Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
0.0 NA
CVE-2026-55229 — Gotenberg: SSRF via LibreOffice document processing

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.34.0, Gotenberg's /forms/libreoffice/convert endpoint allows a specially crafted document to cause LibreOffice to automatically r…

| Server-Side Request Forgery
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
9.8 CRITICAL
CVE-2026-57807 — WordPress OAuth Single Sign On - SSO (OAuth Client) plugin <= 38.5.8 - Broken Authenticat…

Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Security Software Pvt Ltd. OAuth Single Sign On - SSO (OAuth Client) allows Password Recovery Exploitation. This …

Remote | Authentication
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
0.0 NA
CVE-2026-55405 — LangChain4j: SQL injection via metadata filters in langchain4j-mariadb and langchain4j-pg…

LangChain4j is a Java library for building LLM-powered applications on the JVM. Prior to 1.2.1-beta8, 1.5.1-beta11, 1.11.8-beta19, and 1.16.3-beta26, the MariaDB and pgvector embedding stores build …

| Injection
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
0.0 NA
CVE-2026-12761 — miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) <= 7.7.0 - Unau…

The miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPress is vulnerable to authentication bypass leading to account takeover in versions up to and including 7…

| Authentication
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
0.0 NA
CVE-2026-13039 — Eventin 4.0.26 - 4.1.15 - Missing Authorization to Unauthenticated Payment Bypass via RES…

The Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) plugin for WordPress is vulnerable to authorization bypass due to a regression in versions from 4.0.26 up to and inclu…

| Authorization
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
0.0 NA
CVE-2026-57217 — RabbitMQ: Topic authorization can lead to cross-tenant routing-key bypass

RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.21, 4.1.11, and 4.2.6, RabbitMQ topic authorization can allow restricted topic writes and binds during metadata-store failures beca…

| Authorization
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
0.0 NA
CVE-2026-57221 — RabbitMQ: Passive queue/exchange declaration bypasses authorization checks, leaking queue…

RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, RabbitMQ does not perform authorization checks on passive queue.declare and exchange.declare AMQP 0-9-1 oper…

| Authorization
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
0.0 NA
CVE-2026-57215 — RabbitMQ: Direct-reply-to binding persistence can lead to unauthorized reply-channel inje…

RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, RabbitMQ allows foreign bindings to amq.rabbitmq.reply-to destinations because volatile direct-reply-to queu…

| Misconfiguration
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
0.0 NA
CVE-2026-57219 — RabbitMQ: Unauthenticated disclosure of OAuth client credentials via an HTTP API endpoint…

RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, the obsolete GET /api/auth endpoint can disclose the OAuth 2 client secret on RabbitMQ installations configu…

| Information Disclosure
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
0.0 NA
CVE-2026-57218 — RabbitMQ: AMQP 0-9-1 in combination with OAuth 2: consumer persistence can lead to post-r…

RabbitMQ is a messaging and streaming broker. Prior to 4.2.6, RabbitMQ AMQP 0-9-1 allows an existing consumer to keep receiving messages after OAuth token expiry or connection.update_secret refresh t…

| Authentication
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
0.0 NA
CVE-2026-57216 — RabbitMQ: AMQP 1.0, AMQP 0-9-1, Stream Protocol loopback enforcement can lead to remote g…

RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, AMQP 0-9-1, AMQP 1.0, and Stream Protocol authentication can allow a loopback-restricted user such as guest …

| Authentication
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
0.0 NA
CVE-2026-57220 — RabbitMQ: Stream listener does not enforce configured frame-size limit during authenticat…

RabbitMQ is a messaging and streaming broker. Prior to 4.2.6, the RabbitMQ stream listener does not enforce the configured stream frame-size limit while assembling frames during authentication and be…

| Denial of Service
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
0.0 NA
CVE-2026-57214 — RabbitMQ: Stored XSS in RabbitMQ management UI

RabbitMQ is a messaging and streaming broker. Prior to 4.2.5, the RabbitMQ management UI renders the x-internal-purpose queue or exchange argument into an HTML title attribute without proper escaping…

| Cross-Site Scripting
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
8.7 HIGH
CVE-2026-57850 — RustDesk before 1.4.9 Missing Session Scope Enforcement Allows Out-of-Scope Control Messa…

RustDesk before 1.4.9 does not enforce a session's authorized connection scope on the server side, so a peer granted a limited session type (FileTransfer, PortForward, ViewCamera, or Terminal) can se…

Remote | Authorization
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
5.1 MEDIUM
CVE-2026-57158 — FreeRDP planar_decompress_plane_rle_only: heap OOB read — incomplete fix for CVE-2026-235…

FreeRDP is a free implementation of the Remote Desktop Protocol. From 3.21.0 before 3.28.0, FreeRDP clients using the GFX pipeline contain an incomplete fix for CVE-2026-23530 in planar_decompress_pl…

Remote | Memory Corruption
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
6.5 MEDIUM
CVE-2026-57157 — Out-of-bounds read in the camera device enumerator server (rdpecam) via unterminated Devi…

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.28.0, FreeRDP server implementations with the MS-RDPECAM camera device enumerator channel enabled scan attacker-supplied De…

Remote | Memory Corruption
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
8.6 HIGH
CVE-2026-57156 — FreeRDP: Integer overflow leading to heap buffer overflow in Orders Delta Points parsing

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.28.0 on 32-bit builds, FreeRDP clients contain an integer overflow in update_read_delta_points in libfreerdp/core/orders.c …

Remote | Memory Corruption
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
7.5 HIGH
CVE-2026-55827 — FreeRDP: Heap out-of-bounds write in RemoteFX (RFX) Cache Bitmap V3 decode

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.27.1, FreeRDP clients launched with the non-default /cache:codec:rfx option pass desktop stride and height to RemoteFX deco…

Remote | Memory Corruption
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
8.5 HIGH
CVE-2026-55789 — Logto: SAML IdP injects user-controlled profile attributes raw into signed assertions, al…

Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, Logto's self-hosted SAML application IdP built the signed SAML response and assertion by string-substitutin…

Remote | Injection
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
5.0 MEDIUM
CVE-2026-55515 — Snipe-IT: Cross-company deletion of pending checkout acceptances via unscoped report endp…

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the unaccepted-assets report delete endpoint authorizes only reports.view and deletes CheckoutAcceptance::pending()->find($acceptanc…

Remote | Authorization
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
Showing 20 of 7411 Results