Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
7.1 HIGH
CVE-2026-28557 — wpForo Forum 2.4.14 Privilege Escalation via Role Synchronization Handler

wpForo Forum 2.4.14 contains a missing capability check vulnerability that allows authenticated users to trigger bulk wpForo usergroup reassignment via the wpforo_synch_roles AJAX handler. Attackers …

wpforo_forum | Remote | Authorization
Feb 28, 2026 Mar 04, 2026
Feb 28, 2026
Mar 04, 2026
5.4 MEDIUM
CVE-2026-28556 — wpForo Forum 2.4.14 Missing Authorization via Topic Management Form Handlers

wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to move, merge, or split any forum topic via the topic_move, topic_merge, and topic_split form…

wpforo_forum | Remote | Authorization
Feb 28, 2026 Mar 04, 2026
Feb 28, 2026
Mar 04, 2026
5.3 MEDIUM
CVE-2026-28555 — wpForo Forum 2.4.14 Missing Authorization via Topic Close AJAX Handler

wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to close or reopen any forum topic via the wpforo_close_ajax handler. Attackers submit a valid…

wpforo_forum | Remote | Authorization
Feb 28, 2026 Mar 04, 2026
Feb 28, 2026
Mar 04, 2026
5.3 MEDIUM
CVE-2026-28554 — wpForo Forum 2.4.14 Missing Authorization via Post Approval AJAX Handler

wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to approve or unapprove any forum post via the wpforo_approve_ajax AJAX handler. Attackers exp…

wpforo_forum | Remote | Authorization
Feb 28, 2026 Mar 05, 2026
Feb 28, 2026
Mar 05, 2026
9.3 CRITICAL
CVE-2026-3010 — TimePictra Stored Cross-Site Scripting

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip TimePictra allows Query System for Information.This issue affects TimePictra: fr…

timepictra | Remote | Cross-Site Scripting
Feb 28, 2026 Mar 10, 2026
Feb 28, 2026
Mar 10, 2026
9.3 CRITICAL
CVE-2026-2844 — TimePictra Authentication Bypass Vulnerability

Missing Authentication for Critical Function vulnerability in Microchip TimePictra allows Configuration/Environment Manipulation.This issue affects TimePictra: from 11.0 through 11.3 SP2.

timepictra | Remote | Authentication
Feb 28, 2026 Mar 10, 2026
Feb 28, 2026
Mar 10, 2026
Showing 20 of 5866 Results