Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
8.8 HIGH
CVE-2026-22267 — Dell PowerProtect Data Manager Privilege Escalation Vulnerability

Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with remote access could potentially exploit this vuln…

powerprotect_data_manager | Remote | Authorization
Feb 19, 2026 Feb 20, 2026
Feb 19, 2026
Feb 20, 2026
8.8 HIGH
CVE-2026-22266 — Dell PowerProtect Data Manager REST API Improper Verification of Source of a Communicatio…

Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Improper Verification of Source of a Communication Channel vulnerability in the REST API. A high privileged attacker with remo…

powerprotect_data_manager | Remote | Authentication
Feb 19, 2026 Feb 20, 2026
Feb 19, 2026
Feb 20, 2026
6.5 MEDIUM
CVE-2026-1461 — Simple Membership <= 4.7.0 - Unauthenticated Improper Handling of Missing Values

The Simple Membership plugin for WordPress is vulnerable to Improper Handling of Missing Values in all versions up to, and including, 4.7.0 via the Stripe webhook handler. This is due to the plugin o…

simple_membership | Remote | Authentication
Feb 19, 2026 Feb 19, 2026
Feb 19, 2026
Feb 19, 2026
5.3 MEDIUM
CVE-2026-1219 — MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar 4.0 - 5.10 - Unauthenti…

The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions 4.0 to 5.10 via the 'load_track_note_ajax' due…

mp3_audio_player_for_music\,_radio_\&_podcast | Remote | Information Disclosure
Feb 19, 2026 Feb 19, 2026
Feb 19, 2026
Feb 19, 2026
9.1 CRITICAL
CVE-2025-13590 — Authenticated arbitrary file upload via a System REST API requiring administrator permiss…

A malicious actor with administrative privileges can upload an arbitrary file to a user-controlled location within the deployment via a system REST API. Successful uploads may lead to remote code exe…

api_manager api_control_plane wso2_api_control_plane wso2_api_manager wso2_universal_gateway wso2_traffic_manager +3 more | Remote | Authentication
Feb 19, 2026 Feb 20, 2026
Feb 19, 2026
Feb 20, 2026
10.0 CRITICAL
CVE-2025-12107 — Potential authenticated Server-Side Template Injection (SSTI) vulnerability.

Due to the use of a vulnerable third-party Velocity template engine, a malicious actor with admin privilege may inject and execute arbitrary template syntax within server-side templates. Successfu…

identity_server wso2_identity_server | Remote | Injection
Feb 19, 2026 Mar 06, 2026
Feb 19, 2026
Mar 06, 2026
6.1 MEDIUM
CVE-2026-2736 — Reflected Cross-Site Scripting (XSS) vulnerability in Alkacon's OpenCms

Reflected Cross-site Scripting (XSS) in Alkacon's OpenCms v18.0, which allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL containing the ‘q’ p…

opencms | Remote | Cross-Site Scripting
Feb 19, 2026 Feb 23, 2026
Feb 19, 2026
Feb 23, 2026
5.4 MEDIUM
CVE-2026-2735 — Stored Cross-Site Scripting (XSS) vulnerability in Alkacon's OpenCms

Stored Cross-Site Scripting (XSS) in Alkacon's OpenCms v18.0, which occurs when user input is not properly validated when sending a POST request to ‘/blog/new-article/org.opencms.ugc.CmsUgcEditServic…

opencms | Remote | Cross-Site Scripting
Feb 19, 2026 Feb 23, 2026
Feb 19, 2026
Feb 23, 2026
6.5 MEDIUM
CVE-2026-27094 — WordPress CoBlocks plugin <= 3.1.16 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GoDaddy CoBlocks coblocks allows Stored XSS.This issue affects CoBlocks: from n/a through <= 3.1.…

coblocks | Remote | Cross-Site Scripting
Feb 19, 2026 Feb 20, 2026
Feb 19, 2026
Feb 20, 2026
6.5 MEDIUM
CVE-2026-27092 — WordPress WPAdverts plugin <= 2.2.11 - Broken Access Control vulnerability

Missing Authorization vulnerability in Greg Winiarski WPAdverts wpadverts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPAdverts: from n/a through <= 2.2…

Remote | Authorization
Feb 19, 2026 Feb 19, 2026
Feb 19, 2026
Feb 19, 2026
4.3 MEDIUM
CVE-2026-27090 — WordPress Kenta Companion plugin <= 1.3.3 - Cross Site Request Forgery (CSRF) vulnerabili…

Cross-Site Request Forgery (CSRF) vulnerability in WP Moose Kenta Companion kenta-companion allows Cross Site Request Forgery.This issue affects Kenta Companion: from n/a through <= 1.3.3.

