Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
6.4 MEDIUM
CVE-2026-0555 — Premmerce <= 1.3.20 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'premme…

The Premmerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'premmerce_wizard_actions' AJAX endpoint in all versions up to, and including, 1.3.20. This is due to missing c…

premmerce | Remote | Cross-Site Scripting
Feb 07, 2026 Feb 09, 2026
Feb 07, 2026
Feb 09, 2026
6.5 MEDIUM
CVE-2025-15477 — The Bucketlister <= 0.1.5 - Authenticated (Contributor+) SQL Injection via `category` and…

The Bucketlister plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode `category` and `id` attributes in all versions up to, and including, 0.1.5 due to insufficient escaping…

Remote | Injection
Feb 07, 2026 Feb 09, 2026
Feb 07, 2026
Feb 09, 2026
4.3 MEDIUM
CVE-2025-15476 — The Bucketlister <= 0.1.5 - Missing Authorization to Authenticated (Subscriber+) Bucket L…

The The Bucketlister plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bucketlister_do_admin_ajax() function in all versions up to, and …

Remote | Authorization
Feb 07, 2026 Feb 09, 2026
Feb 07, 2026
Feb 09, 2026
8.8 HIGH
CVE-2026-2078 — yeqifu warehouse Permission Management PermissionController.java deletePermission imprope…

A vulnerability was detected in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function addPermission/updatePermission/deletePermission of the file dataset\repos\wa…

warehouse | Remote | Authorization
Feb 07, 2026 Feb 10, 2026
Feb 07, 2026
Feb 10, 2026
8.8 HIGH
CVE-2026-2077 — yeqifu warehouse Role Management RoleController.java deleteRole improper authorization

A security vulnerability has been detected in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this issue is the function addRole/updateRole/deleteRole of the file dataset…

warehouse | Remote | Authorization
Feb 07, 2026 Feb 10, 2026
Feb 07, 2026
Feb 10, 2026
8.8 HIGH
CVE-2026-2076 — yeqifu warehouse User Management Endpoint UserController.java deleteUser improper authori…

A weakness has been identified in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this vulnerability is the function addUser/updateUser/deleteUser of the file dataset\rep…

warehouse | Remote | Authorization
Feb 07, 2026 Feb 10, 2026
Feb 07, 2026
Feb 10, 2026
Showing 20 of 4986 Results