Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
9.3 CRITICAL
CVE-2026-25786 — Siemens SIMATIC Cross-Site Scripting (XSS)

Affected devices do not properly validate and sanitize PLC/station name rendered on the "communication" parameters page of the web interface. This could allow an authenticated attacker who is author…

simatic_drive_controller_cpu_1504d_tf_firmware simatic_drive_controller_cpu_1507d_tf_firmware simatic_s7-1500_cpu_1511-1_pn_firmware simatic_s7-1500_cpu_1511c-1_pn_firmware simatic_s7-1500_cpu_1511f-1_pn_firmware simatic_s7-1500_cpu_1511t-1_pn_firmware +50 more | Remote | Cross-Site Scripting
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
8.7 HIGH
CVE-2026-22925 — Siemens SIMATIC CN 4100 TCP SYN Flood Denial of Service

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V5.0). The affected application is susceptible to resource exhaustion when subjected to high volume of TCP SYN packets This cou…

nx simatic_cn_4100_firmware | Remote | Denial of Service
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
9.1 CRITICAL
CVE-2026-22924 — "SIMATIC CN 4100 Unauthenticated Denial of Service"

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V5.0). The affected application does not properly restrict unauthenticated connections and is susceptible to resource exhaustion…

nx simatic_cn_4100_firmware | Remote | Authentication
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
4.3 MEDIUM
CVE-2026-1934 — Motors – Car Dealership & Classified Listings Plugin <= 1.4.103 - Missing Authorization t…

The Motors – Car Dealership & Classified Listings plugin for WordPress is vulnerable to Payment Bypass via insecure user meta update in all versions up to, and including, 1.4.103 This is due to the s…

motors_-_car_dealer\,_classifieds_\&_listing | Remote | Authorization
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
9.8 CRITICAL
CVE-2025-6577 — SQLi in Akilli Commerce's E-Commerce Website

Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows SQL Injection. This iss…

Remote | Injection
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
9.1 CRITICAL
CVE-2025-40949 — RUGGEDCOM ROX Command Injection Vulnerability

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.1), RUGGEDCOM ROX MX5000RE (All versions < V2.17.1), RUGGEDCOM ROX RX1400 (All versions < V2.17.1), RUGGEDCOM ROX RX1…

ruggedcom_rox_mx5000_firmware ruggedcom_rox_rx1400_firmware ruggedcom_rox_rx1500_firmware ruggedcom_rox_rx1501_firmware ruggedcom_rox_rx1510_firmware ruggedcom_rox_rx1511_firmware +5 more | Remote | Injection
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
6.8 MEDIUM
CVE-2025-40948 — RUGGEDCOM ROX File Disclosure Vulnerability

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.1), RUGGEDCOM ROX MX5000RE (All versions < V2.17.1), RUGGEDCOM ROX RX1400 (All versions < V2.17.1), RUGGEDCOM ROX RX1…

ruggedcom_rox_mx5000_firmware ruggedcom_rox_rx1400_firmware ruggedcom_rox_rx1500_firmware ruggedcom_rox_rx1501_firmware ruggedcom_rox_rx1510_firmware ruggedcom_rox_rx1511_firmware +5 more | Remote | Information Disclosure
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
7.7 HIGH
CVE-2025-40947 — RUGGEDCOM ROX Remote Command Injection Vulnerability

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.1), RUGGEDCOM ROX MX5000RE (All versions < V2.17.1), RUGGEDCOM ROX RX1400 (All versions < V2.17.1), RUGGEDCOM ROX RX1…

ruggedcom_rox_mx5000_firmware ruggedcom_rox_rx1400_firmware ruggedcom_rox_rx1500_firmware ruggedcom_rox_rx1501_firmware ruggedcom_rox_rx1510_firmware ruggedcom_rox_rx1511_firmware +5 more | Remote | Injection
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
8.3 HIGH
CVE-2025-40946 — Siemens Blueplanet Serial Number Credential Derivation Vulnerability

A vulnerability has been identified in blueplanet 100 NX3 M8 (All versions), blueplanet 100 TL3 GEN2 (All versions < V6.1.4.9), blueplanet 105 TL3 (All versions), blueplanet 105 TL3 GEN2 (All version…

| Authentication
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
8.7 HIGH
CVE-2025-40833 — Aruba Networks IPv4 Request Denial of Service

The affected devices contain a null pointer dereference vulnerability while processing specially crafted IPv4 requests. This could allow an attacker to cause denial of service condition. A manual res…

simatic_s7-1500_cpu_1511-1_pn_firmware simatic_s7-1500_cpu_1511f-1_pn_firmware simatic_s7-1500_cpu_1513-1_pn_firmware simatic_s7-1500_cpu_1515-2_pn_firmware simatic_s7-1500_cpu_1515f-2_pn_firmware simatic_s7-1500_cpu_1516-3_pn\/dp_firmware +104 more | Remote | Denial of Service
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
6.9 MEDIUM
CVE-2024-54017 — Siemens SIPROTEC 5 Web Server Session Identifier Predictability Vulnerability

A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V11.0), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 6…

Remote | Authentication
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
6.4 MEDIUM
CVE-2026-7661 — Bootstrap Shortcode <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via…

The Bootstrap Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `box` shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitiza…

Remote | Cross-Site Scripting
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
6.4 MEDIUM
CVE-2026-7659 — Advanced Social Media Icons <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scrip…

The Advanced Social Media Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `social` shortcode in all versions up to, and including, 1.2. This is due to insufficient inp…

Remote | Cross-Site Scripting
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
5.3 MEDIUM
CVE-2026-7626 — Slek Gateway for WooCommerce <= 1.0 - Unauthenticated Insufficiently Protected Credential…

The Slek Gateway for WooCommerce plugin for WordPress is vulnerable to Information Exposure in version 1.0. This is due to the wsb_handle_slek_payment_redirect() function placing the merchant's slek_…

Remote | Information Disclosure
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
4.3 MEDIUM
CVE-2026-7616 — Zawgyi Embed <= 2.1.1 - Cross-Site Request Forgery via 'zawgyi_forceCSS' Parameter

The Zawgyi Embed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.1. This is due to missing or incorrect nonce validation on the zawgyi_admin…

Remote | Cross-Site Request Forgery
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
4.3 MEDIUM
CVE-2026-7562 — WP-Redirection <= 1.0.3 - Cross-Site Request Forgery to Settings Update

The WP-Redirection plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.0.3. This is due to the absence of a nonce field in the admin settings form a…

Remote | Cross-Site Request Forgery
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
6.1 MEDIUM
CVE-2026-7561 — Tm – WordPress Redirection <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scrip…

The Tm – WordPress Redirection plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on a fu…

Remote | Cross-Site Request Forgery
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
6.1 MEDIUM
CVE-2026-7464 — WP Google Maps Integration <= 1.2 - Reflected Cross-Site Scripting via 'page' Parameter

The WP Google Maps Integration plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `page` parameter in all versions up to, and including, 1.2. This is due to insufficient inp…

Remote | Cross-Site Scripting
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
6.1 MEDIUM
CVE-2026-7437 — AzonPost <= 1.3 - Reflected Cross-Site Scripting

The AzonPost plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `editpos_hidden` parameter in all versions up to, and including, 1.3. This is due to insufficient input sanit…

Remote | Cross-Site Scripting
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
4.3 MEDIUM
CVE-2026-7050 — Forms Rb <= 1.1.9 - Missing Authorization to Authenticated (Contributor+) Arbitrary Modif…

The Forms Rb plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.9. This is due to the plugin not properly verifying that a user is authorized to perf…

Remote | Authorization
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
Showing 20 of 6117 Results