Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
5.8 MEDIUM
CVE-2026-7394 — SourceCodester Pizzafy Ecommerce System GET Parameter view_order.php sql injection

A vulnerability was determined in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/view_order.php of the component GET Parame…

Remote | Injection
Apr 29, 2026 Apr 29, 2026
Apr 29, 2026
Apr 29, 2026
8.8 HIGH
CVE-2026-5712 — IdentityIQ Role Editor Incorrect Authorization Vulnerability

This vulnerability impacts all versions of IdentityIQ and allows an authenticated identity that is the requestor or assignee of a work item to edit the definition of a role without having an assigned…

identityiq | Remote | Authorization
Apr 29, 2026 May 05, 2026
Apr 29, 2026
May 05, 2026
5.5 MEDIUM
CVE-2026-26204 — Wazuh: Heap-based NULL WRITE Buffer Underflow in GetAlertData

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 1.0.0 to before version 4.14.4, a heap-based out-of-bounds WRITE occurs in GetAlertData, res…

wazuh | Memory Corruption
Apr 29, 2026 Apr 30, 2026
Apr 29, 2026
Apr 30, 2026
10.0 CRITICAL
CVE-2026-26015 — Unauthenticated RCE in DocsGPT MCP STDIO Configuration

DocsGPT is a GPT-powered chat for documentation. From version 0.15.0 to before version 0.16.0, an attacker accessing both the official DocsGPT website or any local and public deployment, can craft a …

docsgpt | Remote | Injection
Apr 29, 2026 May 06, 2026
Apr 29, 2026
May 06, 2026
Showing 20 of 7004 Results