Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
9.8 CRITICAL
CVE-2026-12073 — ProfileGrid - User Profiles, Groups and Communities <= 5.9.9.5 - Unauthenticated Privileg…

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.9.9.5. This is due to t…

profilegrid | Remote | Authentication
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
6.5 MEDIUM
CVE-2026-11367 — PixMagix <= 1.7.2 - Authenticated (Author+) Path Traversal in 'layers[].id' Parameter

The PixMagix – WordPress Image Editor plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.7.2 via the move_image_on_server function. This makes it possib…

Remote | Path Traversal
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
5.9 MEDIUM
CVE-2026-14160 — Samsung Escargot TOCTOU Race Condition

Time-of-check time-of-use (TOCTOU) race condition vulnerability in Samsung Open Source Escargot allows Leveraging Race Conditions. This issue affects Escargot: bab3a5797557014ce3c2e28419a6310cfba90d…

escargot | Race Condition
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
4.4 MEDIUM
CVE-2026-12114 — Team Members <= 8.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'cus…

The Team Members – Multi Language Supported Team Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 8.7 due to insuffici…

Remote | Cross-Site Scripting
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
8.4 HIGH
CVE-2026-58302 — LinuxCNC rtapi_app Privilege Escalation

rtapi_app in linuxcnc-uspace in LinuxCNC before 2.9.9 allows privilege escalation. It is installed SUID root and loads shared library modules via dlopen() by using a user-supplied module name. Insuff…

| Path Traversal
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
7.5 HIGH
CVE-2026-12243 — Path Traversal via Percent-Encoding in nltk.data.find() and nltk.data.load()

NLTK version 3.9.4 is vulnerable to a path traversal attack due to an incomplete fix for GitHub Issue #3504. The `_UNSAFE_NO_PROTOCOL_RE` regex in `nltk/data.py` checks for literal `../` sequences bu…

nltk | Remote | Path Traversal
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
7.5 HIGH
CVE-2026-52196 — UTT nv518G Buffer Overflow

Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_416f28 component

Remote | Memory Corruption
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
9.8 CRITICAL
CVE-2026-37106 — DokuWiki Remote Code Execution via register Function

An issue in DokuWiki 2025-05-14b "Librarian" 56.2 allows a remote attacker to execute arbitrary code via the register function in inc/auth.php

Remote | Authentication
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
7.5 HIGH
CVE-2026-52197 — UTT nv518G Denial of Service

An issue in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_44af70 component

Remote | Denial of Service
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
7.5 HIGH
CVE-2026-52195 — UTT nv518G Buffer Overflow Denial of Service

Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_472f08 component

Remote | Memory Corruption
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
7.5 HIGH
CVE-2026-52193 — UTT nv518G Buffer Overflow Denial of Service

Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_447CAC component

Remote | Memory Corruption
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
7.5 HIGH
CVE-2026-52198 — UTT nv518G Buffer Overflow

Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_425994 component

Remote | Memory Corruption
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
7.5 HIGH
CVE-2026-8023 — Path traversal in Zephyr HTTP server static-filesystem resource handler allows unauthenti…

Zephyr's HTTP server (subsys/net/lib/http) provides a static-filesystem resource type (HTTP_RESOURCE_TYPE_STATIC_FS, available when CONFIG_FILE_SYSTEM is enabled) that serves files from a configured …

zephyr zephyr | Path Traversal
Jun 29, 2026 Jun 30, 2026
Jun 29, 2026
Jun 30, 2026
8.1 HIGH
CVE-2026-7656 — Broken IPv6 Neighbor Discovery input validation allows spoofed RA/NS/NA acceptance in Zep…

The IPv6 Neighbor Discovery handlers in subsys/net/ip/ipv6_nbr.c (handle_ra_input, handle_ns_input, handle_na_input) used an incorrect boolean expression that combined the RFC 4861 validity checks wi…

zephyr zephyr | Misconfiguration
Jun 29, 2026 Jun 30, 2026
Jun 29, 2026
Jun 30, 2026
6.5 MEDIUM
CVE-2026-51219 — lib60870 Heap Buffer Overflow

A heap buffer overflow in the HighPriorityASDUQueue_hasUnconfirmedIMessages function of lib60870 v2.3.3 to v2.3.6 allows attackers to cause a Denial of Service (DoS) via a crafted payload.

Remote | Memory Corruption
Jun 29, 2026 Jun 30, 2026
Jun 29, 2026
Jun 30, 2026
6.5 MEDIUM
CVE-2026-51218 — Snap7 Heap Buffer Overflow

A heap buffer overflow in the TS7Worker::PerformFunctionWrite() function (/core/s7_server.cpp) of snap7 v1.4.3 allows attackers to cause a Denial of Service (DoS) via a crafted packet.

Remote | Memory Corruption
Jun 29, 2026 Jun 30, 2026
Jun 29, 2026
Jun 30, 2026
6.2 MEDIUM
CVE-2026-10648 — NULL-pointer dereference in MCUmgr serial/console SMP transport on buffer-pool exhaustion

mcumgr_serial_process_frag() in subsys/mgmt/mcumgr/transport/src/serial_util.c calls net_buf_reset() on the result of smp_packet_alloc() before checking it for NULL. smp_packet_alloc() uses net_buf_a…

zephyr zephyr | Denial of Service
Jun 29, 2026 Jul 01, 2026
Jun 29, 2026
Jul 01, 2026
6.3 MEDIUM
CVE-2026-57997 — Strapi users-permissions - JWT Algorithm Confusion via Missing Algorithm Configuration

Strapi users-permissions plugin fails to restrict JWT algorithms when plugin::users-permissions.jwt.algorithm is not explicitly configured, allowing acceptance of HS384 and HS512 tokens alongside HS2…

strapi | Remote | Authentication
Jun 29, 2026 Jul 01, 2026
Jun 29, 2026
Jul 01, 2026
7.5 HIGH
CVE-2026-51221 — EIPStackGroup OpENer: Buffer Overflow Denial of Service

A buffer overflow in the Get_Attribute_List function of EIPStackGroup OpENer commit 76b95c allows attackers to cause a Denial of Service (DoS) via supplying a crafted Common Packet Format (CPF) packe…

Remote | Memory Corruption
Jun 29, 2026 Jun 30, 2026
Jun 29, 2026
Jun 30, 2026
7.7 HIGH
CVE-2026-34592 — Coolify: Cross-Team IDOR via Unscoped Server and Project Lookups Exposes SSH Keys and Inf…

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, Coolify server and project lookups are not scoped to the current team, all…

coolify coolify | Remote | Authorization
Jun 29, 2026 Jun 30, 2026
Jun 29, 2026
Jun 30, 2026
Showing 20 of 7989 Results