Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
7.5 HIGH
CVE-2026-7459 — Simple History – Track, Log, and Audit WordPress Changes <= 5.26.0 - Authenticated (Subsc…

The Simple History – Track, Log, and Audit WordPress Changes plugin for WordPress is vulnerable to authenticated (Subscriber+) account takeover in all versions up to, and including, 5.26.0 via the ev…

Remote | Authentication
May 30, 2026 May 30, 2026
May 30, 2026
May 30, 2026
4.3 MEDIUM
CVE-2026-10113 — Open5GS Shared NF-profile nnrf-handler.c denial of service

A vulnerability was found in Open5GS up to 2.7.7. Affected by this vulnerability is an unknown functionality in the library lib/sbi/nnrf-handler.c of the component Shared NF-profile Parser. The manip…

open5gs | Remote | Denial of Service
May 30, 2026 May 30, 2026
May 30, 2026
May 30, 2026
6.1 MEDIUM
CVE-2026-5071 — can: Local Denial of Service via SocketCAN Send

The SocketCAN implementation validates the length of a user-provided buffer containing a socketcan_frame object using only a NET_ASSERT statement in zcan_sendto_ctx() before dereferencing it in socke…

zephyr | Memory Corruption
May 30, 2026 May 30, 2026
May 30, 2026
May 30, 2026
3.3 LOW
CVE-2026-10112 — sambitraj STUDENT-MANAGEMENT-SYSTEM Dashboard cross site scripting

A vulnerability has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM 1.0. Affected is an unknown function of the component Dashboard Page. The manipulation of the argument Name leads to cross site s…

student-management-system | Remote | Cross-Site Scripting
May 30, 2026 May 30, 2026
May 30, 2026
May 30, 2026
7.5 HIGH
CVE-2026-10111 — sambitraj STUDENT-MANAGEMENT-SYSTEM Login Page sql injection

A flaw has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM 1.0. This impacts an unknown function of the component Login Page. Executing a manipulation of the argument email can lead to sql injectio…

student-management-system | Remote | Injection
May 30, 2026 May 30, 2026
May 30, 2026
May 30, 2026
7.5 HIGH
CVE-2026-10110 — code-projects Student Details Management System index.php sql injection

A vulnerability was detected in code-projects Student Details Management System 1.0. This affects an unknown function of the file /index.php. Performing a manipulation of the argument roll results in…

student_details_management_system | Remote | Injection
May 30, 2026 May 30, 2026
May 30, 2026
May 30, 2026
5.3 MEDIUM
CVE-2026-48840 — Exim Uninitialized Stack Memory Disclosure Vulnerability

Exim 4.88 before 4.99.4, in some proxy configurations, mishandles certain short payloads, leading to disclosure of uninitialized stack memory values to a client.

exim | Remote | Information Disclosure
May 30, 2026 May 30, 2026
May 30, 2026
May 30, 2026
6.3 MEDIUM
CVE-2026-9831 — ExtremeCloud IQ Cross Tenant Data Exposure via Extreme Platform One Authentication Race C…

A race condition in the shared Extreme Platform ONE IAM Gateway API-key authentication path could, under specific high-concurrency traffic conditions, intermittently allow requests authenticated with…

Remote | Race Condition
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
2.0 LOW
CVE-2026-4387 — Unencrypted storage of authentication state in StrongDM Desktop Application state.kv file

StrongDM Desktop Application before 23.74.0 (Desktop Client before 53.77.0) on Microsoft Windows stores authentication state, including a JSON Web Token and asymmetric key material, in cleartext in a…

| Information Disclosure
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
4.3 MEDIUM
CVE-2026-48811 — FreeScout: Thread Deletion Bypasses Mailbox Access Revocation

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.221, FreeScout allows a non-admin user to permanently delete an internal note (private thread) from any…

freescout | Remote | Authorization
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
4.3 MEDIUM
CVE-2026-48810 — FreeScout: Thread Edit Authorization Bypass via Missing Mailbox Check

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.221, while investigating the ThreadPolicy::delete issue reported previously, the same missing mailbox m…

freescout | Remote | Authorization
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
8.8 HIGH
CVE-2026-48557 — Spatie Laravel Media Library < 11.23.0 File Upload Restriction Bypass via FileAdder.php

Spatie Laravel Media Library before version 11.23.0 contains a file upload restriction bypass in FileAdder::defaultSanitizer(). The sanitizer checks only the final filename suffix, allowing double-ex…

Remote | Misconfiguration
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
7.4 HIGH
CVE-2026-48555 — Spatie Laravel Media Library < 11.23.0 SSRF via addMediaFromUrl()

Spatie Laravel Media Library before version 11.23.0 contains a server-side request forgery vulnerability that allows remote attackers to cause the server to issue arbitrary outbound HTTP requests by …

Remote | Server-Side Request Forgery
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
8.7 HIGH
CVE-2026-47266 — Formie: Unauthenticated front-end submission editing can overwrite existing submissions

Formie is a Craft CMS plugin for creating forms. Prior to 2.2.21 and 3.1.26, unauthenticated users could modify existing submissions by posting a known or guessed submission ID to formie/submissions/…

formie | Remote | Authorization
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
7.5 HIGH
CVE-2026-47123 — FreeScout: Agent Impersonation via Missing HMAC Verification on Notification Reply Messag…

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.220, the email processing pipeline in FreeScout's FetchEmails command has two code paths for identifyin…

freescout | Remote | Authentication
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
0.0 NA
CVE-2026-46599 — Excessive resource consumption in PackBits decompression in golang.org/x/image/tiff

The TIFF decoder does not place a limit on the size of PackBits-compressed data. A maliciously-crafted image can exploit this to cause a small image (both in terms of pixel width/height and encoded s…

tiff | Denial of Service
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
8.7 HIGH
CVE-2026-46527 — cpp-httplib: Malicious `X-Forwarded-For` Under Trusted-Proxy Configuration Triggers Empty…

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, When the server has called Server::set_trusted_proxies() with a non-empty trusted-proxy list, an att…

cpp-httplib | Remote | Denial of Service
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
8.7 HIGH
CVE-2026-46385 — iskorotkov/avro: CPU Exhaustion in Avro Decoder

iskorotkov/avro is a fast Go Avro codec. Prior to 2.33.0, the Avro array and map decoders looped over an attacker-controlled block-count value without checking the underlying reader's error state ins…

Remote | Denial of Service
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
8.7 HIGH
CVE-2026-46384 — iskorotkov/avro: Integer Overflow in Avro Decoder

iskorotkov/avro is a fast Go Avro codec. Prior to 2.33.0, several Avro decoder paths read attacker-controlled 64-bit values from the wire format and either narrowed them to platform-sized int before …

Remote | Memory Corruption
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
7.7 HIGH
CVE-2026-45700 — Heap-buffer-overflow write in planar bitmap decoder

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, FreeRDP's planar bitmap decoder has an out-of-bounds heap write when decoding RLE planar data. In libfreerdp/codec/pl…

freerdp | Remote | Memory Corruption
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
Showing 20 of 6923 Results