Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
8.0 HIGH
CVE-2026-3012 — Samba: group policy certificate enrollment uses http:// without validation

A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and…

enterprise_linux openshift_container_platform samba grub2 enterprise_linux libefiboot | Misconfiguration
May 27, 2026 Jun 15, 2026
May 27, 2026
Jun 15, 2026
4.8 MEDIUM
CVE-2026-2288 — myLinksDump <= 1.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'link…

The myLinksDump plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link_title' parameter in all versions up to, and including, 1.6 due to insufficient input sanitization and o…

Remote | Cross-Site Scripting
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
4.8 MEDIUM
CVE-2026-2280 — rexCrawler <= 1.0.15 - Authenticated (Administrator+) Stored Cross-Site Scripting via Set…

The rexCrawler plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output esca…

Remote | Cross-Site Scripting
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
6.5 MEDIUM
CVE-2025-0898 — Xpro Elementor Addons - Pro <= 1.4.7 - Authenticated (Contributor+) Arbitrary File Read v…

The Xpro Elementor Addons - Pro plugin for WordPress is vulnerable to Arbitrary File Reading in all versions up to, and including, 1.4.7 via the Draw SVG widget. This makes it possible for authentica…

xpro_addons_for_elementor | Remote | Path Traversal
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
Showing 20 of 8144 Results