Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
8.6 HIGH
CVE-2026-29128 — IDC SFX2100 Satellite Receiver bgpd/ospfd/ripd/zebra Config Credential Disclosure via Wor…

IDC SFX2100 Satellite Receiver firmware ships with multiple daemon configuration files for routing components (e.g., zebra, bgpd, ospfd, and ripd) that are owned by root but world-readable. The confi…

| Information Disclosure
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
7.6 HIGH
CVE-2026-29053 — Ghost Vulnerable to Remote Code Execution via Malicious Themes

Ghost is a Node.js content management system. From version 0.7.2 to 6.19.0, specifically crafted malicious themes can execute arbitrary code on the server running Ghost. This issue has been patched i…

ghost | Remote | Supply Chain
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
6.9 MEDIUM
CVE-2026-29052 — HumHub Calendar Module: Stored XSS in Event Types

The Calendar module for HumHub enables users to create one-time or recurring events, manage attendee invitations, and efficiently track all scheduled activities. Prior to version 1.8.11, a Stored Cro…

Remote | Cross-Site Scripting
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
7.1 HIGH
CVE-2026-28137 — WordPress MediCenter - Health Medical Clinic WordPress Theme theme <= 14.9 - Reflected Cr…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuanticaLabs MediCenter - Health Medical Clinic medicenter allows Reflected XSS.This issue affect…

Remote | Cross-Site Scripting
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
0.0 NA
CVE-2026-28135 — WordPress Royal Elementor Addons plugin <= 1.7.1049 - Other Vulnerability Type vulnerabil…

Inclusion of Functionality from Untrusted Control Sphere vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows Accessing Functionality Not Properly Constrained by ACLs.This i…

royal_elementor_addons | Authorization
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
8.5 HIGH
CVE-2026-28134 — WordPress JetEngine plugin <= 3.7.2 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code ('Code Injection') vulnerability in Crocoblock JetEngine jet-engine allows Remote Code Inclusion.This issue affects JetEngine: from n/a through <= 3.7.2.

jetengine | Remote | Injection
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
0.0 NA
CVE-2026-28133 — WordPress Filr plugin <= 1.2.12 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in WP Chill Filr filr-protection allows Upload a Web Shell to a Web Server.This issue affects Filr: from n/a through <= 1.2.12.

filr | Misconfiguration
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
7.1 HIGH
CVE-2026-28130 — WordPress UDesign theme <= 4.14.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AndonDesign UDesign u-design allows Reflected XSS.This issue affects UDesign: from n/a through <=…

Remote | Cross-Site Scripting
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
8.1 HIGH
CVE-2026-28129 — WordPress Little Birdies theme <= 1.3.16 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Little Birdies little-birdies allows PHP Local File Inclusion.This…

Remote | Path Traversal
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
8.1 HIGH
CVE-2026-28128 — WordPress Verse theme <= 1.7.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Verse verse allows PHP Local File Inclusion.This issue affects Verse:…

Remote | Path Traversal
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
7.1 HIGH
CVE-2026-28127 — WordPress Lawyer Directory plugin <= 1.3.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e-plugins Lawyer Directory lawyer-directory allows Reflected XSS.This issue affects Lawyer Direct…

lawyer_directory | Remote | Cross-Site Scripting
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
7.1 HIGH
CVE-2026-28126 — WordPress RH Frontend Publishing Pro plugin <= 4.3.2 - Reflected Cross Site Scripting (XS…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sizam RH Frontend Publishing Pro rh-frontend allows Reflected XSS.This issue affects RH Frontend …

Remote | Cross-Site Scripting
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
8.1 HIGH
CVE-2026-28125 — WordPress Midi theme <= 1.14 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Midi midi allows PHP Local File Inclusion.This issue affects Midi…

Remote | Path Traversal
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
8.1 HIGH
CVE-2026-28124 — WordPress Notarius theme <= 1.9 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Notarius notarius allows PHP Local File Inclusion.This issue affe…

Remote | Path Traversal
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
8.1 HIGH
CVE-2026-28123 — WordPress Veil theme <= 1.9 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Veil veil allows PHP Local File Inclusion.This issue affects Veil…

Remote | Injection
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
7.1 HIGH
CVE-2026-28122 — WordPress ListingPro plugin <= 2.9.8 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CridioStudio ListingPro listingpro-plugin allows Reflected XSS.This issue affects ListingPro: fro…

listingpro | Remote | Cross-Site Scripting
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
8.1 HIGH
CVE-2026-28121 — WordPress Anderson theme <= 1.4.2 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Anderson andersonclinic allows PHP Local File Inclusion.This issu…

Remote | Path Traversal
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
8.1 HIGH
CVE-2026-28120 — WordPress Dr.Patterson theme <= 1.3.2 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Dr.Patterson dr-patterson allows PHP Local File Inclusion.This issue …

Remote | Injection
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
8.1 HIGH
CVE-2026-28119 — WordPress Nirvana theme <= 2.6 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Nirvana nirvana allows PHP Local File Inclusion.This issue affects…

Remote | Path Traversal
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
8.1 HIGH
CVE-2026-28118 — WordPress Welldone theme <= 2.4 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Welldone welldone allows PHP Local File Inclusion.This issue affec…

Remote | Path Traversal
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
Showing 20 of 5090 Results