Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
6.4 MEDIUM
CVE-2025-15064 — Ultimate Member <= 2.11.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting via D…

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user descr…

ultimate_member | Remote | Cross-Site Scripting
Apr 04, 2026 Apr 04, 2026
Apr 04, 2026
Apr 04, 2026
6.4 MEDIUM
CVE-2025-13368 — Xpro Addons — 140+ Widgets for Elementor <= 1.4.20 - Authenticated (Contributor+) Stored …

The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Pricing Widget's 'onClick Event' setting in all versions up to, and including, 1…

Remote | Cross-Site Scripting
Apr 04, 2026 Apr 04, 2026
Apr 04, 2026
Apr 04, 2026
6.4 MEDIUM
CVE-2026-2949 — Xpro Addons — 140+ Widgets for Elementor <= 1.4.24 - Authenticated (Contributor+) Stored …

The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Icon Box widget in versions up to, and including, 1.4.24 due to insufficient inp…

Remote | Cross-Site Scripting
Apr 04, 2026 Apr 04, 2026
Apr 04, 2026
Apr 04, 2026
6.4 MEDIUM
CVE-2026-2924 — Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem <= 3.4.6 - Authenticated (C…

The Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'imageLoad' parameter in versions up to, and including, 3.4…

Remote | Cross-Site Scripting
Apr 04, 2026 Apr 04, 2026
Apr 04, 2026
Apr 04, 2026
6.5 MEDIUM
CVE-2026-3571 — Pie Register – User Registration, Profiles & Content Restriction <= 3.8.4.8 - Missing Aut…

The Pie Register – User Registration, Profiles & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pie_main() functi…

Remote | Authorization
Apr 04, 2026 Apr 04, 2026
Apr 04, 2026
Apr 04, 2026
9.8 CRITICAL
CVE-2026-35616 — Fortinet FortiClientEMS Remote Code Execution Vulnerability

A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.

forticlientems | Remote | Authorization
Apr 04, 2026 Apr 04, 2026
Apr 04, 2026
Apr 04, 2026
8.3 HIGH
CVE-2026-34780 — Electron: Context Isolation bypass via contextBridge VideoFrame transfer

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From versions 39.0.0-alpha.1 to before 39.8.0, 40.0.0-alpha.1 to before 40.7.0, and 41.0.0-alph…

electron | Remote | Misconfiguration
Apr 04, 2026 Apr 04, 2026
Apr 04, 2026
Apr 04, 2026
8.8 HIGH
CVE-2026-34955 — PraisonAI: Sandbox Escape via shell=True and Bypassable Blocklist in SubprocessSandbox

PraisonAI is a multi-agent teams system. Prior to version 4.5.97, SubprocessSandbox in all modes (BASIC, STRICT, NETWORK_ISOLATED) calls subprocess.run() with shell=True and relies solely on string-p…

| Misconfiguration
Apr 04, 2026 Apr 04, 2026
Apr 04, 2026
Apr 04, 2026
6.5 MEDIUM
CVE-2026-34779 — Electron: AppleScript injection in app.moveToApplicationsFolder on macOS

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8, on macOS, app.moveToApplicationsFo…

electron | Authentication
Apr 04, 2026 Apr 04, 2026
Apr 04, 2026
Apr 04, 2026
5.9 MEDIUM
CVE-2026-34778 — Electron: Service worker can spoof executeJavaScript IPC replies

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0, a service worker running in a session cou…

electron | Remote | Information Disclosure
Apr 04, 2026 Apr 04, 2026
Apr 04, 2026
Apr 04, 2026
5.4 MEDIUM
CVE-2026-34777 — Electron: Incorrect origin passed to permission request handler for iframe requests

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0, when an iframe requests fullscreen, point…

electron | Remote | Authorization
Apr 04, 2026 Apr 04, 2026
Apr 04, 2026
Apr 04, 2026
5.3 MEDIUM
CVE-2026-34776 — Electron: Out-of-bounds read in second-instance IPC on macOS and Linux

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0, on macOS and Linux, apps that call app.re…

electron | Memory Corruption
Apr 04, 2026 Apr 04, 2026
Apr 04, 2026
Apr 04, 2026
6.8 MEDIUM
CVE-2026-34775 — Electron: nodeIntegrationInWorker not correctly scoped in shared renderer processes

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.4, 40.8.4, and 41.0.0, the nodeIntegrationInWorker webPreference…

electron | Remote | Misconfiguration
Apr 04, 2026 Apr 04, 2026
Apr 04, 2026
Apr 04, 2026
8.1 HIGH
CVE-2026-34774 — Electron: Use-after-free in offscreen child window paint callback

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 39.8.1, 40.7.0, and 41.0.0, apps that use offscreen rendering and allow child…

electron | Remote | Memory Corruption
Apr 04, 2026 Apr 04, 2026
Apr 04, 2026
Apr 04, 2026
4.7 MEDIUM
CVE-2026-34773 — Electron: Registry key path injection in app.setAsDefaultProtocolClient on Windows

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0, on Windows, app.setAsDefaultProtocolClien…

electron | Misconfiguration
Apr 04, 2026 Apr 04, 2026
Apr 04, 2026
Apr 04, 2026
5.8 MEDIUM
CVE-2026-34772 — Electron: Use-after-free in download save dialog callback

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, apps that allow downloads and prog…

electron | Memory Corruption
Apr 04, 2026 Apr 04, 2026
Apr 04, 2026
Apr 04, 2026
7.5 HIGH
CVE-2026-34771 — Electron: Use-after-free in WebContents fullscreen, pointer-lock, and keyboard-lock permi…

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, apps that register an asynchronous…

electron | Remote | Memory Corruption
Apr 04, 2026 Apr 04, 2026
Apr 04, 2026
Apr 04, 2026
7.0 HIGH
CVE-2026-34770 — Electron: Use-after-free in PowerMonitor on Windows and macOS

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8, apps that use the powerMonitor mod…

electron | Memory Corruption
Apr 04, 2026 Apr 04, 2026
Apr 04, 2026
Apr 04, 2026
7.7 HIGH
CVE-2026-34769 — Electron: Renderer command-line switch injection via undocumented commandLineSwitches web…

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, an undocumented commandLineSwitche…

electron | Misconfiguration
Apr 04, 2026 Apr 04, 2026
Apr 04, 2026
Apr 04, 2026
3.9 LOW
CVE-2026-34768 — Electron: Unquoted executable path in app.setLoginItemSettings on Windows

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8, on Windows, app.setLoginItemSettin…

electron | Misconfiguration
Apr 04, 2026 Apr 04, 2026
Apr 04, 2026
Apr 04, 2026
Showing 20 of 6088 Results