Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
5.1 MEDIUM
CVE-2026-1468 — Cross-Site Request Forgery in QuickCMS

QuickCMS is vulnerable to Cross-Site Request Forgery across multiple endpoints. An attacker can craft special website, which when visited by the victim, will automatically send a POST request with vi…

quick.cms | Remote | Cross-Site Request Forgery
Mar 06, 2026 Mar 09, 2026
Mar 06, 2026
Mar 09, 2026
7.5 HIGH
CVE-2026-3589 — WooCommerce < 10.5.3 - Arbitrary Admin User Creation via CSRF

The WooCommerce WordPress plugin from versions 5.4.0 to 10.5.2 does not properly handle batch requests, which could allow unauthenticated users to make a logged in admin call non store/WC REST endpoi…

woocommerce | Remote | Cross-Site Request Forgery
Mar 06, 2026 Mar 09, 2026
Mar 06, 2026
Mar 09, 2026
5.1 MEDIUM
CVE-2026-23925 — Unauthorized host creation via configuration.import API by low-privilege user with write …

An authenticated Zabbix user (User role) with template/host write permissions is able to create objects via the configuration.import API. This can lead to confidentiality loss by creating unauthorize…

zabbix | Remote | Authorization
Mar 06, 2026 Mar 09, 2026
Mar 06, 2026
Mar 09, 2026
Showing 20 of 5903 Results