Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
4.4 MEDIUM
CVE-2026-3348 — MinhNhut Link Gateway <= 3.6.1 - Authenticated (Admin+) Stored Cross-Site Scripting via P…

The MinhNhut Link Gateway plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings (Description, Title, and other fields) in all versions up to, and including, 3.6.…

Remote | Cross-Site Scripting
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
8.0 HIGH
CVE-2026-3012 — Samba: group policy certificate enrollment uses http:// without validation

A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and…

enterprise_linux openshift_container_platform enterprise_linux libefiboot | Misconfiguration
May 27, 2026 Jun 04, 2026
May 27, 2026
Jun 04, 2026
4.8 MEDIUM
CVE-2026-2288 — myLinksDump <= 1.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'link…

The myLinksDump plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link_title' parameter in all versions up to, and including, 1.6 due to insufficient input sanitization and o…

Remote | Cross-Site Scripting
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
4.8 MEDIUM
CVE-2026-2280 — rexCrawler <= 1.0.15 - Authenticated (Administrator+) Stored Cross-Site Scripting via Set…

The rexCrawler plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output esca…

Remote | Cross-Site Scripting
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
6.5 MEDIUM
CVE-2025-0898 — Xpro Elementor Addons - Pro <= 1.4.7 - Authenticated (Contributor+) Arbitrary File Read v…

The Xpro Elementor Addons - Pro plugin for WordPress is vulnerable to Arbitrary File Reading in all versions up to, and including, 1.4.7 via the Draw SVG widget. This makes it possible for authentica…

xpro_addons_for_elementor | Remote | Path Traversal
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
10.0 CRITICAL
CVE-2026-8054 — Unauthenticated SQL Injection in dotCMS Publish Audit API

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in the Publish Audit API endpoints (/api/auditPublishing/get and /api/auditPublishing/getAll) in dotCMS Core 25.11…

Remote | Injection
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
9.1 CRITICAL
CVE-2026-49002 — Broken Access Control Vulnerabily in ZTE ZXUniPOS NDS-LTE product

Access control failure means that an application does not effectively check user access permissions, so that unauthorized users can access system data beyond their permissions, such as viewing and mo…

Remote | Authorization
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
6.5 MEDIUM
CVE-2026-48968 — WordPress Master Slider plugin <= 3.10.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Averta Master Slider allows DOM-Based XSS. This issue affects Master Slider: from n/a through 3.…

master_slider | Remote | Cross-Site Scripting
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
6.5 MEDIUM
CVE-2026-48877 — WordPress GenerateBlocks plugin <= 2.1.0 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in Tom GenerateBlocks allows Retrieve Embedded Sensitive Data. This issue affects GenerateBlocks: from n/a through 2.1.0.

generateblocks | Remote | Information Disclosure
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
7.2 HIGH
CVE-2026-40852 — Command injection via malicious configuration

A highly authenticated attacker can alter the config generator injecting a payload into future created configurations. The device is not correctly checking this configuration value before passing it …

mbnet_mbnet.rokey rex100 mbnet.mini rex200_250 | Remote | Injection
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
8.4 HIGH
CVE-2026-40851 — Command injection via USB

A local attacker can perform a confusion attack on the cfgparser via a specially crafted file on an USB stick leading to code execution. This can result in a total loss of confidentiality, integrity …

mbnet_mbnet.rokey rex100 mbnet.mini rex200_250 | Misconfiguration
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
8.7 HIGH
CVE-2026-40850 — Unauthenticated SQLi in getAccountData function

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getAccountData function due to improper neutralization of special elements in a SQL SELECT command…

mbconnect24 mymbconnect24 myrex24v2.virtual myrex24v2 | Remote | Injection
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
7.1 HIGH
CVE-2026-40849 — Authenticated SQLi in user_alarmprofile view

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the user_alarmprofile view due to improper neutralization of special elements in a SQL SELECT command. …

mbconnect24 mymbconnect24 myrex24v2.virtual myrex24v2 | Remote | Injection
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
7.1 HIGH
CVE-2026-40848 — Authenticated SQLi in tag view

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the tag view due to improper neutralization of special elements in a SQL SELECT command. This can resul…

mbconnect24 mymbconnect24 myrex24v2.virtual myrex24v2 | Remote | Injection
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
7.1 HIGH
CVE-2026-40847 — Authenticated SQLi in system_tag view

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the system_tag view due to improper neutralization of special elements in a SQL SELECT command. This ca…

mbconnect24 mymbconnect24 myrex24v2.virtual myrex24v2 | Remote | Injection
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
7.1 HIGH
CVE-2026-40846 — Authenticated SQLi in system view

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the system view due to improper neutralization of special elements in a SQL SELECT command. This can re…

mbconnect24 mymbconnect24 myrex24v2.virtual myrex24v2 | Remote | Injection
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
7.1 HIGH
CVE-2026-40845 — Authenticated SQLi in devices_configuration view

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the devices_configuration view due to improper neutralization of special elements in a SQL SELECT comma…

mbconnect24 mymbconnect24 myrex24v2.virtual myrex24v2 | Remote | Injection
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
7.1 HIGH
CVE-2026-40844 — Authenticated SQLi in dashboard view

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dashboard view due to improper neutralization of special elements in a SQL SELECT command. This can…

mbconnect24 mymbconnect24 myrex24v2.virtual myrex24v2 | Remote | Injection
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
7.1 HIGH
CVE-2026-40843 — Authenticated SQLi in alarming view

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the alarming view due to improper neutralization of special elements in a SQL SELECT command. This can …

mbconnect24 mymbconnect24 myrex24v2.virtual myrex24v2 | Remote | Injection
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
7.1 HIGH
CVE-2026-40842 — Authenticated SQLi in getWidgetTags function

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getWidgetTags function due to improper neutralization of special elements in a SQL SELECT command. …

mbconnect24 mymbconnect24 myrex24v2.virtual myrex24v2 | Remote | Injection
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
Showing 20 of 7089 Results