Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
7.5 HIGH
CVE-2026-9575 — itsourcecode Student Transcript Processing System index.php sql injection

A vulnerability has been found in itsourcecode Student Transcript Processing System 1.0. This issue affects some unknown processing of the file /admin/modules/class/index.php?view=view. The manipulat…

student_transcript_processing_system | Remote | Injection
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
7.5 HIGH
CVE-2026-9574 — itsourcecode Student Transcript Processing System trans.php sql injection

A flaw has been found in itsourcecode Student Transcript Processing System 1.0. This vulnerability affects unknown code of the file /admin/modules/student/trans.php. Executing a manipulation of the a…

student_transcript_processing_system | Remote | Injection
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
7.5 HIGH
CVE-2026-9573 — itsourcecode Student Transcript Processing System index.php sql injection

A vulnerability was detected in itsourcecode Student Transcript Processing System 1.0. This affects an unknown part of the file /admin/modules/student/index.php?view=view. Performing a manipulation o…

student_transcript_processing_system | Remote | Injection
May 26, 2026 May 27, 2026
May 26, 2026
May 27, 2026
7.1 HIGH
CVE-2026-44833 — Snipe-IT: Open redirect vulnerability

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, an open redirect vulnerability in Snipe-IT allows attackers to redirect users to malicious sites via unvalidated HTTP Referer header…

snipe-it | Remote | Misconfiguration
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
8.8 HIGH
CVE-2026-44832 — Snipe-IT: Privilege Escalation via API Permissions Assignment

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, aAn authenticated user with only users.edit permission can escalate their own privileges to admin by sending a PATCH request to /api…

snipe-it | Remote | Authorization
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
5.4 MEDIUM
CVE-2026-44831 — Snipe-IT: XSS vulnerability in component notes

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, users with component view access could be impacted by an unescaped notes column, resulting in cross-site scripting (XSS). This vulne…

snipe-it | Remote | Cross-Site Scripting
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
5.8 MEDIUM
CVE-2026-44214 — eventsource-encoder: SSE event injection via unsanitized event and id fields

eventsource-encoder encodes events as well-formed EventSource/Server Sent Event (SSE) messages. Prior to 1.0.2, eventsource-encoder does not sanitize the event or id fields of an EventSourceMessage b…

eventsource-encoder | Remote | Injection
May 26, 2026 May 28, 2026
May 26, 2026
May 28, 2026
6.3 MEDIUM
CVE-2026-27331 — WordPress WpTravelly plugin <= 2.1.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Magepeople inc. WpTravelly allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpTravelly: from n/a through 2.1.5.

Remote | Authorization
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
4.3 MEDIUM
CVE-2026-25444 — WordPress WpBookingly plugin <= 1.2.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Magepeople inc. WpBookingly allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpBookingly: from n/a through 1.2.9.

Remote | Authorization
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
5.3 MEDIUM
CVE-2026-25426 — WordPress Taxi Booking Manager for WooCommerce plugin <= 2.0.1 - Broken Access Control vu…

Missing Authorization vulnerability in Magepeople inc. Taxi Booking Manager for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Taxi Booking M…

ecab_taxi_booking_manager | Remote | Authorization
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
4.3 MEDIUM
CVE-2026-24520 — WordPress Tiktok Feed plugin <= 1.0.24 - Broken Access Control vulnerability

Missing Authorization vulnerability in bPlugins Tiktok Feed allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Tiktok Feed: from n/a through 1.0.24.

Remote | Authorization
May 26, 2026 May 26, 2026
May 26, 2026
May 26, 2026
2.4 LOW
CVE-2025-68710 — Easyelife App Lock Fingerprinting Bypass Vulnerability

Easyelife App lock (aka Fingerprint,Applock or locker.app.safe.applocker) 1.9.2 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an overlay …

| Authentication
May 26, 2026 May 27, 2026
May 26, 2026
May 27, 2026
5.2 MEDIUM
CVE-2025-68709 — SailingLab AppLock JavaScript Injection Vulnerability

SailingLab AppLock (aka com.alpha.applock) 4.3.8 for Android allows a local attacker to trigger arbitrary JavaScript execution via BrowserMainActivity, which accepts VIEW intents with javascript: URI…

| Cross-Site Scripting
May 26, 2026 May 27, 2026
May 26, 2026
May 27, 2026
Showing 20 of 8273 Results