Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
5.3 MEDIUM
CVE-2026-2442 — Pagelayer <= 2.0.7 - Improper Neutralization of CRLF Sequences to Unauthenticated Email H…

The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Improper Neutralization of CRLF Sequences ('CRLF Injection') in all versions up to, and including, 2.…

pagelayer | Remote | Injection
Mar 28, 2026 Apr 24, 2026
Mar 28, 2026
Apr 24, 2026
5.5 MEDIUM
CVE-2026-23399 — nf_tables: nft_dynset: fix possible stateful expression memleak in error path

In the Linux kernel, the following vulnerability has been resolved: nf_tables: nft_dynset: fix possible stateful expression memleak in error path If cloning the second stateful expression in the el…

linux_kernel | Memory Corruption
Mar 28, 2026 Apr 24, 2026
Mar 28, 2026
Apr 24, 2026
6.5 MEDIUM
CVE-2026-1307 — Ninja Forms <= 3.14.1 - Authenticated (Contributor+) Sensitive Information Disclosure via…

The Ninja Forms - The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.14.1 via a callback functio…

ninja_forms | Remote | Information Disclosure
Mar 28, 2026 Apr 24, 2026
Mar 28, 2026
Apr 24, 2026
5.4 MEDIUM
CVE-2025-15445 — Restaurant Cafeteria <= 0.4.6 - Subscriber+ Arbitrary Plugin Installation/Activation

The Restaurant Cafeteria WordPress theme through 0.4.6 exposes insecure admin-ajax actions without nonce or capability checks, allowing any logged-in user, like subscriber, to perform privileged oper…

Remote | Authorization
Mar 28, 2026 Apr 15, 2026
Mar 28, 2026
Apr 15, 2026
7.2 HIGH
CVE-2025-12886 — Oxygen <= 6.0.8 - Unauthenticated Server-Side Request Forgery via route_path

The Oxygen Theme theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.0.8 via the laborator_calc_route AJAX action. This makes it possible for unau…

Remote | Server-Side Request Forgery
Mar 28, 2026 Apr 24, 2026
Mar 28, 2026
Apr 24, 2026
7.5 HIGH
CVE-2026-4987 — SureForms <= 2.5.2 - Unauthenticated Payment Amount Validation Bypass via 'form_id'

The SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress is vulnerable to Payment Amount Bypass in all versions up to, and including, 2.5.2. This is due to the crea…

sureforms | Remote | Authorization
Mar 28, 2026 Apr 24, 2026
Mar 28, 2026
Apr 24, 2026
Showing 20 of 5626 Results