug…

Remote | Authorization
May 25, 2026 May 25, 2026
May 25, 2026
May 25, 2026
8.8 HIGH
CVE-2026-45216 — WordPress Smart Manager plugin <= 8.85.0 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in StoreApps Smart Manager allows Privilege Escalation. This issue affects Smart Manager: from n/a through 8.85.0.

Remote | Authorization
May 25, 2026 May 25, 2026
May 25, 2026
May 25, 2026
Showing 20 of 5867 Results