Latest CVE Feed

CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable

Score

Vulnerability

Published

5.3 MEDIUM

CVE-2026-28554 — wpForo Forum 2.4.14 Missing Authorization via Post Approval AJAX Handler

wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to approve or unapprove any forum post via the wpforo_approve_ajax AJAX handler. Attackers exp…

wpforo_forum | Remote | Authorization

Feb 28, 2026 Mar 05, 2026

Feb 28, 2026

Mar 05, 2026

9.3 CRITICAL

CVE-2026-3010 — TimePictra Stored Cross-Site Scripting

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip TimePictra allows Query System for Information.This issue affects TimePictra: fr…

timepictra | Remote | Cross-Site Scripting

Feb 28, 2026 Mar 10, 2026

Feb 28, 2026

Mar 10, 2026

9.3 CRITICAL

CVE-2026-2844 — TimePictra Authentication Bypass Vulnerability

Missing Authentication for Critical Function vulnerability in Microchip TimePictra allows Configuration/Environment Manipulation.This issue affects TimePictra: from 11.0 through 11.3 SP2.

timepictra | Remote | Authentication

Feb 28, 2026 Mar 10, 2026

Feb 28, 2026

Mar 10, 2026

7.5 HIGH

CVE-2025-13673 — Tutor LMS <= 3.9.6 - Unauthenticated SQL Injection via coupon_code

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to SQL Injection via the 'coupon_code' parameter in all versions up to, and including, 3.9.6 due to insufficien…

tutor_lms | Remote | Injection

Feb 28, 2026 Mar 02, 2026

Feb 28, 2026

Mar 02, 2026

Showing 20 of 5864 Results

Browse by Apps

Latest CVE Feed

Cookie Preferences