Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable

Score

Vulnerability

Published

8.2 HIGH

CVE-2026-1953 — Stored Cross Site Scripting(XSS) in Nukegraphic CMS V3.1.2

Nukegraphic CMS v3.1.2 contains a stored cross-site scripting (XSS) vulnerability in the user profile edit functionality at /ngc-cms/user-edit-profile.php. The application fails to properly sanitize …

Remote | Cross-Site Scripting

Feb 05, 2026 Feb 05, 2026

Feb 05, 2026

6.4 MEDIUM

CVE-2026-1268 — Dynamic Widget Content <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scriptin…

The Dynamic Widget Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget content field in the Gutenberg editor sidebar in all versions up to, and including, 1.3.6 d…

Remote | Cross-Site Scripting

Feb 05, 2026 Feb 05, 2026

Feb 05, 2026

4.9 MEDIUM

CVE-2026-1246 — ShortPixel Image Optimizer <= 6.4.2 - Authenticated (Editor+) Arbitrary File Read via 'lo…

The ShortPixel Image Optimizer plugin for WordPress is vulnerable to Arbitrary File Read via path traversal in the 'loadFile' parameter in all versions up to, and including, 6.4.2 due to insufficient…

image_optimizer | Remote | Path Traversal

Feb 05, 2026 Feb 05, 2026

Feb 05, 2026

6.4 MEDIUM

CVE-2026-0867 — Essential Widgets <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via M…

The Essential Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ew-author, ew-archive, ew-category, ew-page, and ew-menu shortcodes in all versions up to, and…

essential_widgets | Remote | Cross-Site Scripting

Feb 05, 2026 Feb 05, 2026

Feb 05, 2026

8.8 HIGH

CVE-2025-15080 — Information Disclosure, Information Tampering, and Denial of Service (DoS) Vulnerability …

Improper Validation of Specified Quantity in Input vulnerability in Mitsubishi Electric MELSEC iQ-R Series R08PCPU, R16PCPU, R32PCPU, and R120PCPU allows an unauthenticated attacker to read device da…

melsec_iq-r_firmware | Remote | Information Disclosure

Feb 05, 2026 Feb 06, 2026

Feb 05, 2026

Feb 06, 2026

Showing 20 of 5105 Results

Latest CVE Feed

CVEFeed.io UI Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable

Browse by Apps

Latest CVE Feed

CVEFeed.io UI Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable

Cookie Preferences