Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
6.5 MEDIUM
CVE-2026-1235 — WP eCommerce <= 3.15.1 - Unauthenticated PHP Object Injection

The WP eCommerce WordPress plugin through 3.15.1 unserializes user input via ajax actions, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on…

Remote | Injection
Feb 11, 2026 Feb 11, 2026
Feb 11, 2026
Feb 11, 2026
6.5 MEDIUM
CVE-2025-15400 — OpenPix <= 2.13.3 - Subscriber+ Payment Gateway Settings Reset

The Pix para Woocommerce WordPress plugin through 2.13.3 allows any authenticated user to trigger AJAX actions that reset payment gateway configuration options without capability or nonce checks. Th…

Remote | Authentication
Feb 11, 2026 Feb 11, 2026
Feb 11, 2026
Feb 11, 2026
4.7 MEDIUM
CVE-2026-26079 — Roundcube Webmail CSS Injection Vulnerability

Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading Style Sheets (CSS) injection, e.g., because comments are mishandled.

webmail | Remote | Injection
Feb 11, 2026 Feb 11, 2026
Feb 11, 2026
Feb 11, 2026
6.4 MEDIUM
CVE-2026-1893 — Orbisius Random Name Generator <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site …

The Orbisius Random Name Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'btn_label' parameter in the 'orbisius_random_name_generator' shortcode in all versions up…

Remote | Cross-Site Scripting
Feb 11, 2026 Feb 11, 2026
Feb 11, 2026
Feb 11, 2026
Showing 20 of 5424 Results