Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
9.3 CRITICAL
CVE-2026-42773 — WordPress eMagicOne Store Manager plugin <= 1.3.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in eMagicOne eMagicOne Store Manager allows Blind SQL Injection. This issue affects eMagicOne Store…

emagicone_store_manager_for_woocommerce | Remote | Injection
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
6.5 MEDIUM
CVE-2026-42763 — WordPress SePay Gateway plugin <= 1.1.20 - Sensitive Data Exposure vulnerability

Missing Authorization vulnerability in SePay team SePay Gateway allows Retrieve Embedded Sensitive Data. This issue affects SePay Gateway: from n/a through 1.1.20.

Remote | Authorization
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
7.1 HIGH
CVE-2026-39436 — WordPress CformsII plugin <= 15.1.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in bgermann CformsII allows Cross Site Request Forgery. This issue affects CformsII: from n/a through 15.1.3.

cformsii | Remote | Cross-Site Request Forgery
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
5.4 MEDIUM
CVE-2026-32389 — WordPress NanoCare theme < 1.2.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Linethemes NanoCare allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects NanoCare: from n/a before 1.2.2.

Remote | Authorization
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
7.2 HIGH
CVE-2026-24937 — WordPress Broadcast Live Video plugin < 7.1.3 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code ('Code Injection') vulnerability in VideoWhisper.Com Broadcast Live Video allows Code Injection. This issue affects Broadcast Live Video: from n/a before 7.1.3.

videowhisper_live_streaming_integration | Remote | Injection
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
6.5 MEDIUM
CVE-2026-9511 — Totolink CA750-PoE Setting cstecgi.cgi setWebWlanIdx os command injection

A vulnerability was identified in Totolink CA750-PoE 6.2c.510. This affects the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Such manipulation of the argu…

ca750-poe | Remote | Injection
May 25, 2026 May 28, 2026
May 25, 2026
May 28, 2026
3.3 LOW
CVE-2026-9504 — GNU LibreDWG Dwggrep Utility dwggrep.c bit_convert_TU out-of-bounds

A weakness has been identified in GNU LibreDWG up to 0.14. Affected is the function bit_convert_TU of the file programs/dwggrep.c of the component Dwggrep Utility. This manipulation causes out-of-bou…

libredwg | Memory Corruption
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
5.3 MEDIUM
CVE-2026-27398 — WordPress RSVP and Event Management plugin <= 2.7.16 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Chill RSVP and Event Management allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects RSVP and Event Management: from …

rsvp_and_event_management | Remote | Authorization
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
5.3 MEDIUM
CVE-2026-27357 — WordPress WP Search Analytics plugin < 1.5.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Cornel Raiu WP Search Analytics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Search Analytics: from n/a befor…

wp_search_analytics | Remote | Authorization
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
4.9 MEDIUM
CVE-2026-27346 — WordPress B2BKing plugin < 5.2.10 - Broken Access Control vulnerability

Missing Authorization vulnerability in Kings Plugins B2BKing allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects B2BKing: from n/a before 5.2.10.

b2bking | Remote | Authorization
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
5.3 MEDIUM
CVE-2026-24592 — WordPress Auto Affiliate Links plugin <= 6.8.8.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Lucian Apostol Auto Affiliate Links allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Auto Affiliate Links: from n/a …

auto_affiliate_links | Remote | Authorization
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
5.4 MEDIUM
CVE-2026-24586 — WordPress Newses theme <= 2.0.0.77 - Broken Access Control vulnerability

Missing Authorization vulnerability in Themeansar Newses allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Newses: from n/a through 2.0.0.77.

Remote | Authorization
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
4.3 MEDIUM
CVE-2026-24582 — WordPress FlexTable plugin <= 3.24.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPPOOL FlexTable allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects FlexTable: from n/a through 3.24.0.

sheets_to_wp_table_live_sync | Remote | Authorization
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
4.3 MEDIUM
CVE-2026-24554 — WordPress WPSubscription plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Convers Lab WPSubscription allows Cross Site Request Forgery. This issue affects WPSubscription: from n/a through 1.9.1.

Remote | Cross-Site Request Forgery
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
4.3 MEDIUM
CVE-2026-24527 — WordPress Autoship Cloud for WooCommerce Subscription Products plugin <= 2.14.0 - Broken …

Missing Authorization vulnerability in Patterns in the cloud Autoship Cloud for WooCommerce Subscription Products allows Exploiting Incorrectly Configured Access Control Security Levels. This issue …

autoship_cloud | Remote | Authorization
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
6.5 MEDIUM
CVE-2025-62745 — WordPress Team Showcase plugin <= 1.22.28 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Team Showcase allows Stored XSS. This issue affects Team Showcase: from n/a through …

team_showcase | Remote | Cross-Site Scripting
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
3.3 LOW
CVE-2026-9503 — GNU LibreDWG DWG File decode.c dwg_next_entity null pointer dereference

A security flaw has been discovered in GNU LibreDWG up to 0.14. This impacts the function dwg_next_entity of the file src/decode.c of the component DWG File Handler. The manipulation results in null …

libredwg | Memory Corruption
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
5.3 MEDIUM
CVE-2026-9502 — GNU LibreDWG Dwgread Utility decode.c decompress_R2004_section heap-based overflow

A vulnerability was identified in GNU LibreDWG up to 0.14. This affects the function decompress_R2004_section of the file src/decode.c of the component Dwgread Utility. The manipulation leads to heap…

libredwg | Memory Corruption
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
3.3 LOW
CVE-2026-9501 — GNU LibreDWG Dwgread Utility decode.c decompress_R2004_section assertion

A vulnerability was determined in GNU LibreDWG up to 0.14. The impacted element is the function decompress_R2004_section of the file src/decode.c of the component Dwgread Utility. Executing a manipul…

libredwg | Denial of Service
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
5.3 MEDIUM
CVE-2026-9500 — GNU LibreDWG Dwgread Utility decode.c read_2004_compressed_section heap-based overflow

A vulnerability was found in GNU LibreDWG up to 0.14. The affected element is the function read_2004_compressed_section of the file src/decode.c of the component Dwgread Utility. Performing a manipul…

libredwg | Memory Corruption
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
Showing 20 of 6764 Results