Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

335 New today
67,993 Total advisories
Live Monitoring

Daily Security Trends (Last 14 Days)

352
Jun 19
56
Jun 20
104
Jun 21
317
Jun 22
294
Jun 23
355
Jun 24
376
Jun 25
386
Jun 26
53
Jun 27
318
Jun 28
284
Jun 29
427
Jun 30
693
Jul 1
169
Jul 2
Critical
High
Medium
Low

Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7.5 CVE-2026-13251

Perfmatters <= 2.6.4 - Unauthenticated Arbitrary File Read via 's' Parameter_CVE-2026-13251

The Perfmatters plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.6.4 via the 's' parameter. This m...

perfmatters Perfmatters CVE
MEDIUM 5.3 CVE-2026-12657

LatePoint <= 5.6.2 - Unauthenticated Insecure Direct Object Reference to Arbitrary Creation via 'service_id' Parameter_CVE-2026-12657

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Insecure Direct Object Reference in all v...

latepoint LatePoint – Calendar Booking Plugin for Appointments and Events CVE
MEDIUM 5.3 CVE-2026-12472

Kirki <= 6.0.11 - Missing Authorization to Unauthenticated Arbitrary Email Content Injection (Mail Relay / Phishing) via 'emailBody' and 'emailSubject' Parameters_CVE-2026-12472

The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to authorization bypass in all versions up to, a...

themeum Kirki – Freeform Page Builder, Website Builder & Customizer CVE
MEDIUM 4.3 CVE-2026-12134

JoomSport <= 5.7.8 - Authenticated (Subscriber+) Missing Authorization to Arbitrary Group Creation/Modification via season_groupedit AJAX action_CVE-2026-12134

The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to authorization bypass in all versions up to...

beardev JoomSport – for Sports: Team & League, Football, Hockey & more CVE
MEDIUM 5.3 CVE-2026-12122

Kirki <= 6.0.11 - Missing Authorization to Unauthenticated Sensitive Information Exposure via kirki_post_apis_nopriv AJAX Action_CVE-2026-12122

The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to Sensitive Information Exposure in all version...

themeum Kirki – Freeform Page Builder, Website Builder & Customizer CVE
MEDIUM 5.3 CVE-2026-11896

My Calendar <= 3.7.14 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Disclosure via 'vcal' Parameter_CVE-2026-11896

The My Calendar – Accessible Event Manager plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and includ...

joedolson My Calendar – Accessible Event Manager CVE
MEDIUM 4.4 CVE-2026-10104

Product Video Gallery for Woocommerce <= 1.5.1.8 - Authenticated (Shop Manager+) Stored Cross-Site Scripting via custom_thumbnail Parameter_CVE-2026-10104

The Product Video Gallery for Woocommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom_thumbnail Parameter in all v...

nikhilgadhiya Product Video Gallery for Woocommerce CVE
NONE 81CC3931-A102-

sec-poc_81CC3931-A102-53DE-8AD8-B340E00AFF22

sec-poc...

N/A N/A GITHUBEXPLOIT
CRITICAL 9.8 34CCFAD0-8C43-

Exploit for CVE-2021-27877_34CCFAD0-8C43-5B1F-B129-EC944F9BD546

CVE-2021-27877 Proof of Concept This repository contains a modified version of the original Rapid7 Metasploit module for CVE-2021-27877 affecting t...

N/A N/A GITHUBEXPLOIT