Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.9

    MEDIUM
    CVE-2026-2831

    The MailArchiver plugin for WordPress is vulnerable to SQL Injection via the ‘logid’ parameter in all versions up to, and including, 4.5.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL q... Read more

    Affected Products :
    • Published: Feb. 27, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Injection

  • 4.8

    MEDIUM
    CVE-2026-24352

    PluXml CMS allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour enables an attacker to fix a session ID for a victim and later hijack the authenticated session... Read more

    Affected Products :
    • Published: Feb. 27, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Authentication

  • 5.1

    MEDIUM
    CVE-2026-24351

    PluXml CMS is vulnerable to Stored XSS in Static Pages editing functionality. Attacker with editing privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. The vendor was notified early about t... Read more

    Affected Products :
    • Published: Feb. 27, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Cross-Site Scripting

  • 5.1

    MEDIUM
    CVE-2026-24350

    PluXml CMS is vulnerable to Stored XSS in file uploading functionality. An authenticated attacker can upload an SVG file containing a malicious payload, which will be executed when a victim clicks the link associated with the uploaded image. In version 5.... Read more

    Affected Products :
    • Published: Feb. 27, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-11251

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Dayneks Software Industry and Trade Inc. E-Commerce Platform allows SQL Injection.This issue affects E-Commerce Platform: through 27022026. NOTE: The ve... Read more

    Affected Products :
    • Published: Feb. 27, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Injection

  • 5.1

    MEDIUM
    CVE-2026-1434

    Omega-PSIR is vulnerable to Reflected XSS via the lang parameter. An attacker can craft a malicious URL that, when opened, causes arbitrary JavaScript to execute in the victim’s browser. This issue was fixed in 4.6.7.... Read more

    Affected Products :
    • Published: Feb. 27, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.9

    MEDIUM
    CVE-2026-21660

    Hardcoded Email Credentials Saved as Plaintext in Firmware (CWE-256: Plaintext Storage of a Password) vulnerability in Frick Controls Quantum HD version 10.22 and prior lead to unauthorized access, exposure of sensitive information, and potential misuse o... Read more

    Affected Products :
    • Published: Feb. 27, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Authentication

  • 8.7

    HIGH
    CVE-2026-21659

    Unauthenticated Remote Code Execution and Information Disclosure due to Local File Inclusion (LFI) vulnerability in Johnson Controls Frick Controls Quantum HD allow an unauthenticated attacker to execute arbitrary code on the affected device, leading to f... Read more

    Affected Products :
    • Published: Feb. 27, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2026-21658

    Unauthenticated Remote Code Execution i.e Improper Control of Generation of Code ('Code Injection') vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection. Insufficient validation of input in certain parameters may permit unexpe... Read more

    Affected Products :
    • Published: Feb. 27, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2026-21654

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Johnson Controls Frick Controls Quantum HD allows OS Command Injection. Insufficient validation of input in certain parameters may permit unexpecte... Read more

    Affected Products :
    • Published: Feb. 27, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2026-1305

    The Japanized for WooCommerce plugin for WordPress is vulnerable to Improper Authentication in versions up to, and including, 2.8.4. This is due to a flawed permission check in the `paidy_webhook_permission_check` function that unconditionally returns `tr... Read more

    Affected Products :
    • Published: Feb. 27, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Authentication

  • 6.4

    MEDIUM
    CVE-2025-14142

    The Electric Enquiries plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'button' parameter of the electric-enquiry shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. Thi... Read more

    Affected Products :
    • Published: Feb. 27, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2024-10938

    The OVRI Payment plugin for WordPress contains malicious .htaccess files in version 1.7.0. The files contain directives to prevent the execution of certain scripts while allowing execution of known malicious PHP files. If moved outside of the plugin's dir... Read more

    Affected Products :
    • Published: Feb. 27, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Misconfiguration

  • 6.4

    MEDIUM
    CVE-2026-2383

    The Simple Download Monitor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field in all versions up to, and including, 4.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated... Read more

    Affected Products :
    • Published: Feb. 27, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2026-2362

    The WP Accessibility plugin for WordPress is vulnerable to Stored DOM-Based Cross-Site Scripting via the 'alt' attribute of images processed by the "Long Description UI" feature in all versions up to, and including, 2.3.1. This is due to the plugin's Java... Read more

    Affected Products :
    • Published: Feb. 27, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2026-2252

    An XML External Entity (XXE) vulnerability allows malicious user to perform Server-Side Request Forgery (SSRF) via crafted XML input containing malicious external entity references. This issue affects Xerox FreeFlow Core versions up to and including 8.0.... Read more

    Affected Products : freeflow_core
    • Published: Feb. 27, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: XML External Entity

  • 9.8

    CRITICAL
    CVE-2026-2251

    Improper limitation of a pathname to a restricted directory (Path Traversal) vulnerability in Xerox FreeFlow Core allows unauthorized path traversal leading to RCE. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7. Please ... Read more

    Affected Products : freeflow_core
    • Published: Feb. 27, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2026-21657

    Improper Control of Generation of Code ('Code Injection') vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the secur... Read more

    Affected Products :
    • Published: Feb. 27, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2026-21656

    Improper Control of Generation of Code ('Code Injection') vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the secur... Read more

    Affected Products :
    • Published: Feb. 27, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2026-1627

    An attacker may exploit the use of outdated and weak MAC algorithms in the device’s SSH service to potentially compromise the integrity of the SSH session, allowing manipulation of transmitted data if the attacker can interact with the network traffic.... Read more

    Affected Products :
    • Published: Feb. 27, 2026
    • Modified: Feb. 27, 2026
    • Vuln Type: Cryptography
Showing 20 of 4940 Results