Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
6.4 MEDIUM
CVE-2026-3427 — Yoast SEO <= 27.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'jsonT…

The Yoast SEO – Advanced SEO with real-time guidance and built-in AI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the `jsonText` block attribute in all versions up to, an…

Remote | Cross-Site Scripting
Mar 22, 2026 Mar 23, 2026
Mar 22, 2026
Mar 23, 2026
8.8 HIGH
CVE-2026-4533 — code-projects Simple Food Ordering System all-tickets.php sql injection

A vulnerability was detected in code-projects Simple Food Ordering System 1.0. Affected by this issue is some unknown functionality of the file all-tickets.php. The manipulation of the argument Statu…

simple_cafe_ordering_system simple_food_order_system | Remote | Injection
Mar 22, 2026 Apr 02, 2026
Mar 22, 2026
Apr 02, 2026
2.6 LOW
CVE-2026-33550 — SOGo OTP Weakness

SOGo before 5.12.5 does not renew the OTP if a user disables/enables it, and has a too short length (only 12 digits instead of the 20 recommended).

sogo | Remote | Authentication
Mar 22, 2026 Mar 23, 2026
Mar 22, 2026
Mar 23, 2026
8.8 HIGH
CVE-2026-33549 — SPIP Unintended Privilege Assignment Vulnerability

SPIP 4.4.10 through 4.4.12 before 4.4.13 allows unintended privilege assignment (of administrator privileges) during the editing of an author data structure because of STATUT mishandling.

spip | Remote | Authorization
Mar 22, 2026 Apr 17, 2026
Mar 22, 2026
Apr 17, 2026
6.4 MEDIUM
CVE-2025-71276 — SOGo Cross-Site Scripting Vulnerability

SOGo before 5.12.5 is prone to a XSS vulnerability with events, tasks, and contacts categories.

sogo | Remote | Cross-Site Scripting
Mar 22, 2026 Mar 23, 2026
Mar 22, 2026
Mar 23, 2026
Showing 20 of 6045 Results