Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
6.0 MEDIUM
CVE-2026-41125 — KACO Meteor SQL Injection Vulnerability

A vulnerability has been identified in blueplanet 100 NX3 M8 (All versions), blueplanet 100 TL3 GEN2 (All versions), blueplanet 105 TL3 (All versions), blueplanet 105 TL3 GEN2 (All versions), bluepla…

| Injection
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
8.7 HIGH
CVE-2026-33893 — "Teamcenter Hardcoded Key Disclosure"

A vulnerability has been identified in Teamcenter V2312 (All versions < V2312.0014), Teamcenter V2406 (All versions < V2406.0012), Teamcenter V2412 (All versions < V2412.0009), Teamcenter V2506 (All …

teamcenter | Remote | Cryptography
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
8.5 HIGH
CVE-2026-33862 — Teamcenter Cross-Site Scripting (XSS) Vulnerability

A vulnerability has been identified in Teamcenter V2312 (All versions < V2312.0014), Teamcenter V2406 (All versions < V2406.0012), Teamcenter V2412 (All versions < V2412.0009), Teamcenter V2506 (All …

teamcenter | Remote | Cross-Site Scripting
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
7.7 HIGH
CVE-2026-27662 — Microsoft Windows Unauthenticated Web Browser Access

Affected devices do not properly restrict access to the web browser via the Control Panel when no corresponding security mechanisms are in place. This could allow an unauthenticated attacker to gain…

| Authorization
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
7.2 HIGH
CVE-2026-25789 — Cisco Router File Upload Validation Bypass Vulnerability (Path Traversal)

Affected devices do not properly validate and sanitize filenames on the Firmware Update page. This could allow a remote attacker to social engineer the user into selecting the modified firmware file…

simatic_drive_controller_cpu_1504d_tf_firmware simatic_drive_controller_cpu_1507d_tf_firmware simatic_s7-1500_cpu_1511-1_pn_firmware simatic_s7-1500_cpu_1511c-1_pn_firmware simatic_s7-1500_cpu_1511f-1_pn_firmware simatic_s7-1500_cpu_1511t-1_pn_firmware +50 more | Remote | Cross-Site Scripting
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
9.3 CRITICAL
CVE-2026-25787 — Siemens SIMATIC WinCC Cross-Site Scripting (XSS)

Affected devices do not properly validate and sanitize Technology Object (TO) name rendered on the "Motion Control Diagnostics" page of the web interface. This could allow an authenticated attacker w…

simatic_drive_controller_cpu_1504d_tf_firmware simatic_drive_controller_cpu_1507d_tf_firmware simatic_s7-1500_cpu_1511-1_pn_firmware simatic_s7-1500_cpu_1511c-1_pn_firmware simatic_s7-1500_cpu_1511f-1_pn_firmware simatic_s7-1500_cpu_1511t-1_pn_firmware +50 more | Remote | Cross-Site Scripting
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
9.3 CRITICAL
CVE-2026-25786 — Siemens SIMATIC Cross-Site Scripting (XSS)

Affected devices do not properly validate and sanitize PLC/station name rendered on the "communication" parameters page of the web interface. This could allow an authenticated attacker who is author…

simatic_drive_controller_cpu_1504d_tf_firmware simatic_drive_controller_cpu_1507d_tf_firmware simatic_s7-1500_cpu_1511-1_pn_firmware simatic_s7-1500_cpu_1511c-1_pn_firmware simatic_s7-1500_cpu_1511f-1_pn_firmware simatic_s7-1500_cpu_1511t-1_pn_firmware +50 more | Remote | Cross-Site Scripting
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
8.7 HIGH
CVE-2026-22925 — Siemens SIMATIC CN 4100 TCP SYN Flood Denial of Service

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V5.0). The affected application is susceptible to resource exhaustion when subjected to high volume of TCP SYN packets This cou…

nx simatic_cn_4100_firmware | Remote | Denial of Service
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
9.1 CRITICAL
CVE-2026-22924 — "SIMATIC CN 4100 Unauthenticated Denial of Service"

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V5.0). The affected application does not properly restrict unauthenticated connections and is susceptible to resource exhaustion…

nx simatic_cn_4100_firmware | Remote | Authentication
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
4.3 MEDIUM
CVE-2026-1934 — Motors – Car Dealership & Classified Listings Plugin <= 1.4.103 - Missing Authorization t…

