Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
7.6 HIGH
CVE-2025-14343 — Reflected XSS in Dokuzsoft Technology's E-Commerce Product

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dokuzsoft Technology Ltd. E-Commerce Product allows Reflected XSS.This issue affects E-Com…

Remote | Cross-Site Scripting
Feb 26, 2026 Feb 27, 2026
Feb 26, 2026
Feb 27, 2026
8.6 HIGH
CVE-2026-1198 — SQL Injection in SIMPLE.ERP

SIMPLE.ERP is vulnerable to the SQL Injection in search functionality in "Obroty na kontach" window. Lack of input validation allows an authenticated attacker to prepare a malicious query to the data…

Remote | Injection
Feb 26, 2026 Feb 27, 2026
Feb 26, 2026
Feb 27, 2026
7.3 HIGH
CVE-2025-64999 — Cross-site scripting in HTML logs of Synthetic Monitoring test services

Improper neutralization of input in Checkmk versions 2.4.0 before 2.4.0p22, and 2.3.0 before 2.3.0p43 allows an attacker that can manipulate a host's check output to inject malicious JavaScript into …

checkmk | Remote | Cross-Site Scripting
Feb 26, 2026 Mar 05, 2026
Feb 26, 2026
Mar 05, 2026
7.2 HIGH
CVE-2026-28138 — WordPress uListing plugin <= 2.2.0 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Stylemix uListing ulisting allows Object Injection.This issue affects uListing: from n/a through <= 2.2.0.

ulisting | Remote | Injection
Feb 26, 2026 Feb 27, 2026
Feb 26, 2026
Feb 27, 2026
7.6 HIGH
CVE-2026-28136 — WordPress WP SMS plugin <= 6.9.12 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VeronaLabs WP SMS wp-sms allows SQL Injection.This issue affects WP SMS: from n/a through <= 6.9.…

wp_sms | Remote | Injection
Feb 26, 2026 Feb 27, 2026
Feb 26, 2026
Feb 27, 2026
5.3 MEDIUM
CVE-2026-28132 — WordPress WooCommerce Photo Reviews plugin <= 1.4.4 - Content Injection vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in villatheme WooCommerce Photo Reviews woocommerce-photo-reviews allows Code Injection.This issue affects …

woocommerce_photo_reviews | Remote | Cross-Site Scripting
Feb 26, 2026 Feb 27, 2026
Feb 26, 2026
Feb 27, 2026
6.5 MEDIUM
CVE-2026-28131 — WordPress Elementor Addon Elements plugin <= 1.14.4 - Sensitive Data Exposure vulnerabili…

Insertion of Sensitive Information Into Sent Data vulnerability in WPVibes Elementor Addon Elements addon-elements-for-elementor-page-builder allows Retrieve Embedded Sensitive Data.This issue affect…

elementor_addon_elements | Remote | Information Disclosure
Feb 26, 2026 Feb 27, 2026
Feb 26, 2026
Feb 27, 2026
6.5 MEDIUM
CVE-2026-28083 — WordPress Flatsome theme <= 3.20.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UX-themes Flatsome flatsome allows Stored XSS.This issue affects Flatsome: from n/a through <= 3.…

flatsome | Remote | Cross-Site Scripting
Feb 26, 2026 Feb 27, 2026
Feb 26, 2026
Feb 27, 2026
Showing 20 of 6048 Results