Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
8.5 HIGH
CVE-2026-5064 — HP One Agent Software – Security Update

Potential security vulnerabilities have been identified in the HP One Agent for certain HP PC products, which might allow for escalation of privilege and/or denial of service. HP is …

| Denial of Service
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
0.0 NA
CVE-2026-11832 — Dancer2::Plugin::Auth::OAuth versions before 0.22 for Perl default to a predictable nonce

Dancer2::Plugin::Auth::OAuth versions before 0.22 for Perl default to a predictable nonce. The default nonce was generated using an MD5 hash of the epoch time, which is predictable.

| Cryptography
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
9.8 CRITICAL
CVE-2026-9691 — WordPress Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Fo…

Unauthenticated PHP Object Injection in Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.1 versions.

Remote | Injection
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
9.6 CRITICAL
CVE-2026-52703 — WordPress FastDup plugin <= 2.7.2 - Path Traversal vulnerability

Unauthenticated Path Traversal in FastDup <= 2.7.2 versions.

fastdup | Remote | Path Traversal
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.1 HIGH
CVE-2026-52702 — WordPress SEO Redirection plugin <= 9.17 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in SEO Redirection <= 9.17 versions.

Remote | Cross-Site Scripting
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
8.5 HIGH
CVE-2026-52700 — WordPress WCMultiShipping plugin <= 3.0.2 - SQL Injection vulnerability

Subscriber SQL Injection in WCMultiShipping <= 3.0.2 versions.

Remote | Injection
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.5 HIGH
CVE-2026-52699 — WordPress VikRentCar plugin <= 1.4.5 - Insecure Direct Object References (IDOR) vulnerabi…

Unauthenticated Insecure Direct Object References (IDOR) in VikRentCar <= 1.4.5 versions.

Remote | Authorization
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
8.5 HIGH
CVE-2026-52697 — WordPress Taskbuilder plugin <= 5.0.7 - SQL Injection vulnerability

Subscriber SQL Injection in Taskbuilder <= 5.0.7 versions.

Remote | Injection
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.5 HIGH
CVE-2026-52695 — WordPress ABC Crypto Checkout plugin <= 1.8.2 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in ABC Crypto Checkout <= 1.8.2 versions.

Remote | Information Disclosure
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.5 HIGH
CVE-2026-52694 — WordPress Signature Add-On for WooCommerce plugin <= 2.0 - Sensitive Data Exposure vulner…

Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCommerce <= 2.0 versions.

Remote | Information Disclosure
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
9.3 CRITICAL
CVE-2026-52693 — WordPress eCommerce Product Catalog plugin <= 3.5.5 - SQL Injection vulnerability

Unauthenticated SQL Injection in eCommerce Product Catalog <= 3.5.5 versions.

ecommerce_product_catalog | Remote | Injection
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.5 HIGH
CVE-2026-52692 — WordPress Affiliates Manager plugin <= 2.9.50 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in Affiliates Manager <= 2.9.50 versions.

Remote | Information Disclosure
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
9.8 CRITICAL
CVE-2026-49781 — WordPress OttoKit plugin <= 1.1.27 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in OttoKit <= 1.1.27 versions.

Remote | Injection
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
8.8 HIGH
CVE-2026-49780 — WordPress Dokan plugin <= 5.0.2 - Privilege Escalation vulnerability

Customer Privilege Escalation in Dokan <= 5.0.2 versions.

Remote | Authorization
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
9.3 CRITICAL
CVE-2026-49776 — WordPress GPTranslate – Multilingual AI Translation for WordPress: Automatically Translat…

Unauthenticated SQL Injection in GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites <= 2.32.6 versions.

Remote | Injection
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
6.5 MEDIUM
CVE-2026-49775 — WordPress Welcart e-Commerce plugin <= 2.11.28 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Welcart e-Commerce <= 2.11.28 versions.

Remote | Authorization
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
6.5 MEDIUM
CVE-2026-49773 — WordPress FV Flowplayer Video Player plugin < 7.5.51.7212 - Cross Site Scripting (XSS) vu…

Subscriber Cross Site Scripting (XSS) in FV Flowplayer Video Player < 7.5.51.7212 versions.

fv_flowplayer_video_player | Remote | Cross-Site Scripting
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
9.8 CRITICAL
CVE-2026-49770 — WordPress WP Travel Engine plugin <= 6.7.12 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in WP Travel Engine <= 6.7.12 versions.

Remote | Injection
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
9.8 CRITICAL
CVE-2026-49769 — WordPress wpForo Forum plugin <= 3.1.0 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in wpForo Forum <= 3.1.0 versions.

Remote | Injection
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
9.8 CRITICAL
CVE-2026-49768 — WordPress Happyforms plugin <= 1.26.13 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Happyforms <= 1.26.13 versions.

Remote | Injection
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Showing 20 of 6857 Results