Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
9.8 CRITICAL
CVE-2026-28438 — CocoIndex Doris target connector didn't verify table name when constructing ALTER TABLE s…

CocoIndex is a data transformation framework for AI. Prior to version 0.3.34, the Doris target connector didn't verify the configured table name before creating some SQL statements (ALTER TABLE). So,…

cocoindex | Remote | Injection
Mar 06, 2026 Mar 10, 2026
Mar 06, 2026
Mar 10, 2026
9.8 CRITICAL
CVE-2026-2446 — Powerpack for LearnDash < 1.3.0 - Unauthenticated Arbitrary Option Update

The PowerPack for LearnDash WordPress plugin before 1.3.0 does not have authorization and CRSF checks in an AJAX action, allowing unauthenticated users to update arbitrary WordPress options (such as …

Remote | Authorization
Mar 06, 2026 Mar 09, 2026
Mar 06, 2026
Mar 09, 2026
4.3 MEDIUM
CVE-2026-1128 — WP eCommerce <= 3.15.1 - Coupon Deletion via CSRF

The WP eCommerce WordPress plugin through 3.15.1 does not have CSRF check in place when deleting coupons, which could allow attackers to make a logged in admin remove them via a CSRF attack

Remote | Cross-Site Request Forgery
Mar 06, 2026 Mar 09, 2026
Mar 06, 2026
Mar 09, 2026
Showing 20 of 5923 Results