Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
4.4 MEDIUM
CVE-2026-6813 — Continually <= 4.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'co…

The Continually plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.3.1 due to insufficient input sanitization and output esca…

Remote | Cross-Site Scripting
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
4.4 MEDIUM
CVE-2026-6800 — FastBots <= 1.0.12 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugi…

The FastBots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escapi…

Remote | Cross-Site Scripting
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
8.8 HIGH
CVE-2026-6001 — IDOR in Abis Technology's BAPSİS

Authorization bypass through User-Controlled key vulnerability in ABIS Technology Ltd. Co. BAPSİS allows Exploitation of Trusted Identifiers. This issue affects BAPSİS: before v.202604152042.

Remote | Authorization
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
8.7 HIGH
CVE-2026-5029 — RCE in Code Runner MCP Server

A remote code execution vulnerability exists in Code Runner MCP Server when run with the --transport http option, which exposes the /mcp JSON-RPC endpoint without authentication on port 3088. An unau…

| Injection
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
7.8 HIGH
CVE-2026-44412 — Solid Edge Stack Based Overflow Vulnerability

A vulnerability has been identified in Solid Edge SE2026 (All versions < V226.0 Update 5). The affected applications contain a stack based overflow vulnerability while parsing specially crafted PAR f…

| Memory Corruption
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
7.8 HIGH
CVE-2026-44411 — Solid Edge Uninitialized Pointer Access Code Execution Vulnerability

A vulnerability has been identified in Solid Edge SE2026 (All versions < V226.0 Update 5). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR f…

| Memory Corruption
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
9.3 CRITICAL
CVE-2026-41551 — "ROS# Path Traversal Vulnerability"

A vulnerability has been identified in ROS# (All versions < V2.2.2). Affected versions contain a path traversal vulnerability because user input is not properly sanitized. This could allow a remote …

Remote | Path Traversal
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
6.0 MEDIUM
CVE-2026-41125 — KACO Meteor SQL Injection Vulnerability

A vulnerability has been identified in blueplanet 100 NX3 M8 (All versions), blueplanet 100 TL3 GEN2 (All versions), blueplanet 105 TL3 (All versions), blueplanet 105 TL3 GEN2 (All versions), bluepla…

| Injection
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
8.7 HIGH
CVE-2026-33893 — "Teamcenter Hardcoded Key Disclosure"

A vulnerability has been identified in Teamcenter V2312 (All versions < V2312.0014), Teamcenter V2406 (All versions < V2406.0012), Teamcenter V2412 (All versions < V2412.0009), Teamcenter V2506 (All …

teamcenter | Remote | Cryptography
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
8.5 HIGH
CVE-2026-33862 — Teamcenter Cross-Site Scripting (XSS) Vulnerability

A vulnerability has been identified in Teamcenter V2312 (All versions < V2312.0014), Teamcenter V2406 (All versions < V2406.0012), Teamcenter V2412 (All versions < V2412.0009), Teamcenter V2506 (All …

teamcenter | Remote | Cross-Site Scripting
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
7.7 HIGH
CVE-2026-27662 — Microsoft Windows Unauthenticated Web Browser Access

Affected devices do not properly restrict access to the web browser via the Control Panel when no corresponding security mechanisms are in place. This could allow an unauthenticated attacker to gain…

| Authorization
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
7.2 HIGH
CVE-2026-25789 — Cisco Router File Upload Validation Bypass Vulnerability (Path Traversal)

Affected devices do not properly validate and sanitize filenames on the Firmware Update page. This could allow a remote attacker to social engineer the user into selecting the modified firmware file…

simatic_drive_controller_cpu_1504d_tf_firmware simatic_drive_controller_cpu_1507d_tf_firmware simatic_s7-1500_cpu_1511-1_pn_firmware simatic_s7-1500_cpu_1511c-1_pn_firmware simatic_s7-1500_cpu_1511f-1_pn_firmware simatic_s7-1500_cpu_1511t-1_pn_firmware +50 more | Remote | Cross-Site Scripting
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
9.3 CRITICAL
CVE-2026-25787 — Siemens SIMATIC WinCC Cross-Site Scripting (XSS)

