Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
9.0 HIGH
CVE-2026-9295 — Edimax BR-6428NS POST Request formWirelessTbl buffer overflow

A security flaw has been discovered in Edimax BR-6428NS 1.10. This affects the function formWirelessTbl of the file /goform/formWirelessTbl of the component POST Request Handler. Performing a manipul…

br-6428ns_firmware | Remote | Memory Corruption
May 23, 2026 May 26, 2026
May 23, 2026
May 26, 2026
9.0 HIGH
CVE-2026-9294 — Edimax BR-6428NS POST Request formWanTcpipSetup buffer overflow

A vulnerability was identified in Edimax BR-6428NS 1.10. The impacted element is the function formWanTcpipSetup of the file /goform/formWanTcpipSetup of the component POST Request Handler. Such manip…

br-6428ns_firmware | Remote | Memory Corruption
May 23, 2026 May 26, 2026
May 23, 2026
May 26, 2026
8.2 HIGH
CVE-2026-9284 — WooCommerce PayPal Payments <= 4.0.1 - Missing Authorization to Unauthenticated Order Man…

The WooCommerce PayPal Payments plugin for WordPress is vulnerable to unauthorized order manipulation and information disclosure due to missing authorization checks on the `ppc-create-order` and `ppc…

paypal_payments | Remote | Authorization
May 23, 2026 May 26, 2026
May 23, 2026
May 26, 2026
8.8 HIGH
CVE-2026-6898 — WishList Member <= 3.30.1 - Missing Authorization to Authenticated (Subscriber+) Generate…

The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'WishListMember3_Hooks::generate_api_key' function in all versions…

Remote | Authorization
May 23, 2026 May 26, 2026
May 23, 2026
May 26, 2026
8.8 HIGH
CVE-2026-6897 — Wishlist Member <= 3.30.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrar…

The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'WishListMember\Features\Team_Accounts::save_settings' function in…

Remote | Authorization
May 23, 2026 May 26, 2026
May 23, 2026
May 26, 2026
8.8 HIGH
CVE-2026-6895 — Wishlist Member <= 3.30.1 - Missing Authorization to Authenticated (Subscriber+) API Secr…

The WishList Member plugin for WordPress is vulnerable to Missing Authorization leading to Sensitive Information Disclosure and Privilege Escalation in versions up to and including 3.30.1. This is du…

Remote | Authorization
May 23, 2026 May 26, 2026
May 23, 2026
May 26, 2026
8.8 HIGH
CVE-2026-6419 — Wishlist Member <= 3.30.1 - Missing Authorization to Authenticated (Subscriber+) API Secr…

The WishList Member plugin for WordPress is vulnerable to Privilege Escalation via Missing Authorization in versions up to and including 3.30.1. This is due to the missing capability and nonce check …

Remote | Authorization
May 23, 2026 May 26, 2026
May 23, 2026
May 26, 2026
10.0 CRITICAL
CVE-2026-47280 — Azure Resource Manager Elevation of Privilege Vulnerability

Improper authentication in Azure Resource Manager (ARM) allows an unauthorized attacker to elevate privileges over a network.

azure_resource_manager
May 22, 2026 May 27, 2026
May 22, 2026
May 27, 2026
8.8 HIGH
CVE-2026-45659 — Microsoft SharePoint Remote Code Execution Vulnerability

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

sharepoint_server sharepoint_enterprise_server_2016 sharepoint_server_2016 sharepoint_server_2019
May 22, 2026 May 27, 2026
May 22, 2026
May 27, 2026
10.0 CRITICAL
CVE-2026-42901 — Microsoft Entra ID Elevation of Privilege Vulnerability

Origin validation error in Microsoft Entra ID allows an unauthorized attacker to elevate privileges over a network.

microsoft_entra_id entra_id
May 22, 2026 May 27, 2026
May 22, 2026
May 27, 2026
7.5 HIGH
CVE-2026-42827 — M365 Copilot Information Disclosure Vulnerability

Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.

365_copilot | Remote
May 22, 2026 May 27, 2026
May 22, 2026
May 27, 2026
5.3 MEDIUM
CVE-2026-41149 — Mermaid: Improper sanitization of `classDef` in state diagrams leads to HTML injection

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Versions 10.9.5 and earlier, as well as 11.0.0-alpha.1 through 11.14.0, are vulnerable to HTML …

mermaid | Remote | Injection
May 22, 2026 May 26, 2026
May 22, 2026
May 26, 2026
5.3 MEDIUM
CVE-2026-41148 — Mermaid: Improper sanitization of `classDefs` in diagrams leads to CSS injection

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Versions 10.9.5 and prior, in addition to 11.0.0-alpha.1 through 11.12.0 are vulnerable to CSS …

mermaid | Remote | Injection
May 22, 2026 May 26, 2026
May 22, 2026
May 26, 2026
10.0 CRITICAL
CVE-2026-41104 — Microsoft Planetary Computer Pro Information Disclosure Vulnerability

Deserialization of untrusted data in Microsoft Planetary Computer Pro allows an unauthorized attacker to disclose information over a network.

planetary_computer_pro planetary_computer
May 22, 2026 May 29, 2026
May 22, 2026
May 29, 2026
9.3 CRITICAL
CVE-2026-41090 — Microsoft Copilot Tampering Vulnerability

Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network.

365_copilot 365_copilot_ios
May 22, 2026 May 27, 2026
May 22, 2026
May 27, 2026
10.0 CRITICAL
CVE-2026-40412 — Azure Orbital Spatio Remote Code Execution Vulnerability

Unrestricted upload of file with dangerous type in Azure Orbital Spatio allows an unauthorized attacker to execute code over a network.

azure_orbital_spatio
May 22, 2026 May 27, 2026
May 22, 2026
May 27, 2026
9.9 CRITICAL
CVE-2026-40411 — Azure Virtual Network Gateway Remote Code Execution Vulnerability

Improper input validation in Azure Virtual Network Gateway allows an authorized attacker to execute code over a network.

azure_virtual_network_gateway
May 22, 2026 May 27, 2026
May 22, 2026
May 27, 2026
8.8 HIGH
CVE-2026-35430 — Azure Privileged Identity Management (PIM) Elevation of Privilege Vulnerability

Authorization bypass through user-controlled key in Azure Privileged Identity Management (PIM) allows an authorized attacker to elevate privileges over a network.

azure_privileged_management azure_privileged_identity_management
May 22, 2026 May 27, 2026
May 22, 2026
May 27, 2026
9.8 CRITICAL
CVE-2026-33843 — Microsoft Azure Active Directory B2C Elevation of Privilege Vulnerability

Authentication bypass using an alternate path or channel in Microsoft Azure Active Directory B2C allows an unauthorized attacker to elevate privileges over a network.

microsoft_entra_id entra_id | Remote
May 22, 2026 May 27, 2026
May 22, 2026
May 27, 2026
7.7 HIGH
CVE-2026-26147 — Azure Stack HCI Information Disclosure Vulnerability

Improper input validation in Azure Compute Gallery allows an authorized attacker to disclose information over a network.

azure_stack_hci
May 22, 2026 May 27, 2026
May 22, 2026
May 27, 2026
Showing 20 of 6716 Results