Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
5.1 MEDIUM
CVE-2026-41051 — csync2 uses insecure temporary directories when compiled with C99 or later

csync2 uses insecure temporary directories when compiled with C99 or later, allowing for TOCTOU style attacks on the temporary directories.

| Race Condition
May 13, 2026 May 13, 2026
May 13, 2026
May 13, 2026
5.3 MEDIUM
CVE-2026-2515 — Hostinger Reach <= 1.3.8 - Missing Authorization to Authenticated (Subscriber+) Integrati…

The Hostinger Reach – AI-Powered Email Marketing for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'handle_ajax_action' fu…

Remote | Authorization
May 13, 2026 May 13, 2026
May 13, 2026
May 13, 2026
7.0 HIGH
CVE-2026-25710 — Plasma Loginauth Helper Privilege Escalation Vulnerability

The new upstream added a privileged D-Bus helper called plasmaloginauthhelper, which suffers from multiple issues, e.g.aA compromised plasmalogin service account can chown() arbitrary files in the sy…

| Path Traversal
May 13, 2026 May 13, 2026
May 13, 2026
May 13, 2026
7.8 HIGH
CVE-2024-47091 — Privilege escalation via mk_mysql agent plugin on Windows

Privilege escalation in the mk_mysql agent plugin on Windows in Checkmk <2.4.0p29, <2.3.0p47, and 2.2.0 (EOL) allows a local unprivileged user able to create a Windows service whose name matches 'MyS…

checkmk | Authentication
May 13, 2026 May 26, 2026
May 13, 2026
May 26, 2026
Showing 20 of 7044 Results