Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
0.0 NA
CVE-2026-6419 — Wishlist Member <= 3.30.1 - Missing Authorization to Authenticated (Subscriber+) API Secr…

The WishList Member plugin for WordPress is vulnerable to Privilege Escalation via Missing Authorization in versions up to and including 3.30.1. This is due to the missing capability and nonce check …

| Authorization
May 23, 2026 May 23, 2026
May 23, 2026
May 23, 2026
0.0 NA
CVE-2026-6897 — Wishlist Member <= 3.30.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrar…

The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'WishListMember\Features\Team_Accounts::save_settings' function in…

| Authorization
May 23, 2026 May 23, 2026
May 23, 2026
May 23, 2026
0.0 NA
CVE-2026-9284 — WooCommerce PayPal Payments <= 4.0.1 - Missing Authorization to Unauthenticated Order Man…

The WooCommerce PayPal Payments plugin for WordPress is vulnerable to unauthorized order manipulation and information disclosure due to missing authorization checks on the `ppc-create-order` and `ppc…

| Authorization
May 23, 2026 May 23, 2026
May 23, 2026
May 23, 2026
0.0 NA
CVE-2026-6895 — Wishlist Member <= 3.30.1 - Missing Authorization to Authenticated (Subscriber+) API Secr…

The WishList Member plugin for WordPress is vulnerable to Missing Authorization leading to Sensitive Information Disclosure and Privilege Escalation in versions up to and including 3.30.1. This is du…

| Authorization
May 23, 2026 May 23, 2026
May 23, 2026
May 23, 2026
0.0 NA
CVE-2026-6898 — WishList Member <= 3.30.1 - Missing Authorization to Authenticated (Subscriber+) Generate…

The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'WishListMember3_Hooks::generate_api_key' function in all versions…

| Authorization
May 23, 2026 May 23, 2026
May 23, 2026
May 23, 2026
0.0 NA
CVE-2026-41149 — Mermaid: Improper sanitization of `classDef` in state diagrams leads to HTML injection

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Versions 10.9.5 and earlier, as well as 11.0.0-alpha.1 through 11.14.0, are vulnerable to HTML …

mermaid | Injection
May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
7.5 HIGH
CVE-2026-23663 — Microsoft Global Secure Access (GSA) Information Disclosure Vulnerability

None

May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
10.0 CRITICAL
CVE-2026-42901 — Microsoft Entra ID Elevation of Privilege Vulnerability

None

May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
10.0 CRITICAL
CVE-2026-41104 — Microsoft Planetary Computer Pro Information Disclosure Vulnerability

None

May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
8.8 HIGH
CVE-2026-45659 — Microsoft SharePoint Remote Code Execution Vulnerability

None

May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
0.0 NA
CVE-2026-41148 — Mermaid: Improper sanitization of `classDefs` in diagrams leads to CSS injection

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Versions 10.9.5 and prior, in addition to 11.0.0-alpha.1 through 11.12.0 are vulnerable to CSS …

mermaid | Injection
May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
9.1 CRITICAL
CVE-2026-33843 — Microsoft Azure Active Directory B2C Elevation of Privilege Vulnerability

None

Remote
May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
7.7 HIGH
CVE-2026-26147 — Azure Stack HCI Information Disclosure Vulnerability

None

May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
9.3 CRITICAL
CVE-2026-41090 — Microsoft Copilot Tampering Vulnerability

None

May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
6.5 MEDIUM
CVE-2026-42827 — M365 Copilot Information Disclosure Vulnerability

None

May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
10.0 CRITICAL
CVE-2026-47280 — Azure Resource Manager Elevation of Privilege Vulnerability

None

May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
9.9 CRITICAL
CVE-2026-40411 — Azure Virtual Network Gateway Remote Code Execution Vulnerability

None

May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
8.8 HIGH
CVE-2026-35430 — Azure Privileged Identity Management (PIM) Elevation of Privilege Vulnerability

None

May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
10.0 CRITICAL
CVE-2026-23652 — Microsoft Power Pages Remote Code Execution Vulnerability

None

May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
10.0 CRITICAL
CVE-2026-40412 — Azure Orbital Spatio Remote Code Execution Vulnerability

None

May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
Showing 20 of 6039 Results