Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
4.8 MEDIUM
CVE-2026-10057 — ITP Technology|ITS Intelligent SCADA System - Stored Cross-Site Scripting

ITS Intelligent SCADA System developed by ITP Technology has a Stored Cross-Site Scripting vulnerability, allowing privileged remote attackers to inject persistent JavaScript codes that are executed …

Remote | Cross-Site Scripting
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
7.5 HIGH
CVE-2026-10056 — CORS misconfiguration in Nx Witness VMS allows session token exfiltration via cross-origi…

CORS misconfiguration in the REST API of Network Optix Nx Witness VMS before version 6.1.2, when running in the default Standard security mode, on Linux and Windows allows an unauthenticated remote a…

Remote | Misconfiguration
May 29, 2026 Jun 01, 2026
May 29, 2026
Jun 01, 2026
4.1 MEDIUM
CVE-2026-10052 — Quay/config-tool: quay/config-tool: ssrf via unfiltered ldap and smtp config validation e…

A flaw was found in the Quay config-tool's LDAP and SMTP validation functions. An attacker with config editor access can exploit these functions, which make outbound connections to user-supplied endp…

quay | Remote | Server-Side Request Forgery
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
4.9 MEDIUM
CVE-2026-10039 — Frontend Admin by DynamiApps <= 3.28.28 - Authenticated (Administrator+) SQL Injection vi…

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to generic SQL Injection via the 'order' parameter in all versions up to, and including, 3.28.28 due to insufficient escaping on th…

frontend_admin | Remote | Injection
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
Showing 20 of 7384 Results