Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
6.4 MEDIUM
CVE-2026-1268 — Dynamic Widget Content <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scriptin…

The Dynamic Widget Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget content field in the Gutenberg editor sidebar in all versions up to, and including, 1.3.6 d…

Remote | Cross-Site Scripting
Feb 05, 2026 Feb 05, 2026
Feb 05, 2026
Feb 05, 2026
4.9 MEDIUM
CVE-2026-1246 — ShortPixel Image Optimizer <= 6.4.2 - Authenticated (Editor+) Arbitrary File Read via 'lo…

The ShortPixel Image Optimizer plugin for WordPress is vulnerable to Arbitrary File Read via path traversal in the 'loadFile' parameter in all versions up to, and including, 6.4.2 due to insufficient…

image_optimizer | Remote | Path Traversal
Feb 05, 2026 Feb 05, 2026
Feb 05, 2026
Feb 05, 2026
6.4 MEDIUM
CVE-2026-0867 — Essential Widgets <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via M…

The Essential Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ew-author, ew-archive, ew-category, ew-page, and ew-menu shortcodes in all versions up to, and…

essential_widgets | Remote | Cross-Site Scripting
Feb 05, 2026 Feb 05, 2026
Feb 05, 2026
Feb 05, 2026
8.8 HIGH
CVE-2025-15080 — Information Disclosure, Information Tampering, and Denial of Service (DoS) Vulnerability …

Improper Validation of Specified Quantity in Input vulnerability in Mitsubishi Electric MELSEC iQ-R Series R08PCPU, R16PCPU, R32PCPU, and R120PCPU allows an unauthenticated attacker to read device da…

melsec_iq-r_firmware | Remote | Information Disclosure
Feb 05, 2026 Feb 06, 2026
Feb 05, 2026
Feb 06, 2026
8.6 HIGH
CVE-2025-61732 — Potential code smuggling via doc comments in cmd/cgo

A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary.

go | Supply Chain
Feb 05, 2026 Feb 10, 2026
Feb 05, 2026
Feb 10, 2026
8.8 HIGH
CVE-2025-10314 — Malicious Code Execution Vulnerability in Mitsubishi Small-Capacity UPS Shutdown Software…

Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation FREQSHIP-mini for Windows versions 8.0.0 to 8.0.2 allows a local attacker to execute arbitrary code with system privileg…

| Misconfiguration
Feb 05, 2026 Feb 05, 2026
Feb 05, 2026
Feb 05, 2026
Showing 20 of 5106 Results