Remote | Cross-Site Request Forgery
Feb 19, 2026 Feb 19, 2026
Feb 19, 2026
Feb 19, 2026
6.5 MEDIUM
CVE-2026-27074 — WordPress Shortcoder plugin <= 6.5.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vaakash Shortcoder shortcoder allows Stored XSS.This issue affects Shortcoder: from n/a through <…

Remote | Cross-Site Scripting
Feb 19, 2026 Feb 27, 2026
Feb 19, 2026
Feb 27, 2026
6.5 MEDIUM
CVE-2026-27069 — WordPress Soledad theme <= 8.7.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Soledad soledad allows DOM-Based XSS.This issue affects Soledad: from n/a through <= …

soledad | Remote | Cross-Site Scripting
Feb 19, 2026 Feb 20, 2026
Feb 19, 2026
Feb 20, 2026
5.3 MEDIUM
CVE-2026-27066 — WordPress Live sales notification for WooCommerce plugin <= 2.3.46 - Broken Access Contro…

Missing Authorization vulnerability in PI Web Solution Live sales notification for WooCommerce live-sales-notifications-for-woocommerce allows Exploiting Incorrectly Configured Access Control Securit…

Remote | Authorization
Feb 19, 2026 Feb 19, 2026
Feb 19, 2026
Feb 19, 2026
6.5 MEDIUM
CVE-2026-27059 — WordPress Penci Recipe plugin <= 4.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Recipe penci-recipe allows DOM-Based XSS.This issue affects Penci Recipe: from …

Remote | Cross-Site Scripting
Feb 19, 2026 Feb 20, 2026
Feb 19, 2026
Feb 20, 2026
6.5 MEDIUM
CVE-2026-27058 — WordPress Penci Podcast plugin <= 1.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Podcast penci-podcast allows DOM-Based XSS.This issue affects Penci Podcast: fr…

Remote | Cross-Site Scripting
Feb 19, 2026 Feb 20, 2026
Feb 19, 2026
Feb 20, 2026
6.5 MEDIUM
CVE-2026-27057 — WordPress Penci Filter Everything plugin <= 1.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Filter Everything penci-filter-everything allows Stored XSS.This issue affects …

Remote | Cross-Site Scripting
Feb 19, 2026 Feb 20, 2026
Feb 19, 2026
Feb 20, 2026
4.3 MEDIUM
CVE-2026-27056 — WordPress iThemes Sync plugin <= 3.2.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in StellarWP iThemes Sync ithemes-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iThemes Sync: from n/a through <=…

Remote | Authorization
Feb 19, 2026 Feb 19, 2026
Feb 19, 2026
Feb 19, 2026
4.3 MEDIUM
CVE-2026-27055 — WordPress Penci AI SmartContent Creator plugin <= 2.0 - Broken Access Control vulnerabili…

Missing Authorization vulnerability in PenciDesign Penci AI SmartContent Creator penci-ai allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Penci AI SmartCont…

Remote | Authorization
Feb 19, 2026 Feb 20, 2026
Feb 19, 2026
Feb 20, 2026
7.5 HIGH
CVE-2026-27052 — WordPress Sales Countdown Timer for WooCommerce and WordPress plugin <= 1.1.8.1 - Local F…

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in villatheme Sales Countdown Timer for WooCommerce and WordPress sctv-sales-coun…

Remote | Path Traversal
Feb 19, 2026 Feb 19, 2026
Feb 19, 2026
Feb 19, 2026
Showing 20 of 5069 Results