Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
0.0 NA
CVE-2026-9298 — omec-project amf PathSwitchRequest memory corruption

A vulnerability was detected in omec-project amf up to 2.1.1. Affected by this vulnerability is an unknown functionality of the component PathSwitchRequest Handler. The manipulation results in memory…

| Memory Corruption
May 23, 2026 May 23, 2026
May 23, 2026
May 23, 2026
0.0 NA
CVE-2026-9297 — Edimax BR-6428NS POST Request formWlbasic command injection

A security vulnerability has been detected in Edimax BR-6428NS 1.10. Affected is the function formWlbasic of the file /goform/formWlbasic of the component POST Request Handler. The manipulation of th…

| Injection
May 23, 2026 May 23, 2026
May 23, 2026
May 23, 2026
0.0 NA
CVE-2026-9296 — Edimax BR-6428NS POST Request formWlanM system command injection

A weakness has been identified in Edimax BR-6428NS 1.10. This impacts the function system of the file /goform/formWlanM of the component POST Request Handler. Executing a manipulation of the argument…

| Injection
May 23, 2026 May 23, 2026
May 23, 2026
May 23, 2026
0.0 NA
CVE-2026-9295 — Edimax BR-6428NS POST Request formWirelessTbl buffer overflow

A security flaw has been discovered in Edimax BR-6428NS 1.10. This affects the function formWirelessTbl of the file /goform/formWirelessTbl of the component POST Request Handler. Performing a manipul…

| Memory Corruption
May 23, 2026 May 23, 2026
May 23, 2026
May 23, 2026
0.0 NA
CVE-2026-9294 — Edimax BR-6428NS POST Request formWanTcpipSetup buffer overflow

A vulnerability was identified in Edimax BR-6428NS 1.10. The impacted element is the function formWanTcpipSetup of the file /goform/formWanTcpipSetup of the component POST Request Handler. Such manip…

| Memory Corruption
May 23, 2026 May 23, 2026
May 23, 2026
May 23, 2026
8.8 HIGH
CVE-2026-6419 — Wishlist Member <= 3.30.1 - Missing Authorization to Authenticated (Subscriber+) API Secr…

The WishList Member plugin for WordPress is vulnerable to Privilege Escalation via Missing Authorization in versions up to and including 3.30.1. This is due to the missing capability and nonce check …

Remote | Authorization
May 23, 2026 May 23, 2026
May 23, 2026
May 23, 2026
8.8 HIGH
CVE-2026-6897 — Wishlist Member <= 3.30.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrar…

The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'WishListMember\Features\Team_Accounts::save_settings' function in…

Remote | Authorization
May 23, 2026 May 23, 2026
May 23, 2026
May 23, 2026
8.2 HIGH
CVE-2026-9284 — WooCommerce PayPal Payments <= 4.0.1 - Missing Authorization to Unauthenticated Order Man…

The WooCommerce PayPal Payments plugin for WordPress is vulnerable to unauthorized order manipulation and information disclosure due to missing authorization checks on the `ppc-create-order` and `ppc…

Remote | Authorization
May 23, 2026 May 23, 2026
May 23, 2026
May 23, 2026
8.8 HIGH
CVE-2026-6895 — Wishlist Member <= 3.30.1 - Missing Authorization to Authenticated (Subscriber+) API Secr…

The WishList Member plugin for WordPress is vulnerable to Missing Authorization leading to Sensitive Information Disclosure and Privilege Escalation in versions up to and including 3.30.1. This is du…

Remote | Authorization
May 23, 2026 May 23, 2026
May 23, 2026
May 23, 2026
8.8 HIGH
CVE-2026-6898 — WishList Member <= 3.30.1 - Missing Authorization to Authenticated (Subscriber+) Generate…

The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'WishListMember3_Hooks::generate_api_key' function in all versions…

Remote | Authorization
May 23, 2026 May 23, 2026
May 23, 2026
May 23, 2026
0.0 NA
CVE-2026-41149 — Mermaid: Improper sanitization of `classDef` in state diagrams leads to HTML injection

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Versions 10.9.5 and earlier, as well as 11.0.0-alpha.1 through 11.14.0, are vulnerable to HTML …

mermaid | Injection
May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
7.5 HIGH
CVE-2026-23663 — Microsoft Global Secure Access (GSA) Information Disclosure Vulnerability

None

May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
10.0 CRITICAL
CVE-2026-42901 — Microsoft Entra ID Elevation of Privilege Vulnerability

None

May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
10.0 CRITICAL
CVE-2026-41104 — Microsoft Planetary Computer Pro Information Disclosure Vulnerability

None

May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
8.8 HIGH
CVE-2026-45659 — Microsoft SharePoint Remote Code Execution Vulnerability

None

May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
0.0 NA
CVE-2026-41148 — Mermaid: Improper sanitization of `classDefs` in diagrams leads to CSS injection

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Versions 10.9.5 and prior, in addition to 11.0.0-alpha.1 through 11.12.0 are vulnerable to CSS …

mermaid | Injection
May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
9.1 CRITICAL
CVE-2026-33843 — Microsoft Azure Active Directory B2C Elevation of Privilege Vulnerability

None

Remote
May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
7.7 HIGH
CVE-2026-26147 — Azure Stack HCI Information Disclosure Vulnerability

None

May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
9.3 CRITICAL
CVE-2026-41090 — Microsoft Copilot Tampering Vulnerability

None

May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
6.5 MEDIUM
CVE-2026-42827 — M365 Copilot Information Disclosure Vulnerability

None

May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
Showing 20 of 5910 Results