Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
0.0 NA
CVE-2026-54407 — UniFi Protect Application Improper Access Control

A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Protect Application to bypass authentication in certain UniFi Protect Application AP…

| Authorization
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
0.0 NA
CVE-2026-12168 — CVE-2026-12168

An improper validation vulnerability for driver `GFAC_Sys_x64.sys` in Little Orbit GFAC allows a local attacker to escalate privileges to SYSTEM and execute arbitrary code in kernel mode via crafted …

| Misconfiguration
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
0.0 NA
CVE-2026-12166 — CVE-2026-12166

A NULL pointer dereference vulnerability for driver `GFAC_Sys_x64.sys` in Little Orbit GFAC allows a local attacker to cause a denial of service via crafted requests that trigger a system crash.

| Memory Corruption
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
0.0 NA
CVE-2026-12167 — CVE-2026-12167

The Minifilter communication port for driver `GFAC_Sys_x64.sys` in Little Orbit GFAC allows a local attacker to access privileged driver functionality via a communication interface that lacks appropr…

| Authorization
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
8.7 HIGH
CVE-2026-8079 — Unintended limited set of actions with elevated privileges may be performed during PDF ge…

In Progress Flowmon versions prior to 12.5.9 and 13.0.10, a vulnerability exists whereby an authenticated low-privileged user may craft a request during the PDF generation process that results in ope…

flowmon | Remote | Authorization
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
8.7 HIGH
CVE-2026-9272 — Possibility of unintended database operations when querying data related to detected anom…

In Progress Flowmon ADS versions prior to 12.5.6 and 13.0.5, a vulnerability exists whereby an adversary who is authenticated as a low-privileged user in the Anomaly Detection System (ADS) may send s…

Remote | Authorization
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
0.0 NA
CVE-2026-53358 — Bluetooth: L2CAP: use chan timer to close channels in cleanup_listen()

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: use chan timer to close channels in cleanup_listen() l2cap_chan_close() removes the channel from conn->chan_l, …

| Race Condition
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
0.0 NA
CVE-2026-53357 — Bluetooth: fix UAF in l2cap_sock_cleanup_listen() vs l2cap_conn_del()

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix UAF in l2cap_sock_cleanup_listen() vs l2cap_conn_del() bt_accept_dequeue() unlinks a not-yet-accepted child from t…

| Memory Corruption
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
9.8 CRITICAL
CVE-2026-4767 — Improper Access Control in TR7's WAF-ASP

Missing authentication for critical function vulnerability in TR7 Cyber ​​Defense Inc. WAF-ASP allows Authentication Abuse. This issue affects WAF-ASP: from v1.0.324.900 before v1.4.0.117.

Remote | Authentication
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
5.4 MEDIUM
CVE-2026-4772 — Stored XSS in TR7's WAF-ASP

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in TR7 Cyber ​​Defense Inc. WAF-ASP allows Stored XSS. This issue affects WAF-ASP: from v1.0.324.90…

Remote | Cross-Site Scripting
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
4.6 MEDIUM
CVE-2026-4770 — DOM-Based XSS in TR7's WAF-ASP

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in TR7 Cyber ​​Defense Inc. Web Application Firewall allows DOM-Based XSS. This issue affects Web A…

Remote | Cross-Site Scripting
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
9.8 CRITICAL
CVE-2026-5524 — Divi Form Builder <= 5.1.8 - Unauthenticated Arbitrary File Upload Leading to Remote Code…

The Divi Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload leading to Remote Code Execution in all versions up to and including 5.1.8. This is due to insufficient file extensio…

Remote | Authentication
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
5.3 MEDIUM
CVE-2026-58653 — PraisonAI - Authorization Bypass via Unvalidated project_id in Issue Create/Update

PraisonAI before 0.1.7 fails to validate that project_id in issue create and update request bodies belongs to the URL workspace. An attacker can create issues referencing projects from other workspac…

Remote | Authorization
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
7.7 HIGH
CVE-2026-58652 — luci-app-travelmate - Arbitrary Command Execution via UCI Script Parameter

luci-app-travelmate (and the travelmate package) contain a privilege-escalation flaw: a LuCI/rpcd session holding the luci-app-travelmate write ACL is granted config-wide UCI write access to the trav…

Remote | Authorization
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
6.4 MEDIUM
CVE-2026-14449 — POST-based reflected XSS via the thanks parameter in form components

u5CMS through v12.8.8 is vulnerable to reflected XSS via the ‘thanks’ parameter in multiple form components

Remote | Cross-Site Scripting
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
5.3 MEDIUM
CVE-2026-57760 — WordPress Sendcloud Shipping plugin <= 1.0.29 - Broken Access Control vulnerability

Missing Authorization vulnerability in Sendcloud Sendcloud Shipping allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sendcloud Shipping: from n/a through 1…

Remote | Authorization
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
7.1 HIGH
CVE-2026-57678 — WordPress Slider Revolution plugin 7.0.0-7.0.16 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemePunch Slider Revolution allows Reflected XSS. This issue affects Slider Revolution: from 7.…

slider_revolution | Remote | Cross-Site Scripting
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
8.8 HIGH
CVE-2026-56037 — WordPress Themify Popup plugin <= 1.4.3 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Themify Themify Popup allows Object Injection. This issue affects Themify Popup: from n/a through 1.4.3.

Remote | Injection
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
8.8 HIGH
CVE-2026-57766 — WordPress WPIDE – File Manager & Code Editor plugin <= 3.5.6 - Cross Site Request Forgery…

Unauthenticated Cross Site Request Forgery (CSRF) in WPIDE – File Manager & Code Editor <= 3.5.6 versions.

Remote | Cross-Site Request Forgery
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
8.5 HIGH
CVE-2026-57765 — WordPress WP EasyCart plugin <= 5.9.0 - SQL Injection vulnerability

Contributor SQL Injection in WP EasyCart <= 5.9.0 versions.

Remote | Injection
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Showing 20 of 8011 Results