Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
7.8 HIGH
CVE-2026-25203 — Samsung MagicINFO 9 Server Local Privilege Escalation Vulnerability

Samsung MagicINFO 9 Server Incorrect Default Permissions Local Privilege Escalation Vulnerability This issue affects MagicINFO 9 Server: less than 21.1091.1.

magicinfo_9_server | Authorization
Apr 10, 2026 Apr 13, 2026
Apr 10, 2026
Apr 13, 2026
4.3 MEDIUM
CVE-2026-1924 — Aruba HiSpeed Cache <= 3.0.4 - Cross-Site Request Forgery to Plugin Settings Reset

The Aruba HiSpeed Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.4. This is due to missing nonce verification on the `ahsc_ajax_reset…

aruba_hispeed_cache | Remote | Cross-Site Request Forgery
Apr 10, 2026 Apr 24, 2026
Apr 10, 2026
Apr 24, 2026
6.4 MEDIUM
CVE-2026-1263 — Webling <= 3.9.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'title' Pa…

The Webling plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.9.0 due to insufficient input sanitization, insufficient output escaping, and mis…

Remote | Cross-Site Scripting
Apr 10, 2026 Apr 24, 2026
Apr 10, 2026
Apr 24, 2026
Showing 20 of 5583 Results