Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2025-15525

    The Ajax Load More – Infinite Scroll, Load More, & Lazy Load plugin for WordPress is vulnerable to unauthorized access of data due to incorrect authorization on the parse_custom_args() function in all versions up to, and including, 7.8.1. This makes it po... Read more

    Affected Products :
    • Published: Jan. 31, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2026-24967

    Missing Authorization vulnerability in ameliabooking Amelia ameliabooking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Amelia: from n/a through <= 1.2.38.... Read more

    Affected Products : amelia
    • Published: Feb. 03, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-14357

    The Mega Store Woocommerce theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the setup_widgets() function in core/includes/importer/whizzie.php in all versions up to, and including, 5.9. This makes... Read more

    Affected Products :
    • Published: Feb. 19, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2026-25010

    Missing Authorization vulnerability in ILLID Share This Image share-this-image allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Share This Image: from n/a through <= 2.09.... Read more

    Affected Products :
    • Published: Feb. 03, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2026-25012

    Missing Authorization vulnerability in gfazioli WP Bannerize Pro wp-bannerize-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Bannerize Pro: from n/a through <= 1.11.0.... Read more

    Affected Products : wp_bannerize_pro
    • Published: Feb. 03, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2026-25527

    changedetection.io is a free open source web page change detection tool. In versions prior to 0.53.2, the `/static/<group>/<filename>` route accepts `group=".."`, which causes `send_from_directory("static/..", filename)` to execute. This moves the base di... Read more

    Affected Products : changedetection changedetection
    • Published: Feb. 19, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Path Traversal

  • 5.3

    MEDIUM
    CVE-2026-1389

    The Document Embedder – Embed PDFs, Word, Excel, and Other Files plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.4. This is due to the plugin not verifying that a user has permission to acce... Read more

    Affected Products :
    • Published: Jan. 28, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-14079

    The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.3.5. This is due to missing capability checks on the eh_crm_ticket_general function combined with a... Read more

    Affected Products : wsdesk
    • Published: Feb. 05, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2026-0944

    Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Group invite allows Forceful Browsing.This issue affects Group invite: from 0.0.0 before 2.3.9, from 3.0.0 before 3.0.4, from 4.0.0 before 4.0.4.... Read more

    Affected Products : group_invite
    • Published: Feb. 04, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2024-26479

    An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the Command execution function.... Read more

    Affected Products :
    • Published: Feb. 11, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2026-1733

    A vulnerability was identified in Zhong Bang CRMEB up to 5.6.3. This affects the function detail/tidyOrder of the file /api/store_integral/order/detail/:uni. The manipulation of the argument order_id leads to improper authorization. The attack can be init... Read more

    Affected Products : crmeb
    • Published: Feb. 01, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2026-24583

    Missing Authorization vulnerability in sumup SumUp Payment Gateway For WooCommerce sumup-payment-gateway-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SumUp Payment Gateway For WooCommerce: from... Read more

    Affected Products :
    • Published: Jan. 23, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2026-25766

    Echo is a Go web framework. In versions 5.0.0 through 5.0.2 on Windows, Echo’s `middleware.Static` using the default filesystem allows path traversal via backslashes, enabling unauthenticated remote file read outside the static root. In `middleware/static... Read more

    Affected Products : echo
    • Published: Feb. 19, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Path Traversal

  • 5.3

    MEDIUM
    CVE-2026-27017

    uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while still using it for the handshake. Versions 1.6.0 through 1.8.0 contain a fingerprint mismatch with Chrome when using GREASE ECH, related to cipher suite sel... Read more

    Affected Products : utls
    • Published: Feb. 20, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Cryptography

  • 5.3

    MEDIUM
    CVE-2026-26326

    OpenClaw is a personal AI assistant. Prior to version 2026.2.14, `skills.status` could disclose secrets to `operator.read` clients by returning raw resolved config values in `configChecks` for skill `requires.config` paths. Version 2026.2.14 stops includi... Read more

    Affected Products : openclaw
    • Published: Feb. 19, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2026-1658

    User Interface (UI) Misrepresentation of Critical Information vulnerability in OpenText™ Directory Services allows Cache Poisoning.  The vulnerability could be exploited by a bad actor to inject manipulated text into the OpenText application, potentially... Read more

    Affected Products :
    • Published: Feb. 19, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2026-27328

    Missing Authorization vulnerability in DevsBlink EduBlink edublink allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EduBlink: from n/a through <= 2.0.7.... Read more

    Affected Products :
    • Published: Feb. 19, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2026-0825

    The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the CSV export functionality in all versions up to, and including, 1.4.5. This makes it possible for u... Read more

    • Published: Jan. 28, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2026-21722

    Public dashboards with annotations enabled did not limit their annotation timerange to the locked timerange of the public dashboard. This means one could read the entire history of annotations visible on the specific dashboard, even those outside the lock... Read more

    Affected Products : grafana
    • Published: Feb. 12, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2026-25338

    Missing Authorization vulnerability in Ays Pro AI ChatBot with ChatGPT and Content Generator by AYS ays-chatgpt-assistant allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI ChatBot with ChatGPT and Content Genera... Read more

    Affected Products :
    • Published: Feb. 19, 2026
    • Modified: Feb. 19, 2026
    • Vuln Type: Authorization
Showing 20 of 4755 Results