Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
0.0 NA
CVE-2026-6237 — Quick Table <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'styl…

The Quick Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style' attribute of the 'qtbl' shortcode in all versions up to, and including, 1.0.0 due to insufficient inp…

| Cross-Site Scripting
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
0.0 NA
CVE-2026-6690 — LifePress <= 2.2.2 - Unauthenticated Stored Cross-Site Scripting via 'n' Parameter via lp…

The LifePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'n' parameter of the lp_update_mds AJAX action in all versions up to, and including, 2.2.2. This is due to the …

| Cross-Site Scripting
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
0.0 NA
CVE-2026-6663 — GWD Connect <= 2.9 - Unauthenticated Limited Code Execution via update_agent

The GWD Connect plugin for WordPress is vulnerable to missing authorization to limited code execution in all versions up to, and including, 2.9. This is due to the plugin's standalone agent endpoints…

| Authorization
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
0.0 NA
CVE-2026-7437 — AzonPost <= 1.3 - Reflected Cross-Site Scripting

The AzonPost plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `editpos_hidden` parameter in all versions up to, and including, 1.3. This is due to insufficient input sanit…

| Cross-Site Scripting
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
0.0 NA
CVE-2026-7626 — Slek Gateway for WooCommerce <= 1.0 - Unauthenticated Insufficiently Protected Credential…

The Slek Gateway for WooCommerce plugin for WordPress is vulnerable to Information Exposure in version 1.0. This is due to the wsb_handle_slek_payment_redirect() function placing the merchant's slek_…

| Information Disclosure
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
0.0 NA
CVE-2026-3604 — WP SEO Structured Data Schema <= 2.8.1 - Authenticated (Contributor+) Stored Cross-Site S…

The WP SEO Structured Data Schema plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `_kcseo_ative_tab` parameter in all versions up to, and including, 2.8.1 due to insufficien…

| Cross-Site Scripting
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
0.0 NA
CVE-2026-7661 — Bootstrap Shortcode <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via…

The Bootstrap Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `box` shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitiza…

| Cross-Site Scripting
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
0.0 NA
CVE-2026-7562 — WP-Redirection <= 1.0.3 - Cross-Site Request Forgery to Settings Update

The WP-Redirection plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.0.3. This is due to the absence of a nonce field in the admin settings form a…

| Cross-Site Request Forgery
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
0.0 NA
CVE-2026-5340 — Fancy Image Show <= 9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Sh…

The Fancy Image Show plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `fancy-img-show` shortcode in all versions up to, and including, 9.1 due to insufficient input …

| Cross-Site Scripting
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
0.0 NA
CVE-2026-4301 — Rate Star Review Vote <= 1.6.4 - Missing Authorization to Authenticated (Subscriber+) Arb…

The Rate Star Review Vote - AJAX Reviews, Votes, Star Ratings plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.6.4. The vwrsr_review() AJAX handler la…

| Authorization
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
0.0 NA
CVE-2026-6808 — Pricing Tables for WP <= 1.1.0 - Reflected Cross-Site Scripting via 'page' Parameter

The Pricing Tables for WP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.1.0. This is due to insufficient input …

| Cross-Site Scripting
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
0.0 NA
CVE-2026-6913 — Shortcodely <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'widg…

The Shortcodely plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'widget_area' parameter in all versions up to, and including, 1.0.1 due to insufficient input sanitization an…

| Cross-Site Scripting
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
0.0 NA
CVE-2026-6708 — HEL Online Classroom: AI-powered Online Classrooms <= 1.0.3 - Missing Authorization to Un…

The HEL Online Classroom: AI-powered Online Classrooms plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.3. This is due to a missing capability che…

| Authorization
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
5.3 MEDIUM
CVE-2026-6402 — webpack-dev-server vulnerable to cross-origin source code exposure on non-HTTPS origins

webpack-dev-server versions up to and including 5.2.3 are vulnerable to cross-origin source code exposure when serving over a non-potentially trustworthy origin such as plain HTTP. The previous fix r…

| Information Disclosure
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
6.1 MEDIUM
CVE-2026-1681 — net: Stack Overflow with Ping (to own IP Address) via Shell

Issuing an ICMP ping via the `net ping` shell command to a device's own IPv4 address causes the network stack to recursively re-enter the input path on the same system work-queue stack. Because the d…

| Denial of Service
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
5.4 MEDIUM
CVE-2026-1185 — Axis SSH Code Execution Vulnerability

A configuration file on the local file system had improper input validation which could allow code execution and potentially lead to privilege escalation. This vulnerability can only be exploited if …

Remote | Misconfiguration
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
6.7 MEDIUM
CVE-2026-0804 — Axis ACAP Path Traversal Vulnerability

An ACAP configuration file lacked sufficient input validation, which could allow a path traversal attack leading to potential privilege escalation. This vulnerability can only be exploited if the Axi…

| Path Traversal
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
6.0 MEDIUM
CVE-2026-0802 — Axis ACAP Command Injection Vulnerability

An ACAP configuration file lacked sufficient input validation, which could allow command injection and potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis d…

| Injection
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
6.7 MEDIUM
CVE-2026-0541 — Axis ACAP Privilege Escalation Vulnerability

ACAP applications can gain elevated privileges due to improper input validation during the installation process, potentially leading to privilege escalation. This vulnerability can only be exploited …

| Authorization
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
7.4 HIGH
CVE-2026-41872 — Kura Sushi Official App EPG Inc. Certificate Validation Weakness

"Kura Sushi Official App" provided by EPG, Inc. is vulnerable to improper certificate validation. A man-in-the-middle attack may allow eavesdropping on, or altering, the communication on push notific…

Remote | Cryptography
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
Showing 20 of 5836 Results