Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
9.0 HIGH
CVE-2026-9294 — Edimax BR-6428NS POST Request formWanTcpipSetup buffer overflow

A vulnerability was identified in Edimax BR-6428NS 1.10. The impacted element is the function formWanTcpipSetup of the file /goform/formWanTcpipSetup of the component POST Request Handler. Such manip…

br-6428ns_firmware | Remote | Memory Corruption
May 23, 2026 May 26, 2026
May 23, 2026
May 26, 2026
8.2 HIGH
CVE-2026-9284 — WooCommerce PayPal Payments <= 4.0.1 - Missing Authorization to Unauthenticated Order Man…

The WooCommerce PayPal Payments plugin for WordPress is vulnerable to unauthorized order manipulation and information disclosure due to missing authorization checks on the `ppc-create-order` and `ppc…

paypal_payments | Remote | Authorization
May 23, 2026 May 26, 2026
May 23, 2026
May 26, 2026
8.8 HIGH
CVE-2026-6898 — WishList Member <= 3.30.1 - Missing Authorization to Authenticated (Subscriber+) Generate…

The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'WishListMember3_Hooks::generate_api_key' function in all versions…

Remote | Authorization
May 23, 2026 May 26, 2026
May 23, 2026
May 26, 2026
8.8 HIGH
CVE-2026-6897 — Wishlist Member <= 3.30.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrar…

The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'WishListMember\Features\Team_Accounts::save_settings' function in…

Remote | Authorization
May 23, 2026 May 26, 2026
May 23, 2026
May 26, 2026
8.8 HIGH
CVE-2026-6895 — Wishlist Member <= 3.30.1 - Missing Authorization to Authenticated (Subscriber+) API Secr…

The WishList Member plugin for WordPress is vulnerable to Missing Authorization leading to Sensitive Information Disclosure and Privilege Escalation in versions up to and including 3.30.1. This is du…

Remote | Authorization
May 23, 2026 May 26, 2026
May 23, 2026
May 26, 2026
8.8 HIGH
CVE-2026-6419 — Wishlist Member <= 3.30.1 - Missing Authorization to Authenticated (Subscriber+) API Secr…

The WishList Member plugin for WordPress is vulnerable to Privilege Escalation via Missing Authorization in versions up to and including 3.30.1. This is due to the missing capability and nonce check …

Remote | Authorization
May 23, 2026 May 26, 2026
May 23, 2026
May 26, 2026
Showing 20 of 7366 Results