Latest CVE Vulnerabilities

0.0 NA

CVE-2026-3453 — ProfilePress <= 4.16.11 - Insecure Direct Object Reference to Authenticated (Subscriber+)…

The ProfilePress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.16.11. This is due to missing ownership validation on the change_plan_s…

| Authorization

Mar 11, 2026 Mar 11, 2026

Mar 11, 2026

4.8 MEDIUM

CVE-2026-21291 — Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-…

Remote | Cross-Site Scripting

Mar 11, 2026 Mar 11, 2026

Mar 11, 2026

5.5 MEDIUM

CVE-2026-21293 — Adobe Commerce | Server-Side Request Forgery (SSRF) (CWE-918)

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in a Securit…

Remote | Server-Side Request Forgery

Mar 11, 2026 Mar 11, 2026

Mar 11, 2026

5.3 MEDIUM

CVE-2026-21282 — Adobe Commerce | Improper Input Validation (CWE-20)

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Improper Input Validation vulnerability that could lead to application denial-…

Remote | Denial of Service

Mar 11, 2026 Mar 11, 2026

Mar 11, 2026

5.3 MEDIUM

CVE-2026-21286 — Adobe Commerce | Incorrect Authorization (CWE-863)

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature …

Remote | Authorization

Mar 11, 2026 Mar 11, 2026

Mar 11, 2026

5.5 MEDIUM

CVE-2026-21294 — Adobe Commerce | Server-Side Request Forgery (SSRF) (CWE-918)

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in a Securit…

Remote | Server-Side Request Forgery

Mar 11, 2026 Mar 11, 2026

Mar 11, 2026

8.1 HIGH

CVE-2026-21284 — Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-…

Remote | Cross-Site Scripting

Mar 11, 2026 Mar 11, 2026

Mar 11, 2026

4.3 MEDIUM

CVE-2026-21297 — Adobe Commerce | Incorrect Authorization (CWE-863)

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature …

Remote | Authorization

Mar 11, 2026 Mar 11, 2026

Mar 11, 2026

4.7 MEDIUM

CVE-2026-21359 — Adobe Commerce | Incorrect Authorization (CWE-863)

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature …

Remote | Authorization

Mar 11, 2026 Mar 11, 2026

Mar 11, 2026

7.5 HIGH

CVE-2026-21309 — Adobe Commerce | Incorrect Authorization (CWE-863)

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature …

Remote | Authorization

Mar 11, 2026 Mar 11, 2026

Mar 11, 2026

5.4 MEDIUM

CVE-2026-21292 — Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-p…

Remote | Cross-Site Scripting

Mar 11, 2026 Mar 11, 2026

Mar 11, 2026

5.3 MEDIUM

CVE-2026-21310 — Adobe Commerce | Improper Input Validation (CWE-20)

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Improper Input Validation vulnerability that could result in a security featur…

Remote | Authorization

Mar 11, 2026 Mar 11, 2026

Mar 11, 2026

4.3 MEDIUM

CVE-2026-21285 — Adobe Commerce | Incorrect Authorization (CWE-863)

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature …

Remote | Authorization

Mar 11, 2026 Mar 11, 2026

Mar 11, 2026

8.7 HIGH

CVE-2026-21290 — Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-p…

Remote | Cross-Site Scripting

Mar 11, 2026 Mar 11, 2026

Mar 11, 2026

7.5 HIGH

CVE-2026-21289 — Adobe Commerce | Incorrect Authorization (CWE-863)

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature …

Remote | Authorization

Mar 11, 2026 Mar 11, 2026

Mar 11, 2026

8.1 HIGH

CVE-2026-21361 — Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting (XSS) vvulnerability that could be abused by a high…

Remote | Cross-Site Scripting

Mar 11, 2026 Mar 11, 2026

Mar 11, 2026

6.8 MEDIUM

CVE-2026-21360 — Adobe Commerce | Improper Limitation of a Pathname to a Restricted Directory ('Path Trave…

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')…

Remote | Path Traversal

Mar 11, 2026 Mar 11, 2026

Mar 11, 2026

4.3 MEDIUM

CVE-2026-21296 — Adobe Commerce | Incorrect Authorization (CWE-863)

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature …

Remote | Authorization

Mar 11, 2026 Mar 11, 2026

Mar 11, 2026

8.0 HIGH

CVE-2026-21311 — Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-…

Remote | Cross-Site Scripting

Mar 11, 2026 Mar 11, 2026

Mar 11, 2026

3.1 LOW

CVE-2026-21295 — Adobe Commerce | URL Redirection to Untrusted Site ('Open Redirect') (CWE-601)

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. An attacker …

Remote | Misconfiguration

Mar 11, 2026 Mar 11, 2026

Mar 11, 2026

Latest CVE Feed

CVEFeed.io UI Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable

Browse by Apps

Latest CVE Feed

CVEFeed.io UI Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable

Cookie Preferences