Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
7.5 HIGH
CVE-2026-7417 — Algovate xhs-mcp MCP mcp.server.ts xhs_publish_content server-side request forgery

A vulnerability was found in Algovate xhs-mcp 0.8.11. This affects the function xhs_publish_content of the file src/server/mcp.server.ts of the component MCP Interface. Performing a manipulation of t…

Remote | Server-Side Request Forgery
Apr 29, 2026 Apr 30, 2026
Apr 29, 2026
Apr 30, 2026
7.5 HIGH
CVE-2026-7416 — PolarVista xcode-mcp-server MCP index.ts run_tests os command injection

A vulnerability was found in PolarVista xcode-mcp-server 1.0.0. This issue affects the function build_project/run_tests of the file src/index.ts of the component MCP Interface. The manipulation of th…

Remote | Injection
Apr 29, 2026 Apr 30, 2026
Apr 29, 2026
Apr 30, 2026
6.5 MEDIUM
CVE-2026-7410 — SourceCodester Pizzafy Ecommerce System ajax.php add_to_cart sql injection

A vulnerability has been found in SourceCodester Pizzafy Ecommerce System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=add_to_cart. The manipulation of the argument…

Remote | Injection
Apr 29, 2026 Apr 30, 2026
Apr 29, 2026
Apr 30, 2026
5.8 MEDIUM
CVE-2026-7409 — SourceCodester Pizzafy Ecommerce System ajax.php save_user sql injection

A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function save_user of the file /admin/ajax.php?action=save_user. Executing a manipulation can lead to sql inject…

Remote | Injection
Apr 29, 2026 Apr 30, 2026
Apr 29, 2026
Apr 30, 2026
Showing 20 of 7024 Results