Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
8.1 HIGH
CVE-2025-15582 — detronetdip E-commerce Product Management Update authorization

A security flaw has been discovered in detronetdip E-commerce 1.0.0. The impacted element is the function Delete/Update of the component Product Management Module. Performing a manipulation of the ar…

e-commerce | Remote | Authorization
Feb 20, 2026 Feb 26, 2026
Feb 20, 2026
Feb 26, 2026
8.3 HIGH
CVE-2026-2847 — UTT HiPER 520 Web Management formReleaseConnect sub_44EFB4 os command injection

A vulnerability was detected in UTT HiPER 520 1.7.7-160105. Affected is the function sub_44EFB4 of the file /goform/formReleaseConnect of the component Web Management Interface. The manipulation of t…

520_firmware 520 | Remote | Injection
Feb 20, 2026 Feb 24, 2026
Feb 20, 2026
Feb 24, 2026
8.3 HIGH
CVE-2026-2846 — UTT HiPER 520 Web Management formPdbUpConfig sub_44D264 os command injection

A security vulnerability has been detected in UTT HiPER 520 1.7.7-160105. This impacts the function sub_44D264 of the file /goform/formPdbUpConfig of the component Web Management Interface. The manip…

520_firmware 520 | Remote | Injection
Feb 20, 2026 Feb 24, 2026
Feb 20, 2026
Feb 24, 2026
7.1 HIGH
CVE-2026-27072 — WordPress PixelYourSite – Your smart PIXEL (TAG) Manager plugin <= 11.2.0.1 - Cross Site …

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PixelYourSite PixelYourSite – Your smart PIXEL (TAG) Manager pixelyoursite allows Stored XSS.This…

pixelyoursite | Remote | Cross-Site Scripting
Feb 20, 2026 Feb 23, 2026
Feb 20, 2026
Feb 23, 2026
8.5 HIGH
CVE-2026-24959 — WordPress JS Help Desk plugin <= 3.0.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JoomSky JS Help Desk js-support-ticket allows Blind SQL Injection.This issue affects JS Help Desk…

js_help_desk | Remote | Injection
Feb 20, 2026 Feb 20, 2026
Feb 20, 2026
Feb 20, 2026
9.3 CRITICAL
CVE-2026-24956 — WordPress Download Manager Addons for Elementor plugin <= 1.3.0 - SQL Injection vulnerabi…

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shahjada Download Manager Addons for Elementor wpdm-elementor allows Blind SQL Injection.This iss…

Remote | Injection
Feb 20, 2026 Feb 23, 2026
Feb 20, 2026
Feb 23, 2026
7.1 HIGH
CVE-2026-24955 — WordPress Whizz Plugins plugin <= 1.9 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fox-themes Whizz Plugins whizz-plugins allows Reflected XSS.This issue affects Whizz Plugins: fro…

Remote | Cross-Site Scripting
Feb 20, 2026 Feb 20, 2026
Feb 20, 2026
Feb 20, 2026
6.5 MEDIUM
CVE-2026-24953 — WordPress Simple File List plugin <= 6.1.15 - Arbitrary File Download vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Mitchell Bennis Simple File List simple-file-list allows Path Traversal.This issue affects Simple File …

simple_file_list | Remote | Path Traversal
Feb 20, 2026 Feb 26, 2026
Feb 20, 2026
Feb 26, 2026
7.5 HIGH
CVE-2026-24950 — WordPress Authorsy plugin <= 1.0.6 - Insecure Direct Object References (IDOR) vulnerabili…

Authorization Bypass Through User-Controlled Key vulnerability in themeplugs Authorsy authorsy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Authorsy: fro…

Remote | Authorization
Feb 20, 2026 Feb 20, 2026
Feb 20, 2026
Feb 20, 2026
7.1 HIGH
CVE-2026-24949 — WordPress PhotoMe theme <= 5.7.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods PhotoMe photome allows DOM-Based XSS.This issue affects PhotoMe: from n/a through <= 5…

