Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
6.1 MEDIUM
CVE-2026-5226 — Optimole <= 4.2.3 - Reflected Cross-Site Scripting via Page Profiler URL

The Optimole – Optimize Images in Real Time plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL paths in versions up to, and including, 4.2.3 This is due to insufficient outp…

Remote | Cross-Site Scripting
Apr 11, 2026 Apr 11, 2026
Apr 11, 2026
Apr 11, 2026
7.2 HIGH
CVE-2026-5217 — Optimole <= 4.2.2 - Unauthenticated Stored Cross-Site Scripting via Srcset Descriptor Par…

The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.2…

Remote | Cross-Site Scripting
Apr 11, 2026 Apr 11, 2026
Apr 11, 2026
Apr 11, 2026
6.5 MEDIUM
CVE-2026-5207 — LifterLMS <= 9.2.1 - Authenticated (Custom+) SQL Injection via 'order' Parameter

The LifterLMS plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and including, 9.2.1. This is due to insufficient escaping on the user supplied para…

Remote | Injection
Apr 11, 2026 Apr 11, 2026
Apr 11, 2026
Apr 11, 2026
8.8 HIGH
CVE-2026-5144 — BuddyPress Groupblog <= 1.9.3 - Authenticated (Subscriber+) Privilege Escalation to Admin…

The BuddyPress Groupblog plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.3. This is due to the group blog settings handler accepting the `groupblo…

Remote | Authorization
Apr 11, 2026 Apr 11, 2026
Apr 11, 2026
Apr 11, 2026
5.0 MEDIUM
CVE-2026-4979 — UsersWP <= 1.2.58 - Authenticated (Subscriber+) Server-Side Request Forgery via 'uwp_crop…

The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP plugin for WordPress is vulnerable to blind Server-Side Request Forgery in all versions up to, an…

Remote | Server-Side Request Forgery
Apr 11, 2026 Apr 11, 2026
Apr 11, 2026
Apr 11, 2026
6.4 MEDIUM
CVE-2026-4895 — Greenshift <= 12.8.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via disab…

The GreenShift - Animation and Page Builder Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 12.8.9 This is due to insufficient input sanitiz…

Remote | Cross-Site Scripting
Apr 11, 2026 Apr 11, 2026
Apr 11, 2026
Apr 11, 2026
6.4 MEDIUM
CVE-2026-3498 — BlockArt Blocks <= 2.2.15 - Authenticated (Author+) Stored Cross-Site Scripting via 'clie…

The BlockArt Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'clientId' block attribute in all versions up to, and including, 2.2.15. This is due to insufficient inpu…

Remote | Cross-Site Scripting
Apr 11, 2026 Apr 11, 2026
Apr 11, 2026
Apr 11, 2026
4.3 MEDIUM
CVE-2026-3371 — Tutor LMS <= 3.9.7 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbi…

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.9.7. This is due to missing authori…

Remote | Authorization
Apr 11, 2026 Apr 11, 2026
Apr 11, 2026
Apr 11, 2026
5.4 MEDIUM
CVE-2026-3358 — Tutor LMS <= 3.9.7 - Missing Authorization to Authenticated (Subscriber+) Unauthorized Pr…

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized private course enrollment in all versions up to, and including, 3.9.7. This is due to missing p…

Remote | Authorization
Apr 11, 2026 Apr 11, 2026
Apr 11, 2026
Apr 11, 2026
7.8 HIGH
CVE-2026-5496 — Labcenter Electronics Proteus PDSPRJ File Parsing Type Confusion Remote Code Execution Vu…

Labcenter Electronics Proteus PDSPRJ File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of…

| Memory Corruption
Apr 11, 2026 Apr 11, 2026
Apr 11, 2026
Apr 11, 2026
7.8 HIGH
CVE-2026-5495 — Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Executi…

Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installatio…

| Memory Corruption
Apr 11, 2026 Apr 11, 2026
Apr 11, 2026
Apr 11, 2026
7.8 HIGH
CVE-2026-5494 — Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Executi…

Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installatio…

| Memory Corruption
Apr 11, 2026 Apr 11, 2026
Apr 11, 2026
Apr 11, 2026
7.8 HIGH
CVE-2026-5493 — Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Executi…

Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installatio…

| Memory Corruption
Apr 11, 2026 Apr 11, 2026
Apr 11, 2026
Apr 11, 2026
9.8 CRITICAL
CVE-2026-5059 — aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability

aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authent…

| Injection
Apr 11, 2026 Apr 11, 2026
Apr 11, 2026
Apr 11, 2026
9.8 CRITICAL
CVE-2026-5058 — aws-mcp-server Command Injection Remote Code Execution Vulnerability

aws-mcp-server Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication …

| Injection
Apr 11, 2026 Apr 11, 2026
Apr 11, 2026
Apr 11, 2026
7.8 HIGH
CVE-2026-5055 — NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attac…

| Misconfiguration
Apr 11, 2026 Apr 11, 2026
Apr 11, 2026
Apr 11, 2026
7.8 HIGH
CVE-2026-5054 — NoMachine External Control of File Path Local Privilege Escalation Vulnerability

NoMachine External Control of File Path Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker …

| Path Traversal
Apr 11, 2026 Apr 11, 2026
Apr 11, 2026
Apr 11, 2026
7.1 HIGH
CVE-2026-5053 — NoMachine External Control of File Path Arbitrary File Deletion Vulnerability

NoMachine External Control of File Path Arbitrary File Deletion Vulnerability. This vulnerability allows local attackers to delete arbitrary files on affected installations of NoMachine. An attacker …

| Path Traversal
Apr 11, 2026 Apr 11, 2026
Apr 11, 2026
Apr 11, 2026
7.3 HIGH
CVE-2026-4158 — KeePassXC OpenSSL Configuration Uncontrolled Search Path Element Local Privilege Escalati…

KeePassXC OpenSSL Configuration Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations o…

| Misconfiguration
Apr 11, 2026 Apr 11, 2026
Apr 11, 2026
Apr 11, 2026
7.5 HIGH
CVE-2026-4157 — ChargePoint Home Flex revssh Service Command Injection Remote Code Execution Vulnerability

ChargePoint Home Flex revssh Service Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of…

| Injection
Apr 11, 2026 Apr 11, 2026
Apr 11, 2026
Apr 11, 2026
Showing 20 of 6354 Results