Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
8.5 HIGH
CVE-2026-44468 — Incorrect Default Permissions in CODESYS Development System

The affected product creates a directory with insecure default permissions during administrative installation. This allows a low-privileged local attacker to modify a temporary file defining the comp…

| Misconfiguration
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
5.3 MEDIUM
CVE-2026-39655 — WordPress Mayosis Core plugin <= 5.4.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in TeconceTheme Mayosis Core allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Mayosis Core: from n/a through 5.4.7.

Remote | Authorization
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
6.5 MEDIUM
CVE-2026-9534 — Totolink CA750-PoE Setting cstecgi.cgi setWiFiWpsConfig os command injection

A flaw has been found in Totolink CA750-PoE 6.2c.510. This affects the function setWiFiWpsConfig of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Executing a manipulation of the arg…

Remote | Injection
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
6.5 MEDIUM
CVE-2026-9533 — Totolink CA750-PoE Setting cstecgi.cgi recvUpgradeNewFw os command injection

A vulnerability was detected in Totolink CA750-PoE 6.2c.510. The impacted element is the function recvUpgradeNewFw of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Performing a mani…

Remote | Injection
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
6.5 MEDIUM
CVE-2026-9532 — Totolink CA750-PoE Setting cstecgi.cgi setUploadUserData os command injection

A security vulnerability has been detected in Totolink CA750-PoE 6.2c.510. The affected element is the function setUploadUserData of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Su…

Remote | Injection
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
7.7 HIGH
CVE-2026-9496 — Pacote Denial of Service (DoS) Vulnerability

Versions of the package pacote from 11.2.7 are vulnerable to Denial of Service (DoS) via the addGitSha function. An attacker can exploit this vulnerability by supplying a specially crafted spec.rawSp…

Remote | Denial of Service
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
7.3 HIGH
CVE-2026-9495 — Koa Router Access Control Bypass Vulnerability

Versions of the package @koa/router from 14.0.0 and before 15.0.0 are vulnerable to Access Control Bypass due to the middleware being silently dropped from the execution chain when the router prefix …

Remote | Authorization
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
4.6 MEDIUM
CVE-2026-3314 — Missing Password Masking in Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center …

Missing password field masking vulnerability in Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view, Hitachi Ops Center Analyzer probe modules), Hitachi Ops Center Analyzer viewpoint…

| Authentication
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
6.5 MEDIUM
CVE-2026-9531 — Totolink CA750-PoE Setting cstecgi.cgi setUpgradeUboot os command injection

A weakness has been identified in Totolink CA750-PoE 6.2c.510. Impacted is the function setUpgradeUboot of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. This manipulation of the arg…

Remote | Injection
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
3.3 LOW
CVE-2026-9530 — GNU LibreDWG Dwgbmp Utility decode.c read_2004_compressed_section out-of-bounds

A weakness has been identified in GNU LibreDWG up to 0.14. The impacted element is the function read_2004_compressed_section of the file src/decode.c of the component Dwgbmp Utility. Executing a mani…

| Memory Corruption
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
3.3 LOW
CVE-2026-9529 — GNU LibreDWG Dwggrep Utility dwggrep.c match_BLOCK_HEADER null pointer dereference

A security flaw has been discovered in GNU LibreDWG up to 0.14. The affected element is the function match_BLOCK_HEADER of the file dwggrep.c of the component Dwggrep Utility. Performing a manipulati…

| Memory Corruption
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
7.5 HIGH
CVE-2026-9528 — itsourcecode Electronic Judging System delete_judge.php sql injection

A vulnerability was identified in itsourcecode Electronic Judging System 1.0. Impacted is an unknown function of the file /admin/delete_judge.php. Such manipulation of the argument judge_id leads to …

Remote | Injection
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
5.0 MEDIUM
CVE-2026-9527 — itsourcecode Electronic Judging System judges.php cross site scripting

A vulnerability was determined in itsourcecode Electronic Judging System 1.0. This issue affects some unknown processing of the file /admin/judges.php. This manipulation of the argument fname causes …

Remote | Cross-Site Scripting
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
7.5 HIGH
CVE-2026-9526 — itsourcecode Electronic Judging System edit_team.php sql injection

A vulnerability was found in itsourcecode Electronic Judging System 1.0. This vulnerability affects unknown code of the file /admin/edit_team.php. The manipulation of the argument num_id results in s…

Remote | Injection
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
7.5 HIGH
CVE-2026-9525 — itsourcecode Electronic Judging System edit_judge.php sql injection

A vulnerability has been found in itsourcecode Electronic Judging System 1.0. This affects an unknown part of the file /admin/edit_judge.php. The manipulation of the argument judge_id leads to sql in…

Remote | Injection
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
6.5 MEDIUM
CVE-2026-9524 — xianrendzw EasyReport REST Endpoint execute sql injection

A flaw has been found in xianrendzw EasyReport up to 2.0.17.0522_Beta. Affected by this issue is the function execute of the component REST Endpoint. Executing a manipulation of the argument reportPa…

Remote | Injection
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
7.5 HIGH
CVE-2026-9523 — Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform getCalcme…

A vulnerability was detected in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 3000WEBV2. Affected by this vulnerability is an unknown functionality of the file /Subs…

Remote | Injection
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
0.0 NA
CVE-2026-9538 — Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlle…

Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header. _read_tar() reads each entry's payload with $handle->read($$data, $block), …

| Memory Corruption
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
7.5 HIGH
CVE-2026-9521 — fraillt bitsery std_smart_ptr.h loadFromSharedState improper validation of specified type…

A security vulnerability has been detected in fraillt bitsery up to 5.2.4. Affected is the function loadFromSharedState in the library include/bitsery/ext/std_smart_ptr.h. Such manipulation leads to …

Remote | Misconfiguration
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
5.0 MEDIUM
CVE-2026-9520 — blitz-js blitz Sign-in LoginForm.tsx cross site scripting

A weakness has been identified in blitz-js blitz up to 3.0.2 on GitHub. This impacts an unknown function of the file packages/generator/templates/app/src/app/auth/components/LoginForm.tsx of the comp…

Remote | Cross-Site Scripting
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
Showing 20 of 5899 Results