Remote | Cross-Site Scripting
Feb 20, 2026 Feb 23, 2026
Feb 20, 2026
Feb 23, 2026
7.1 HIGH
CVE-2026-24948 — WordPress Reflector plugin <= 1.2.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fox-themes Reflector reflector-plugins allows Reflected XSS.This issue affects Reflector: from n/…

Remote | Cross-Site Scripting
Feb 20, 2026 Feb 20, 2026
Feb 20, 2026
Feb 20, 2026
6.5 MEDIUM
CVE-2026-24946 — WordPress Print Invoice & Delivery Notes for WooCommerce plugin <= 5.8.0 - Broken Access …

Missing Authorization vulnerability in tychesoftwares Print Invoice & Delivery Notes for WooCommerce woocommerce-delivery-notes allows Exploiting Incorrectly Configured Access Control Security Levels…

print_invoice_\&_delivery_notes_for_woocommerce | Remote | Authorization
Feb 20, 2026 Feb 26, 2026
Feb 20, 2026
Feb 26, 2026
6.5 MEDIUM
CVE-2026-24944 — WordPress Subscribe2 plugin <= 10.44 - Broken Access Control vulnerability

Missing Authorization vulnerability in weDevs Subscribe2 subscribe2 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Subscribe2: from n/a through <= 10.44.

subscribe2 | Remote | Authorization
Feb 20, 2026 Feb 20, 2026
Feb 20, 2026
Feb 20, 2026
7.1 HIGH
CVE-2026-24943 — WordPress Grand Conference theme <= 5.3.4 - Reflected Cross Site Scripting (XSS) vulnerab…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Grand Conference grandconference allows Reflected XSS.This issue affects Grand Confere…

grand_conference | Remote | Cross-Site Scripting
Feb 20, 2026 Feb 23, 2026
Feb 20, 2026
Feb 23, 2026
7.5 HIGH
CVE-2026-24941 — WordPress WP Job Portal plugin <= 2.4.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in wpjobportal WP Job Portal wp-job-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Portal: from n/a throu…

wp_job_portal | Remote | Authorization
Feb 20, 2026 Feb 20, 2026
Feb 20, 2026
Feb 20, 2026
3.7 LOW
CVE-2026-22885 — EnOcean SmartServer IoT Out-of-bounds Read

A vulnerability exists in EnOcean SmartServer IoT version 4.60.009 and prior, which would allow remote attackers, in the LON IP-852 management messages, to send specially crafted IP-852 messages re…

Remote | Memory Corruption
Feb 20, 2026 Feb 20, 2026
Feb 20, 2026
Feb 20, 2026
9.8 CRITICAL
CVE-2026-22384 — WordPress Applay - Shortcodes plugin <= 3.7 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in leafcolor Applay - Shortcodes applay-shortcodes allows Object Injection.This issue affects Applay - Shortcodes: from n/a through <= 3.7.

Remote | Injection
Feb 20, 2026 Feb 24, 2026
Feb 20, 2026
Feb 24, 2026
7.5 HIGH
CVE-2026-22383 — WordPress PawFriends - Pet Shop and Veterinary WordPress theme theme <= 1.3 - Insecure Di…

Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes PawFriends - Pet Shop and Veterinary WordPress Theme pawfriends allows Exploiting Incorrectly Configured Access Control…

Remote | Authorization
Feb 20, 2026 Feb 25, 2026
Feb 20, 2026
Feb 25, 2026
8.1 HIGH
CVE-2026-22381 — WordPress PawFriends - Pet Shop and Veterinary WordPress Theme theme <= 1.3 - Local File …

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes PawFriends - Pet Shop and Veterinary WordPress Theme pawfriends …

Remote | Path Traversal
Feb 20, 2026 Feb 24, 2026
Feb 20, 2026
Feb 24, 2026
8.1 HIGH
CVE-2026-22380 — WordPress UnlimHost theme <= 1.2.3 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes UnlimHost unlimhost allows PHP Local File Inclusion.This issue af…

Remote | Path Traversal
Feb 20, 2026 Feb 20, 2026
Feb 20, 2026
Feb 20, 2026
Showing 20 of 5066 Results