Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2025-36094

    IBM Cloud Pak for Business Automation 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 007 could allow an authenticated user to cause a denial of service or corrupt existing data due to th... Read more

    Affected Products : cloud_pak_for_business_automation
    • Published: Feb. 03, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Denial of Service

  • 5.4

    MEDIUM
    CVE-2025-47500

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Benjamin Intal Stackable stackable-ultimate-gutenberg-blocks allows Stored XSS.This issue affects Stackable: from n/a through <= 3.19.5.... Read more

    Affected Products : stackable
    • Published: Jan. 22, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2026-22398

    Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Fleur fleur allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fleur: from n/a through <= 2.0.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-36409

    IBM ApplinX 11.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a truste... Read more

    Affected Products : applinx
    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-49336

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pondol Pondol BBS pondol-bbs allows Stored XSS.This issue affects Pondol BBS: from n/a through <= 1.1.8.4.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2026-24551

    Missing Authorization vulnerability in monetagwp Monetag Official Plugin monetag-official allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Monetag Official Plugin: from n/a through <= 1.1.3.... Read more

    Affected Products :
    • Published: Jan. 23, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2026-24559

    Insertion of Sensitive Information Into Sent Data vulnerability in CRM Perks Integration for Contact Form 7 HubSpot cf7-hubspot allows Retrieve Embedded Sensitive Data.This issue affects Integration for Contact Form 7 HubSpot: from n/a through <= 1.4.3.... Read more

    • Published: Jan. 23, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Information Disclosure

  • 5.4

    MEDIUM
    CVE-2026-22483

    Cross-Site Request Forgery (CSRF) vulnerability in winkm89 teachPress teachpress allows Cross Site Request Forgery.This issue affects teachPress: from n/a through <= 9.0.12.... Read more

    Affected Products : teachpress
    • Published: Jan. 22, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 5.4

    MEDIUM
    CVE-2026-23568

    An out-of-bounds read vulnerability in the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an attacker on the adjacent network to cause information disclosure or denial-of-ser... Read more

    Affected Products : digital_employee_experience
    • Published: Jan. 29, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Information Disclosure

  • 5.4

    MEDIUM
    CVE-2025-15043

    The The Events Calendar plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'start_migration', 'cancel_migration', and 'revert_migration' functions in all versions up to, and including, 6.15.13. This makes it... Read more

    Affected Products :
    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2026-22382

    Cross-Site Request Forgery (CSRF) vulnerability in Mikado-Themes PawFriends - Pet Shop and Veterinary WordPress Theme pawfriends allows Cross Site Request Forgery.This issue affects PawFriends - Pet Shop and Veterinary WordPress Theme: from n/a through <=... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 5.4

    MEDIUM
    CVE-2026-24986

    Cross-Site Request Forgery (CSRF) vulnerability in wp.insider Simple Membership WP user Import simple-membership-wp-user-import allows Cross Site Request Forgery.This issue affects Simple Membership WP user Import: from n/a through <= 1.9.1.... Read more

    Affected Products :
    • Published: Feb. 03, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 5.4

    MEDIUM
    CVE-2026-1147

    A vulnerability was found in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. This affects an unknown part of the file /php/api_patient_schedule.php. Performing a manipulation of the argument Reason results in cross site scr... Read more

    • Published: Jan. 19, 2026
    • Modified: Jan. 30, 2026
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2026-1447

    The Mail Mint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.19.2. This is due to missing nonce validation on the create_or_update_note function. This makes it possible for unauthenticated attacker... Read more

    Affected Products :
    • Published: Feb. 03, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 5.4

    MEDIUM
    CVE-2025-69207

    Khoj is a self-hostable artificial intelligence app. Prior to 2.0.0-beta.23, an IDOR in the Notion OAuth callback allows an attacker to hijack any user's Notion integration by manipulating the state parameter. The callback endpoint accepts any user UUID w... Read more

    Affected Products : khoj
    • Published: Feb. 02, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2026-22406

    Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Overton overton allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Overton: from n/a through <= 1.3.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-69300

    Missing Authorization vulnerability in Leap13 Premium Addons for Elementor premium-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Premium Addons for Elementor: from n/a through <= 4.11.63.... Read more

    Affected Products : premium_addons_for_elementor
    • Published: Jan. 22, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-66139

    Missing Authorization vulnerability in merkulove Audier For Elementor audier-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Audier For Elementor: from n/a through <= 1.0.9.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2026-22409

    Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Justicia justicia allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Justicia: from n/a through <= 1.2.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2026-22358

    Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft Electrician - Electrical Service WordPress electrician allows Server Side Request Forgery.This issue affects Electrician - Electrical Service WordPress: from n/a through <= 5.6.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Server-Side Request Forgery
Showing 20 of 4735 Results