Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
5.4 MEDIUM
CVE-2026-1282 — Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an authenticated user to inject malic…

gitlab | Remote | Injection
Feb 11, 2026 Feb 12, 2026
Feb 11, 2026
Feb 12, 2026
4.6 MEDIUM
CVE-2026-1094 — Improper Validation of Unsafe Equivalence in Input in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.8 before 18.8.4 that could have allowed an authenticated developer to hide specially crafted file changes from the WebUI.

gitlab gitaly | Remote | Information Disclosure
Feb 11, 2026 Feb 12, 2026
Feb 11, 2026
Feb 12, 2026
4.3 MEDIUM
CVE-2026-1080 — Authorization Bypass Through User-Controlled Key in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 16.7 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticat…

gitlab | Remote | Authorization
Feb 11, 2026 Feb 12, 2026
Feb 11, 2026
Feb 12, 2026
7.5 HIGH
CVE-2026-0958 — Interpretation Conflict in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to cause deni…

gitlab | Remote | Denial of Service
Feb 11, 2026 Feb 13, 2026
Feb 11, 2026
Feb 13, 2026
7.3 HIGH
CVE-2026-0595 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in G…

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.9 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenti…

gitlab | Remote | Cross-Site Scripting
Feb 11, 2026 Feb 12, 2026
Feb 11, 2026
Feb 12, 2026
7.5 HIGH
CVE-2025-8099 — Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.8 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions, could have allowed an unauthe…

gitlab | Remote | Denial of Service
Feb 11, 2026 Feb 13, 2026
Feb 11, 2026
Feb 13, 2026
9.1 CRITICAL
CVE-2025-7659 — Origin Validation Error in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to steal toke…

gitlab | Remote | Authorization
Feb 11, 2026 Feb 13, 2026
Feb 11, 2026
Feb 13, 2026
3.5 LOW
CVE-2025-14594 — Authorization Bypass Through User-Controlled Key in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.11 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authent…

gitlab | Remote | Information Disclosure
Feb 11, 2026 Feb 13, 2026
Feb 11, 2026
Feb 13, 2026
5.3 MEDIUM
CVE-2025-14592 — Missing Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenti…

gitlab | Remote | Authorization
Feb 11, 2026 Feb 13, 2026
Feb 11, 2026
Feb 13, 2026
7.3 HIGH
CVE-2025-14560 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in G…

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenti…

gitlab | Remote | Authorization
Feb 11, 2026 Feb 13, 2026
Feb 11, 2026
Feb 13, 2026
5.4 MEDIUM
CVE-2025-12575 — Server-Side Request Forgery (SSRF) in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticat…

gitlab | Remote | Server-Side Request Forgery
Feb 11, 2026 Feb 13, 2026
Feb 11, 2026
Feb 13, 2026
4.3 MEDIUM
CVE-2025-12073 — Server-Side Request Forgery (SSRF) in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions, could have allowed an authent…

gitlab | Remote | Server-Side Request Forgery
Feb 11, 2026 Feb 13, 2026
Feb 11, 2026
Feb 13, 2026
8.3 HIGH
CVE-2025-10174 — Improper Access Control in Pan Software's PanCafe Pro

Cleartext Transmission of Sensitive Information vulnerability in Pan Software & Information Technologies Ltd. PanCafe Pro allows Flooding.This issue affects PanCafe Pro: from < 3.3.2 through 23092025.

| Information Disclosure
Feb 11, 2026 Feb 11, 2026
Feb 11, 2026
Feb 11, 2026
5.3 MEDIUM
CVE-2026-2295 — WPZOOM Addons for Elementor – Starter Templates & Widgets <= 1.3.2 - Unauthenticated Prot…

The WPZOOM Addons for Elementor – Starter Templates & Widgets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ajax_post_grid_load_more' fun…

Remote | Authorization
Feb 11, 2026 Feb 11, 2026
Feb 11, 2026
Feb 11, 2026
8.8 HIGH
CVE-2025-15096 — Videospirecore Theme Plugin <= 1.0.6 - Authenticated (Subscriber+) Privilege Escalation v…

The 'Videospirecore Theme Plugin' plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.6. This is due to the plugin not properly v…

Remote | Authentication
Feb 11, 2026 Feb 11, 2026
Feb 11, 2026
Feb 11, 2026
6.4 MEDIUM
CVE-2026-1885 — Slideshow Wp <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'sswp-…

The Slideshow Wp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sswpid' attribute of the 'sswp-slide' shortcode in all versions up to, and including, 1.1. This is due to i…

Remote | Cross-Site Scripting
Feb 11, 2026 Feb 11, 2026
Feb 11, 2026
Feb 11, 2026
6.4 MEDIUM
CVE-2026-1853 — BuddyHolis ListSearch <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting v…

The BuddyHolis ListSearch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'listsearch' shortcode in all versions up to, and including, 1.1 due to insufficient input…

Remote | Cross-Site Scripting
Feb 11, 2026 Feb 11, 2026
Feb 11, 2026
Feb 11, 2026
5.3 MEDIUM
CVE-2026-1833 — WaMate Confirm <= 2.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary …

The WaMate Confirm – Order Confirmation plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.0.1. This is due to the plugin not properly verifying that a …

Remote | Authorization
Feb 11, 2026 Feb 11, 2026
Feb 11, 2026
Feb 11, 2026
6.4 MEDIUM
CVE-2026-1827 — IDE Micro code-editor <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting…

The Flask Micro code-editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's codeflask shortcode in all versions up to, and including, 1.0.0 due to insufficient inpu…

Remote | Cross-Site Scripting
Feb 11, 2026 Feb 11, 2026
Feb 11, 2026
Feb 11, 2026
6.4 MEDIUM
CVE-2026-1826 — OpenPOS Lite <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortc…

The OpenPOS Lite – Point of Sale for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'width' parameter of the order_qrcode shortcode in all versions up to, and i…

Remote | Cross-Site Scripting
Feb 11, 2026 Feb 11, 2026
Feb 11, 2026
Feb 11, 2026
Showing 20 of 5092 Results