The Motors – Car Dealership & Classified Listings plugin for WordPress is vulnerable to Payment Bypass via insecure user meta update in all versions up to, and including, 1.4.103 This is due to the s…

motors_-_car_dealer\,_classifieds_\&_listing | Remote | Authorization
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
9.8 CRITICAL
CVE-2025-6577 — SQLi in Akilli Commerce's E-Commerce Website

Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows SQL Injection. This iss…

Remote | Injection
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
9.1 CRITICAL
CVE-2025-40949 — RUGGEDCOM ROX Command Injection Vulnerability

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.1), RUGGEDCOM ROX MX5000RE (All versions < V2.17.1), RUGGEDCOM ROX RX1400 (All versions < V2.17.1), RUGGEDCOM ROX RX1…

ruggedcom_rox_mx5000_firmware ruggedcom_rox_rx1400_firmware ruggedcom_rox_rx1500_firmware ruggedcom_rox_rx1501_firmware ruggedcom_rox_rx1510_firmware ruggedcom_rox_rx1511_firmware +5 more | Remote | Injection
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
6.8 MEDIUM
CVE-2025-40948 — RUGGEDCOM ROX File Disclosure Vulnerability

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.1), RUGGEDCOM ROX MX5000RE (All versions < V2.17.1), RUGGEDCOM ROX RX1400 (All versions < V2.17.1), RUGGEDCOM ROX RX1…

ruggedcom_rox_mx5000_firmware ruggedcom_rox_rx1400_firmware ruggedcom_rox_rx1500_firmware ruggedcom_rox_rx1501_firmware ruggedcom_rox_rx1510_firmware ruggedcom_rox_rx1511_firmware +5 more | Remote | Information Disclosure
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
7.7 HIGH
CVE-2025-40947 — RUGGEDCOM ROX Remote Command Injection Vulnerability

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.1), RUGGEDCOM ROX MX5000RE (All versions < V2.17.1), RUGGEDCOM ROX RX1400 (All versions < V2.17.1), RUGGEDCOM ROX RX1…

ruggedcom_rox_mx5000_firmware ruggedcom_rox_rx1400_firmware ruggedcom_rox_rx1500_firmware ruggedcom_rox_rx1501_firmware ruggedcom_rox_rx1510_firmware ruggedcom_rox_rx1511_firmware +5 more | Remote | Injection
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
8.3 HIGH
CVE-2025-40946 — Siemens Blueplanet Serial Number Credential Derivation Vulnerability

A vulnerability has been identified in blueplanet 100 NX3 M8 (All versions), blueplanet 100 TL3 GEN2 (All versions < V6.1.4.9), blueplanet 105 TL3 (All versions), blueplanet 105 TL3 GEN2 (All version…

| Authentication
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
8.7 HIGH
CVE-2025-40833 — Aruba Networks IPv4 Request Denial of Service

The affected devices contain a null pointer dereference vulnerability while processing specially crafted IPv4 requests. This could allow an attacker to cause denial of service condition. A manual res…

simatic_s7-1500_cpu_1511-1_pn_firmware simatic_s7-1500_cpu_1511f-1_pn_firmware simatic_s7-1500_cpu_1513-1_pn_firmware simatic_s7-1500_cpu_1515-2_pn_firmware simatic_s7-1500_cpu_1515f-2_pn_firmware simatic_s7-1500_cpu_1516-3_pn\/dp_firmware +104 more | Remote | Denial of Service
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
6.9 MEDIUM
CVE-2024-54017 — Siemens SIPROTEC 5 Web Server Session Identifier Predictability Vulnerability

A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V11.0), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 6…

Remote | Authentication
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
6.4 MEDIUM
CVE-2026-7661 — Bootstrap Shortcode <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via…

The Bootstrap Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `box` shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitiza…

Remote | Cross-Site Scripting
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
6.4 MEDIUM
CVE-2026-7659 — Advanced Social Media Icons <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scrip…

The Advanced Social Media Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `social` shortcode in all versions up to, and including, 1.2. This is due to insufficient inp…

Remote | Cross-Site Scripting
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
5.3 MEDIUM
CVE-2026-7626 — Slek Gateway for WooCommerce <= 1.0 - Unauthenticated Insufficiently Protected Credential…

The Slek Gateway for WooCommerce plugin for WordPress is vulnerable to Information Exposure in version 1.0. This is due to the wsb_handle_slek_payment_redirect() function placing the merchant's slek_…

Remote | Information Disclosure
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
Showing 20 of 6242 Results