Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
6.5 MEDIUM
CVE-2026-8280 — Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to cause den…

Remote | Denial of Service
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
9.8 CRITICAL
CVE-2026-8181 — Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover

The Burst Statistics – Privacy-Friendly WordPress Analytics (Google Analytics Alternative) plugin for WordPress is vulnerable to Authentication Bypass in versions 3.4.0 to 3.4.1.1. This is due to inc…

Remote | Authentication
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
4.3 MEDIUM
CVE-2026-8144 — Missing Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with projec…

Remote | Authorization
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
8.7 HIGH
CVE-2026-7481 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in G…

GitLab has remediated an issue in GitLab EE affecting all versions from 16.4 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with developer…

Remote | Cross-Site Scripting
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
3.5 LOW
CVE-2026-7471 — Server-Side Request Forgery (SSRF) in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.8 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with control o…

Remote | Server-Side Request Forgery
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
8.7 HIGH
CVE-2026-7377 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in G…

GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that, in customizable analytics dashboards, could have allow…

Remote | Cross-Site Scripting
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
2.6 LOW
CVE-2026-6883 — Missing Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 15.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to bypass merg…

Remote | Authorization
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
6.1 MEDIUM
CVE-2026-6417 — GLS Shipping for WooCommerce <= 1.4.0 - Reflected Cross-Site Scripting via 'failed_orders'

The GLS Shipping for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'failed_orders' parameter in all versions up to, and including, 1.4.0 due to insufficient…

Remote | Cross-Site Scripting
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
5.4 MEDIUM
CVE-2026-6335 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in G…

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.3 that under certain conditions could have allowed an authenticated user to execute arbitrary code in ano…

Remote | Cross-Site Scripting
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
8.7 HIGH
CVE-2026-6073 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in G…

GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to execute arb…

Remote | Cross-Site Scripting
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
4.3 MEDIUM
CVE-2026-6063 — Authorization Bypass Through User-Controlled Key in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 11.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that under certain conditions could have allowed an authent…

Remote | Authorization
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
8.2 HIGH
CVE-2026-5396 — Fluent Forms <= 6.1.21 - Authenticated (Subscriber+) Authorization Bypass via 'form_id' P…

The Fluent Forms plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to, and including, 6.1.21. This is due to the SubmissionPolicy class authori…

Remote | Authorization
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
6.4 MEDIUM
CVE-2026-5243 — The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu,…

The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to stored cross-site scripting via the `menu_hover_click` …

Remote | Cross-Site Scripting
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
6.5 MEDIUM
CVE-2026-4527 — Cross-Site Request Forgery (CSRF) in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to creat…

Remote | Cross-Site Request Forgery
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
6.5 MEDIUM
CVE-2026-4524 — Authentication Bypass Using an Alternate Path or Channel in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to access…

Remote | Authorization
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
5.4 MEDIUM
CVE-2026-3829 — WP Encryption - One Click SSL & Force HTTPS <= 7.8.5.10 - Missing Authorization to Authen…

The WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL Scan plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks…

Remote | Authorization
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
4.3 MEDIUM
CVE-2026-3607 — Access Control Check Implemented After Asset is Accessed in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.3 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with develo…

Remote | Authorization
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
5.8 MEDIUM
CVE-2026-3160 — Unintended Proxy or Intermediary ('Confused Deputy') in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to view Jir…

Remote | Authorization
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
4.3 MEDIUM
CVE-2026-3074 — Authorization Bypass Through User-Controlled Key in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to downlo…

Remote | Authorization
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
4.3 MEDIUM
CVE-2026-3073 — Authorization Bypass Through User-Controlled Key in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.6 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with develo…

Remote | Authorization
May 14, 2026 May 14, 2026
May 14, 2026
May 14, 2026
Showing 20 of 6407 Results