Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2026-24371

    Missing Authorization vulnerability in bookingalgorithms BA Book Everything ba-book-everything allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BA Book Everything: from n/a through <= 1.8.16.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2026-24368

    Missing Authorization vulnerability in Theme-one The Grid the-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Grid: from n/a through < 2.8.0.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2026-24367

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shinetheme Traveler traveler allows Blind SQL Injection.This issue affects Traveler: from n/a through < 3.2.8.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2026-24366

    Missing Authorization vulnerability in YITHEMES YITH WooCommerce Request A Quote yith-woocommerce-request-a-quote allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YITH WooCommerce Request A Quote: from n/a through... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2026-24365

    Cross-Site Request Forgery (CSRF) vulnerability in storeapps Stock Manager for WooCommerce woocommerce-stock-manager allows Cross Site Request Forgery.This issue affects Stock Manager for WooCommerce: from n/a through < 3.6.0.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 0.0

    NA
    CVE-2026-24361

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress LearnPress &#8211; Course Review learnpress-course-review allows Stored XSS.This issue affects LearnPress &#8211; Course Review: from n/a throu... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2026-24360

    Server-Side Request Forgery (SSRF) vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Server Side Request Forgery.This issue affects Seriously Simple Podcasting: from n/a through <= 3.14.1.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Server-Side Request Forgery

  • 0.0

    NA
    CVE-2026-24358

    Missing Authorization vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And Survey Master: from n/a through <= 10.3.3.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2026-24357

    Missing Authorization vulnerability in Brecht WP Recipe Maker wp-recipe-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Recipe Maker: from n/a through <= 10.2.4.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2026-24356

    Missing Authorization vulnerability in Roxnor GetGenie getgenie allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GetGenie: from n/a through <= 4.3.0.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2026-24355

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in favethemes Houzez Theme - Functionality houzez-theme-functionality allows Stored XSS.This issue affects Houzez Theme - Functionality: from n/a through <=... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2026-24354

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Shortcodes & Performance penci-shortcodes allows DOM-Based XSS.This issue affects Penci Shortcodes & Performance: from n/a through <= 6... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2026-24353

    Missing Authorization vulnerability in wpeverest User Registration user-registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from n/a through <= 4.4.9.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2026-23978

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Softwebmedia Gyan Elements gyan-elements allows PHP Local File Inclusion.This issue affects Gyan Elements: from n/a through <= 2.2.1.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Path Traversal

  • 0.0

    NA
    CVE-2026-23976

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Chill Modula Image Gallery modula-best-grid-gallery allows Stored XSS.This issue affects Modula Image Gallery: from n/a through <= 2.13.4.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2026-23975

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in uxper Golo golo allows PHP Local File Inclusion.This issue affects Golo: from n/a through < 1.7.5.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Path Traversal

  • 0.0

    NA
    CVE-2026-23974

    Missing Authorization vulnerability in uxper Golo golo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Golo: from n/a through < 1.7.5.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2026-22483

    Cross-Site Request Forgery (CSRF) vulnerability in winkm89 teachPress teachpress allows Cross Site Request Forgery.This issue affects teachPress: from n/a through <= 9.0.12.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 0.0

    NA
    CVE-2026-22482

    Server-Side Request Forgery (SSRF) vulnerability in wbolt.com IMGspider imgspider allows Server Side Request Forgery.This issue affects IMGspider: from n/a through <= 2.3.12.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Server-Side Request Forgery

  • 0.0

    NA
    CVE-2026-22481

    Missing Authorization vulnerability in Rasedul Haque Rumi BD Courier Order Ratio Checker bd-courier-order-ratio-checker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BD Courier Order Ratio Checker: from n/a thr... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Authorization
Showing 20 of 4649 Results