Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
5.0 MEDIUM
CVE-2026-4582 — Shenzhen HCC Technology MPOS M6 PLUS Bluetooth missing authentication

A security vulnerability has been detected in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. Affected by this vulnerability is an unknown functionality of the component Bluetooth. Such manipulation le…

| Authentication
Mar 23, 2026 Apr 18, 2026
Mar 23, 2026
Apr 18, 2026
9.8 CRITICAL
CVE-2026-4581 — code-projects Simple Laundry System Parameters checklogin.php sql injection

A weakness has been identified in code-projects Simple Laundry System 1.0. Affected is an unknown function of the file /checklogin.php of the component Parameters Handler. This manipulation of the ar…

simple_laundry_system | Remote | Injection
Mar 23, 2026 Apr 18, 2026
Mar 23, 2026
Apr 18, 2026
4.3 MEDIUM
CVE-2026-4628 — Keycloak: org.keycloak.authorization: keycloak: unauthorized resource modification due to…

A flaw was found in Keycloak. An improper Access Control vulnerability in Keycloak’s User-Managed Access (UMA) resource_set endpoint allows attackers with valid credentials to bypass the allowRemoteR…

build_of_keycloak | Remote | Authorization
Mar 23, 2026 Apr 01, 2026
Mar 23, 2026
Apr 01, 2026
9.8 CRITICAL
CVE-2026-4580 — code-projects Simple Laundry System Parameters checkupdatestatus.php sql injection

A security flaw has been discovered in code-projects Simple Laundry System 1.0. This impacts an unknown function of the file /checkupdatestatus.php of the component Parameters Handler. The manipulati…

simple_laundry_system | Remote | Injection
Mar 23, 2026 Apr 03, 2026
Mar 23, 2026
Apr 03, 2026
9.8 CRITICAL
CVE-2026-4579 — code-projects Simple Laundry System Parameters viewdetail.php sql injection

A vulnerability was identified in code-projects Simple Laundry System 1.0. This affects an unknown function of the file /viewdetail.php of the component Parameters Handler. The manipulation of the ar…

simple_laundry_system | Remote | Injection
Mar 23, 2026 Apr 03, 2026
Mar 23, 2026
Apr 03, 2026
4.8 MEDIUM
CVE-2026-4578 — code-projects Exam Form Submission update_s3.php cross site scripting

A vulnerability was determined in code-projects Exam Form Submission 1.0. The impacted element is an unknown function of the file /admin/update_s3.php. Executing a manipulation of the argument sname …

exam_form_submission | Remote | Cross-Site Scripting
Mar 23, 2026 Mar 23, 2026
Mar 23, 2026
Mar 23, 2026
10.0 CRITICAL
CVE-2026-3587 — Hidden CLI Function Allows Root Access

An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface, leading to full compromise of the device.

Remote | Authorization
Mar 23, 2026 Mar 24, 2026
Mar 23, 2026
Mar 24, 2026
4.8 MEDIUM
CVE-2026-4577 — code-projects Exam Form Submission update_s4.php cross site scripting

A vulnerability was found in code-projects Exam Form Submission 1.0. The affected element is an unknown function of the file /admin/update_s4.php. Performing a manipulation of the argument sname resu…

exam_form_submission | Remote | Cross-Site Scripting
Mar 23, 2026 Mar 23, 2026
Mar 23, 2026
Mar 23, 2026
7.1 HIGH
CVE-2026-23555 — Xenstored DoS by unprivileged domain

Any guest issuing a Xenstore command accessing a node using the (illegal) node path "/local/domain/", will crash xenstored due to a clobbered error indicator in xenstored when verifying the node path…

xen | Denial of Service
Mar 23, 2026 Apr 10, 2026
Mar 23, 2026
Apr 10, 2026
7.8 HIGH
CVE-2026-23554 — Use after free of paging structures in EPT

The Intel EPT paging code uses an optimization to defer flushing of any cached EPT state until the p2m lock is dropped, so that multiple modifications done under the same locked region only issue a s…

xen | Memory Corruption
Mar 23, 2026 Apr 10, 2026
Mar 23, 2026
Apr 10, 2026
6.4 MEDIUM
CVE-2025-6229 — Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Fr…

The Sina Extension for Elementor (Header Builder, Footer Builter, Theme Builder, Slider, Gallery, Form, Modal, Data Table Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnera…

sina_extension_for_elementor | Remote | Cross-Site Scripting
Mar 23, 2026 Mar 23, 2026
Mar 23, 2026
Mar 23, 2026
5.3 MEDIUM
CVE-2025-13997 — King Addons for Elementor <= 51.1.49 - Unauthenticated API Keys Disclosure

The King Addons for Elementor – 4,000+ ready Elementor sections, 650+ templates, 70+ FREE widgets for Elementor plugin for WordPress is vulnerable to unauthenticated API key disclosure in all version…

Remote | Information Disclosure
Mar 23, 2026 Mar 23, 2026
Mar 23, 2026
Mar 23, 2026
Showing 20 of 6312 Results