Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
8.8 HIGH
CVE-2026-35675 — phpMyFAQ - Authentication Bypass via Missing Password Reset Token in /api/user/password/u…

phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability in the password reset endpoint that allows unauthenticated attackers to reset any user account password without token verificatio…

phpmyfaq | Remote | Authentication
May 28, 2026 May 29, 2026
May 28, 2026
May 29, 2026
8.7 HIGH
CVE-2026-35672 — phpMyFAQ - Authentication Bypass via Empty API Token

phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability in API v4.0 where the default empty api.apiClientToken allows unauthenticated users to create and modify FAQ entries. Attackers c…

phpmyfaq | Remote | Authentication
May 28, 2026 May 28, 2026
May 28, 2026
May 28, 2026
8.8 HIGH
CVE-2026-35671 — phpMyFAQ - Insecure Direct Object Reference in User Password API

phpMyFAQ before 4.1.3 contains an insecure direct object reference vulnerability in the admin API user password endpoint that allows authenticated administrators to change any user's password without…

phpmyfaq | Remote | Authorization
May 28, 2026 May 30, 2026
May 28, 2026
May 30, 2026
Showing 20 of 7723 Results