Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
4.3 MEDIUM
CVE-2026-49322 — Indian Scout Bobber 2025 Infotainment-to-WCM weak authentication allows recovery of user …

Weak authentication in the Wireless Control Module (WCM) of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker with read access to the in-vehicle network to…

| Authentication
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
9.8 CRITICAL
CVE-2026-3655 — OTP Login With Phone Number, OTP Verification <= 1.8.60 - Unauthenticated Authentication …

The OTP Login With Phone Number, OTP Verification plugin for WordPress is vulnerable to authentication bypass in versions 1.8.50 through 1.8.60. This is due to the Firebase verification flow in the `…

login_with_phone_number | Remote | Authentication
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
7.2 HIGH
CVE-2025-11262 — Link Whisper Free <= 0.9.0 - Unauthenticated Stored Cross-Site Scripting

The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user_id parameter in all versions up to, and including, 0.9.0 due to insufficient input sanitization an…

link_whisper_free | Remote | Cross-Site Scripting
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
6.4 MEDIUM
CVE-2026-9714 — Simple Divi Shortcode <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting v…

The Simple Divi Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the [showmodule] shortcode in versions up to, and including, 1.2 This is due to i…

Remote | Cross-Site Scripting
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
7.1 HIGH
CVE-2026-9493 — BankPro E-Service Technology|Service Center - Insecure Direct Object Reference

Service Center developed by BankPro E-Service Technology has an Insecure Direct Object Reference vulnerability, allowing authenticated remote attackers to modify the parameter of a specific query fun…

Remote | Authorization
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
9.8 CRITICAL
CVE-2026-8732 — WP Maps Pro <= 6.1.0 - Unauthenticated Privilege Escalation via Administrator Account Cre…

The WP Maps Pro plugin for WordPress is vulnerable to Privilege Escalation via Administrator Account Creation in all versions up to, and including, 6.1.0. This is due to the wpgmp_temp_access_ajax AJ…

Remote | Authentication
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
4.8 MEDIUM
CVE-2026-6324 — Libsoup: libsoup: http request smuggling via unsigned to signed conversion error

A flaw was found in libsoup. A remote attacker could exploit an unsigned to signed conversion error in the `soup_body_input_stream_read_chunked()` function by sending a malicious HTTP request. This v…

enterprise_linux enterprise_linux | Remote | Memory Corruption
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
6.4 MEDIUM
CVE-2026-6275 — StatCounter <= 2.1.1 - Authenticated (Author+) Stored Cross-Site Scripting via Author Nic…

The StatCounter – Free Real Time Visitor Stats plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.1.1 This is due to insufficient output escaping on…

statcounter | Remote | Cross-Site Scripting
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
6.4 MEDIUM
CVE-2025-14042 — Automotive Car Dealership Business WordPress Theme <= 13.4.1 - Authenticated (Contributor…

The Automotive Car Dealership Business WordPress Theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Project Details' custom field in Portfolio Items in all versions up to, and …

Remote | Cross-Site Scripting
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
8.8 HIGH
CVE-2025-11993 — WooCommerce Infinite Scroll and Ajax Pagination <= 1.8 - Authenticated (Subscriber+) PHP …

The WooCommerce Infinite Scroll and Ajax Pagination plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.8 via the 'settings' parameter in the 'import_se…

Remote | Injection
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
5.3 MEDIUM
CVE-2026-2128 — Breeze Cache <= 2.5.2 - Unauthenticated Exposure of Sensitive Information to an Unauthori…

The Breeze plugin for WordPress is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor in all versions up to, and including, 2.5.2 This is due to improper verification of the `wo…

Remote | Information Disclosure
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
Showing 20 of 7391 Results