Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
5.1 MEDIUM
CVE-2026-23927 — Agent 2 Oracle plugin TNS connection string injection via the 'service' parameter

A user able to connect to Agent 2 can inject an Oracle TNS connection string via the 'service' parameter. This can lead to Agent 2 connecting to an attacker-controlled server and leaking Oracle datab…

zabbix | Remote | Injection
May 06, 2026 May 07, 2026
May 06, 2026
May 07, 2026
7.3 HIGH
CVE-2026-23926 — Stored XSS vulnerability in Host navigator widget maintenance tooltip

An authenticated (non-super) administrator can create a maintenance period with a JavaScript payload that is executed by any user that opens tooltip for that maintenance period in the Host navigator …

zabbix | Remote | Cross-Site Scripting
May 06, 2026 May 07, 2026
May 06, 2026
May 07, 2026
4.3 MEDIUM
CVE-2026-2306 — Ninja Tables <= 5.2.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Ta…

The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to unauthorized database table creation due to missing authorization checks on the `createFluentCartTable` function in al…

ninja_tables | Remote | Authorization
May 06, 2026 May 06, 2026
May 06, 2026
May 06, 2026
6.5 MEDIUM
CVE-2026-5753 — All-in-One WP Migration Unlimited Extension <= 2.83 - Missing Authorization to Authentica…

The All-in-One WP Migration Unlimited Extension plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.83. This is due to the 'Ai1wmve_Schedules_Controller::s…

Remote | Authorization
May 06, 2026 May 06, 2026
May 06, 2026
May 06, 2026
5.3 MEDIUM
CVE-2026-3208 — Mercado Pago payments for WooCommerce <= 8.7.11 - Missing Authorization to Unauthenticate…

The Mercado Pago payments for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'mp_pix_image' WooCommerce API endpoint in all ver…

mercado_pago_payments_for_woocommerce | Remote | Authorization
May 06, 2026 May 06, 2026
May 06, 2026
May 06, 2026
7.7 HIGH
CVE-2026-7573 — GetUserRoles API endpoint allows any authenticated user to enumerate ACL policies across …

An authorization bypass (CWE-639) in the GetUserRoles gRPC API endpoint in Velocidex Velociraptor below version 0.76.5 allows any authenticated low-privilege user to retrieve the complete ACL policy …

linux_kernel velociraptor | Remote | Authorization
May 06, 2026 Jun 01, 2026
May 06, 2026
Jun 01, 2026
5.5 MEDIUM
CVE-2026-7572 — Velociraptor EVTX Parser — Process Crash via Crafted .evtx File

An off-by-one error (CWE-193) in the ConsumeUnit16Array and ConsumeUnit64Array functions in Velocidex Velociraptor before version 0.76.5 on Windows and Linux allows a local attacker to cause a Denial…

linux_kernel windows velociraptor | Memory Corruption
May 06, 2026 Jun 01, 2026
May 06, 2026
Jun 01, 2026
7.5 HIGH
CVE-2025-71256 — "NR Modem Remote Denial of Service (DoS) Vulnerability"

In nr modem, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.

android t8300 t8100 t8200 t9100 | Denial of Service
May 06, 2026 May 11, 2026
May 06, 2026
May 11, 2026
7.5 HIGH
CVE-2025-71255 — "Modem IMS Denial of Service Vulnerability"

In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.

android sc7731e sc9832e sc9863a t310 t610 +11 more | Denial of Service
May 06, 2026 May 11, 2026
May 06, 2026
May 11, 2026
7.5 HIGH
CVE-2025-71254 — "Modem IMS Remote Denial of Service Vulnerability"

In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.

android sc7731e sc9832e sc9863a t310 t610 +11 more | Denial of Service
May 06, 2026 May 11, 2026
May 06, 2026
May 11, 2026
7.5 HIGH
CVE-2025-71253 — "Modem IMS Remote Denial of Service Vulnerability"

In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.

android sc7731e sc9832e sc9863a t310 t610 +11 more | Denial of Service
May 06, 2026 May 11, 2026
May 06, 2026
May 11, 2026
7.5 HIGH
CVE-2025-71252 — "Modem IMS Remote Denial of Service Vulnerability"

In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.

android sc7731e sc9832e sc9863a t310 t610 +11 more | Denial of Service
May 06, 2026 May 11, 2026
May 06, 2026
May 11, 2026
7.5 HIGH
CVE-2025-71251 — Apache IMS Remote Denial of Service Vulnerability

In IMS, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.

android sc7731e sc9832e sc9863a t310 t610 +11 more | Denial of Service
May 06, 2026 May 11, 2026
May 06, 2026
May 11, 2026
Showing 20 of 7573 Results