Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

395 New today

62,749 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

151

Jun 3

354

Jun 4

517

Jun 5

109

Jun 6

Jun 7

255

Jun 8

658

Jun 9

351

Jun 10

245

Jun 11

336

Jun 12

Jun 13

Jun 14

443

Jun 15

Jun 16

Critical

High

Medium

Low

Latest

CVE CVSS 5.3

Abandoned Contact Form 7 <= 2.2 - Missing Authorization to Unauthenticated Arbitrary Post Deletion via 'recover_id' Parameter_CVE-2026-9187

The Abandoned Contact Form 7 plugin for WordPress is vulnerable to unauthorized arbitrary post deletion in versions up to, and including, 2.2. This is due to a missing capability check and missing nonce validation in the action__remove_abandoned() function, which is registered...

CVE-2026-9187 zealopensource Abandoned Contact Form 7

Jun 16, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.8	CVE-2026-8443	WP Review Slider Pro <= 12.6.8 - Authenticated (Subscriber+) SQL Injection via 'stypes' Parameter_CVE-2026-8443 The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'stypes' and 'slocations' parameters of the wppro_get_overall_...	https://wpreviewslider.com/	WP Review Slider Pro	Jun 16, 2026	CVE
HIGH 8.8	CVE-2026-6933	Premmerce Dev Tools <= 2.0 - Missing Authorization to Authenticated (Subscriber+) Remote Code Execution via Plugin Creation_CVE-2026-6933 The Premmerce Dev Tools plugin for WordPress is vulnerable to Remote Code Execution via missing authorization in versions up to and including 2.0. ...	premmerce	Premmerce Dev Tools	Jun 16, 2026	CVE
MEDIUM 6.5	CVE-2026-5149	RTMKit <= 2.0.7 - Authenticated (Contributor+) Missing Authorization to Arbitrary Form Submission Access via 'entries_id' Parameter_CVE-2026-5149 The RTMKit plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 2.0.7 This is due to the get_submiss...	rometheme	RTMKit	Jun 16, 2026	CVE
MEDIUM 6.7	CVE-2026-50255	CVE-2026-50255_CVE-2026-50255 Incorrect default permissions issue exists in Optical Disc Archive Software for Windows 5.5.3 and earlier. If this vulnerability is exploited, arbi...	Sony Corporation	Optical Disc Archive Software for Windows 5.5.3 and earlier	Jun 16, 2026	CVE
MEDIUM 4.3	CVE-2026-10780	Static Block <= 2.2 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Disclosure via Shortcode 'id' Attribute_CVE-2026-10780 The Static Block plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2. This is due to t...	mohammadtanzilurrahman	Static Block	Jun 16, 2026	CVE
MEDIUM 6.3	CVE-2026-10635	Dangling memory-domain pointer (use-after-free) in Xtensa MMU page-table code on memory-domain de-init_CVE-2026-10635 On Xtensa targets with CONFIG_USERSPACE and CONFIG_XTENSA_MMU, the page-table code (arch/xtensa/core/ptables.c) maintains a global list, xtensa_dom...	zephyrproject	zephyr 4.4.0	Jun 16, 2026	CVE
NONE	B330A5D9-A16C-	Mr-Robot-CTF-Automation-Scripts_B330A5D9-A16C-5448-ACE0-A24AA4413B17 No description provided...	N/A	N/A	Jun 16, 2026	GITHUBEXPLOIT
HIGH 8.8	CVE-2026-7273	CVE-2026-7273_CVE-2026-7273 A stack-based buffer overflow vulnerability in the CGI program of Zyxel GS1900-48HPv2 firmware versions through 2.90(ABTQ.1)C0 could allow a LAN-ba...	Zyxel	GS1900-48HPv2 firmware <= 2.90(ABTQ.1)C0	Jun 16, 2026	CVE
CRITICAL 10	5773EA35-AE6F-	Exploit for Deserialization of Untrusted Data in Facebook React_5773EA35-AE6F-5F32-8C58-AE355FF2E15B CVE-2025-55182 — React2Shell Critical pre-authentication Remote Code Execution vulnerability in React Server Components RSC, Next.js, and related f...	N/A	N/A	Jun 16, 2026	GITHUBEXPLOIT

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

Abandoned Contact Form 7 <= 2.2 - Missing Authorization to Unauthenticated Arbitrary Post Deletion via 'recover_id' Parameter_CVE-2026-9187

Recent Advisories

WP Review Slider Pro <= 12.6.8 - Authenticated (Subscriber+) SQL Injection via 'stypes' Parameter_CVE-2026-8443

Premmerce Dev Tools <= 2.0 - Missing Authorization to Authenticated (Subscriber+) Remote Code Execution via Plugin Creation_CVE-2026-6933

RTMKit <= 2.0.7 - Authenticated (Contributor+) Missing Authorization to Arbitrary Form Submission Access via 'entries_id' Parameter_CVE-2026-5149

CVE-2026-50255_CVE-2026-50255

Static Block <= 2.2 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Disclosure via Shortcode 'id' Attribute_CVE-2026-10780

Dangling memory-domain pointer (use-after-free) in Xtensa MMU page-table code on memory-domain de-init_CVE-2026-10635

Mr-Robot-CTF-Automation-Scripts_B330A5D9-A16C-5448-ACE0-A24AA4413B17

CVE-2026-7273_CVE-2026-7273

Exploit for Deserialization of Untrusted Data in Facebook React_5773EA35-AE6F-5F32-8C58-AE355FF2E15B

Protect Your Attack Surface with RedGem

Security Intelligence
Feed