Affected devices do not properly validate and sanitize Technology Object (TO) name rendered on the "Motion Control Diagnostics" page of the web interface. This could allow an authenticated attacker w…

simatic_drive_controller_cpu_1504d_tf_firmware simatic_drive_controller_cpu_1507d_tf_firmware simatic_s7-1500_cpu_1511-1_pn_firmware simatic_s7-1500_cpu_1511c-1_pn_firmware simatic_s7-1500_cpu_1511f-1_pn_firmware simatic_s7-1500_cpu_1511t-1_pn_firmware +50 more | Remote | Cross-Site Scripting
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
9.3 CRITICAL
CVE-2026-25786 — Siemens SIMATIC Cross-Site Scripting (XSS)

Affected devices do not properly validate and sanitize PLC/station name rendered on the "communication" parameters page of the web interface. This could allow an authenticated attacker who is author…

simatic_drive_controller_cpu_1504d_tf_firmware simatic_drive_controller_cpu_1507d_tf_firmware simatic_s7-1500_cpu_1511-1_pn_firmware simatic_s7-1500_cpu_1511c-1_pn_firmware simatic_s7-1500_cpu_1511f-1_pn_firmware simatic_s7-1500_cpu_1511t-1_pn_firmware +50 more | Remote | Cross-Site Scripting
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
8.7 HIGH
CVE-2026-22925 — Siemens SIMATIC CN 4100 TCP SYN Flood Denial of Service

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V5.0). The affected application is susceptible to resource exhaustion when subjected to high volume of TCP SYN packets This cou…

nx simatic_cn_4100_firmware | Remote | Denial of Service
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
9.1 CRITICAL
CVE-2026-22924 — "SIMATIC CN 4100 Unauthenticated Denial of Service"

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V5.0). The affected application does not properly restrict unauthenticated connections and is susceptible to resource exhaustion…

nx simatic_cn_4100_firmware | Remote | Authentication
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
4.3 MEDIUM
CVE-2026-1934 — Motors – Car Dealership & Classified Listings Plugin <= 1.4.103 - Missing Authorization t…

The Motors – Car Dealership & Classified Listings plugin for WordPress is vulnerable to Payment Bypass via insecure user meta update in all versions up to, and including, 1.4.103 This is due to the s…

motors_-_car_dealer\,_classifieds_\&_listing | Remote | Authorization
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
9.8 CRITICAL
CVE-2025-6577 — SQLi in Akilli Commerce's E-Commerce Website

Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows SQL Injection. This iss…

Remote | Injection
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
9.1 CRITICAL
CVE-2025-40949 — RUGGEDCOM ROX Command Injection Vulnerability

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.1), RUGGEDCOM ROX MX5000RE (All versions < V2.17.1), RUGGEDCOM ROX RX1400 (All versions < V2.17.1), RUGGEDCOM ROX RX1…

ruggedcom_rox_mx5000_firmware ruggedcom_rox_rx1400_firmware ruggedcom_rox_rx1500_firmware ruggedcom_rox_rx1501_firmware ruggedcom_rox_rx1510_firmware ruggedcom_rox_rx1511_firmware +5 more | Remote | Injection
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
6.8 MEDIUM
CVE-2025-40948 — RUGGEDCOM ROX File Disclosure Vulnerability

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.1), RUGGEDCOM ROX MX5000RE (All versions < V2.17.1), RUGGEDCOM ROX RX1400 (All versions < V2.17.1), RUGGEDCOM ROX RX1…

ruggedcom_rox_mx5000_firmware ruggedcom_rox_rx1400_firmware ruggedcom_rox_rx1500_firmware ruggedcom_rox_rx1501_firmware ruggedcom_rox_rx1510_firmware ruggedcom_rox_rx1511_firmware +5 more | Remote | Information Disclosure
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
Showing 20 of 6193 Results