Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
7.1 HIGH
CVE-2025-53231 — WordPress Easy Taxonomy Images plugin <= 1.0.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevstudio Easy Taxonomy Images easy-taxonomy-images allows Stored XSS.This issue affects Easy T…

Remote | Cross-Site Scripting
Feb 20, 2026 Feb 23, 2026
Feb 20, 2026
Feb 23, 2026
7.1 HIGH
CVE-2025-53228 — WordPress bbpress Simple Advert Units Plugin <= 0.41 - Cross Site Scripting (XSS) Vulnera…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jezza101 bbpress Simple Advert Units bbpress-simple-advert-units allows Reflected XSS.This issue …

Remote | Cross-Site Scripting
Feb 20, 2026 Feb 23, 2026
Feb 20, 2026
Feb 23, 2026
7.6 HIGH
CVE-2025-53217 — WordPress AIO WP Builder Plugin <= 2.0.2 - Broken Access Control Vulnerability

Missing Authorization vulnerability in staviravn AIO WP Builder all-in-one-wp-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AIO WP Builder: from n…

Remote | Authorization
Feb 20, 2026 Feb 26, 2026
Feb 20, 2026
Feb 26, 2026
7.6 HIGH
CVE-2025-52744 — WordPress Inpersttion For Theme plugin <= 1.0 - Arbitrary Code Execution vulnerability

Improper Control of Generation of Code ('Code Injection') vulnerability in inpersttion Inpersttion For Theme err-our-team allows Code Injection.This issue affects Inpersttion For Theme: from n/a thro…

Remote | Injection
Feb 20, 2026 Feb 25, 2026
Feb 20, 2026
Feb 25, 2026
3.5 LOW
CVE-2025-52603 — HCL Connections is vulnerable to information disclosure

HCL Connections is vulnerable to information disclosure. In a very specific user navigation scenario, this could allow a user to obtain limited information when a single piece of internal metadata i…

connections | Remote | Information Disclosure
Feb 20, 2026 Feb 20, 2026
Feb 20, 2026
Feb 20, 2026
6.5 MEDIUM
CVE-2024-56208 — WordPress NewsMash theme <= 1.0.71 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in desertthemes NewsMash newsmash allows Stored XSS.This issue affects NewsMash: from n/a through <=…

Remote | Cross-Site Scripting
Feb 20, 2026 Feb 27, 2026
Feb 20, 2026
Feb 27, 2026
4.3 MEDIUM
CVE-2024-54222 — WordPress Seraphinite Accelerator plugin <= 2.22.15 - Authenticated Sensitive Data Exposu…

Missing Authorization vulnerability in Seraphinite Solutions Seraphinite Accelerator seraphinite-accelerator allows Retrieve Embedded Sensitive Data.This issue affects Seraphinite Accelerator: from n…

seraphinite_accelerator | Remote | Authorization
Feb 20, 2026 Feb 25, 2026
Feb 20, 2026
Feb 25, 2026
5.9 MEDIUM
CVE-2024-52387 — WordPress Master Addons plugin <= 2.0.9.9.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Liton Arefin Master Addons for Elementor master-addons allows Stored XSS.This issue affects Maste…

master_addons | Remote | Cross-Site Scripting
Feb 20, 2026 Feb 27, 2026
Feb 20, 2026
Feb 27, 2026
6.5 MEDIUM
CVE-2024-51915 — WordPress LiteSpeed Cache plugin <= 6.5.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Stored XSS.This issue affects LiteS…

litespeed_cache | Remote | Cross-Site Scripting
Feb 20, 2026 Feb 25, 2026
Feb 20, 2026
Feb 25, 2026
6.5 MEDIUM
CVE-2024-50555 — WordPress Elementor Website Builder plugin <= 3.29.0 - Cross Site Scripting (XSS) vulnera…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor Elementor Website Builder elementor allows Stored XSS.This issue affects Elementor Webs…

