Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
8.8 HIGH
CVE-2026-2078 — yeqifu warehouse Permission Management PermissionController.java deletePermission imprope…

A vulnerability was detected in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function addPermission/updatePermission/deletePermission of the file dataset\repos\wa…

warehouse | Remote | Authorization
Feb 07, 2026 Feb 10, 2026
Feb 07, 2026
Feb 10, 2026
8.8 HIGH
CVE-2026-2077 — yeqifu warehouse Role Management RoleController.java deleteRole improper authorization

A security vulnerability has been detected in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this issue is the function addRole/updateRole/deleteRole of the file dataset…

warehouse | Remote | Authorization
Feb 07, 2026 Feb 10, 2026
Feb 07, 2026
Feb 10, 2026
8.8 HIGH
CVE-2026-2076 — yeqifu warehouse User Management Endpoint UserController.java deleteUser improper authori…

A weakness has been identified in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this vulnerability is the function addUser/updateUser/deleteUser of the file dataset\rep…

warehouse | Remote | Authorization
Feb 07, 2026 Feb 10, 2026
Feb 07, 2026
Feb 10, 2026
8.8 HIGH
CVE-2026-2075 — yeqifu warehouse Role-Permission Binding RoleController.java saveRolePermission access co…

A security flaw has been discovered in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected is the function saveRolePermission of the file dataset\repos\warehouse\src\main\java\c…

warehouse | Remote | Authorization
Feb 07, 2026 Feb 10, 2026
Feb 07, 2026
Feb 10, 2026
5.5 MEDIUM
CVE-2025-15491 — Post Slides <= 1.0.1 - Contributor+ Local File Inclusion

The Post Slides WordPress plugin through 1.0.1 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as w…

Remote | Path Traversal
Feb 07, 2026 Feb 09, 2026
Feb 07, 2026
Feb 09, 2026
6.4 MEDIUM
CVE-2025-15267 — Bold Page Builder <= 5.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via…

The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bt_bb_accordion_item shortcode in all versions up to, and including, 5.5.7 due to insufficient…

bold_page_builder | Remote | Cross-Site Scripting
Feb 07, 2026 Feb 09, 2026
Feb 07, 2026
Feb 09, 2026
6.4 MEDIUM
CVE-2025-13463 — Bold Page Builder <= 5.5.3 - Authenticated (Author+) Stored DOM-based Cross-Site Scriptin…

The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Grid component in all versions up to, and including, 5.5.3 due to insufficient input sanitization …

bold_page_builder | Remote | Cross-Site Scripting
Feb 07, 2026 Feb 09, 2026
Feb 07, 2026
Feb 09, 2026
6.4 MEDIUM
CVE-2025-12803 — Bold Builder <= 5.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via bt_b…

The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin 'bt_bb_tabs' shortcode in all versions up to, and including, 5.5.1 due to insufficient input san…

bold_page_builder | Remote | Cross-Site Scripting
Feb 07, 2026 Feb 09, 2026
Feb 07, 2026
Feb 09, 2026
6.4 MEDIUM
CVE-2025-12159 — Bold Page Builder <= 5.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via…

The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bt_bb_raw_content shortcode in all versions up to, and including, 5.4.8 due to insufficient in…

bold_page_builder | Remote | Cross-Site Scripting
Feb 07, 2026 Feb 09, 2026
Feb 07, 2026
Feb 09, 2026
Showing 20 of 4989 Results