website_builder | Remote | Cross-Site Scripting
Feb 20, 2026 Feb 27, 2026
Feb 20, 2026
Feb 27, 2026
6.5 MEDIUM
CVE-2024-50452 — WordPress Nexter Blocks plugin <= 3.3.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Stored XSS.This issue affects Next…

nexter_blocks | Remote | Cross-Site Scripting
Feb 20, 2026 Feb 25, 2026
Feb 20, 2026
Feb 25, 2026
5.3 MEDIUM
CVE-2024-43228 — WordPress SecuPress Free plugin <= 2.2.5.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in SecuPress SecuPress Free secupress.This issue affects SecuPress Free: from n/a through <= 2.2.5.3.

secupress | Remote | Authorization
Feb 20, 2026 Feb 26, 2026
Feb 20, 2026
Feb 26, 2026
5.3 MEDIUM
CVE-2024-34438 — WordPress Shared Files plugin <= 1.7.19 - Broken Access Control vulnerability

Missing Authorization vulnerability in Anssi Laitila Shared Files shared-files.This issue affects Shared Files: from n/a through <= 1.7.19.

shared_files | Remote | Authorization
Feb 20, 2026 Feb 25, 2026
Feb 20, 2026
Feb 25, 2026
9.5 CRITICAL
CVE-2026-21627 — Extension - tassos.gr - SQL injection and Unauthenticated File Read in Novarain/Tassos Fr…

The vulnerability was rooted in how the Tassos Framework plugin handled specific AJAX requests through Joomla’s com_ajax entry point. Under certain conditions, internal framework functionality could …

Remote | Authorization
Feb 20, 2026 Feb 20, 2026
Feb 20, 2026
Feb 20, 2026
2.3 LOW
CVE-2025-14547 — ECJ-PAKE Integer Underflow Vulnerability in Silicon Labs PSA Crypto and SE Manager APIs

An integer underflow vulnerability is present in Silicon Lab’s implementation of PSA Crypto and SE Manager EC-JPAKE APIs during ZKP parsing. Triggering the underflow can lead to a hard fault, causing…

gecko_software_development_kit simplicity_software_development_kit | Remote | Memory Corruption
Feb 20, 2026 Feb 20, 2026
Feb 20, 2026
Feb 20, 2026
2.4 LOW
CVE-2025-14055 — Integer underflow in Secure NCP host

An integer underflow vulnerability in Silicon Labs Secure NCP host implementation allows a buffer overread via a specially crafted packet.

simplicity_software_development_kit | Memory Corruption
Feb 20, 2026 Feb 20, 2026
Feb 20, 2026
Feb 20, 2026
6.4 MEDIUM
CVE-2026-2486 — Master Addons For Elementor <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scr…

The Master Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ma_el_bh_table_btn_text' parameter in versions up to, and including, 2.1.1 due to insufficie…

Remote | Cross-Site Scripting
Feb 20, 2026 Feb 20, 2026
Feb 20, 2026
Feb 20, 2026
9.8 CRITICAL
CVE-2025-10970 — SQLi in Kolay Software's Talentics

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kolay Software Inc. Talentics allows Blind SQL Injection.This issue affects Talentics: through 20…

Remote | Injection
Feb 20, 2026 Feb 20, 2026
Feb 20, 2026
Feb 20, 2026
2.3 LOW
CVE-2026-21620 — TFTP Path Traversal

Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp erlang/otp (tftp_file modules), erlang otp inets (tftp_file modules), erlang otp tftp (tftp_file module…

erlang\/otp otp | Remote | Path Traversal
Feb 20, 2026 Feb 20, 2026
Feb 20, 2026
Feb 20, 2026
8.4 HIGH
CVE-2026-26050 — RICOH Joblog Analysis Tool DLL Search Path Loading Vulnerability

The installer for ジョブログ集計/分析ソフトウェア RICOHジョブログ集計ツール versions prior to Ver.1.3.7 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, ar…

| Misconfiguration
Feb 20, 2026 Feb 20, 2026
Feb 20, 2026
Feb 20, 2026
Showing 20 of 5066 Results