Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
5.4 MEDIUM
CVE-2021-47948 — WordPress GetPaid Plugin 2.4.6 HTML Injection via Help Text

WordPress GetPaid Plugin 2.4.6 contains an HTML injection vulnerability that allows authenticated attackers to inject arbitrary HTML code by exploiting the Help Text field in payment forms. Attackers…

Remote | Injection
May 10, 2026 May 10, 2026
May 10, 2026
May 10, 2026
6.4 MEDIUM
CVE-2021-47947 — Projectsend r1295 Stored Cross-Site Scripting via files-edit.php

Projectsend r1295 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input in the 'name' parameter of files-edi…

projectsend | Remote | Cross-Site Scripting
May 10, 2026 May 10, 2026
May 10, 2026
May 10, 2026
6.9 MEDIUM
CVE-2021-47946 — OpenCart 3.0.36 Account Takeover via Cross Site Request Forgery

OpenCart 3.0.36 contains a cross-site request forgery vulnerability in the /account/edit endpoint that allows unauthenticated attackers to modify victim account details by tricking users into visitin…

opencart | Remote | Cross-Site Request Forgery
May 10, 2026 May 10, 2026
May 10, 2026
May 10, 2026
8.5 HIGH
CVE-2021-47945 — Argus Surveillance DVR 4.0 Unquoted Service Path Privilege Escalation

Argus Surveillance DVR 4.0 contains an unquoted service path vulnerability in the DVRWatchdog service that allows local attackers to escalate privileges by exploiting the service binary path. Attacke…

| Misconfiguration
May 10, 2026 May 10, 2026
May 10, 2026
May 10, 2026
8.7 HIGH
CVE-2021-47944 — memono Notepad 4.2 Denial of Service via Buffer Overflow

memono Notepad 4.2 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character buffers into note fields. Attackers can generate a p…

Remote | Denial of Service
May 10, 2026 May 10, 2026
May 10, 2026
May 10, 2026
8.8 HIGH
CVE-2021-47943 — TextPattern CMS 4.8.7 Remote Code Execution via File Upload

TextPattern CMS 4.8.7 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by uploading malicious PHP files through the file upload functio…

textpattern | Remote | Misconfiguration
May 10, 2026 May 10, 2026
May 10, 2026
May 10, 2026
8.8 HIGH
CVE-2021-47941 — WordPress Plugin Survey & Poll 1.5.7.3 SQL Injection via sss_params

WordPress Plugin Survey & Poll 1.5.7.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wp_sap co…

Remote | Injection
May 10, 2026 May 10, 2026
May 10, 2026
May 10, 2026
9.8 CRITICAL
CVE-2021-47940 — WordPress Download From Files 1.48 Arbitrary File Upload

WordPress Plugin Download From Files version 1.48 and earlier contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by exploiting the AJAX fi…

Remote | Authentication
May 10, 2026 May 10, 2026
May 10, 2026
May 10, 2026
8.8 HIGH
CVE-2021-47939 — Evolution CMS 3.1.6 Authenticated Remote Code Execution via Module Creation

Evolution CMS 3.1.6 contains a remote code execution vulnerability that allows authenticated users with module creation permissions to execute arbitrary system commands by injecting PHP code into mod…

evolution_cms | Remote | Injection
May 10, 2026 May 10, 2026
May 10, 2026
May 10, 2026
8.8 HIGH
CVE-2021-47938 — ImpressCMS 1.4.2 Remote Code Execution via Autotasks

ImpressCMS 1.4.2 contains a remote code execution vulnerability in the autotasks administrative interface that allows authenticated attackers to execute arbitrary PHP code by injecting malicious code…

impresscms | Remote | Injection
May 10, 2026 May 10, 2026
May 10, 2026
May 10, 2026
8.8 HIGH
CVE-2021-47937 — e107 CMS 2.3.0 Authenticated Remote Code Execution via Theme Upload

e107 CMS 2.3.0 contains a remote code execution vulnerability that allows authenticated users with theme installation permissions to execute arbitrary commands by uploading malicious theme files. Att…

e107_cms | Remote | Authentication
May 10, 2026 May 10, 2026
May 10, 2026
May 10, 2026
9.8 CRITICAL
CVE-2021-47936 — OpenCATS 0.9.4 Remote Code Execution via Resume Upload

OpenCATS 0.9.4 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by uploading malicious PHP files disguised as resume attachments. Att…

opencats | Remote | Authentication
May 10, 2026 May 10, 2026
May 10, 2026
May 10, 2026
8.8 HIGH
CVE-2021-47935 — Sentry 8.2.0 Remote Code Execution via Pickle Deserialization

Sentry 8.2.0 contains a remote code execution vulnerability that allows authenticated superusers to execute arbitrary commands by injecting malicious pickle-serialized objects through the audit log e…

sentry | Remote | Injection
May 10, 2026 May 10, 2026
May 10, 2026
May 10, 2026
9.8 CRITICAL
CVE-2021-47933 — WordPress MStore API 2.0.6 Arbitrary File Upload

WordPress MStore API 2.0.6 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the REST API endpoint. Attackers…

mstore_api | Remote | Authentication
May 10, 2026 May 10, 2026
May 10, 2026
May 10, 2026
9.8 CRITICAL
CVE-2021-47932 — WordPress TheCartPress 1.5.3.6 Privilege Escalation Unauthenticated

WordPress TheCartPress 1.5.3.6 contains an unauthenticated privilege escalation vulnerability that allows attackers to create administrator accounts by submitting crafted requests to the AJAX handler…

thecartpress | Remote | Authentication
May 10, 2026 May 10, 2026
May 10, 2026
May 10, 2026
6.4 MEDIUM
CVE-2021-47931 — Exponent CMS 2.6 Multiple Vulnerabilities Stored XSS Authentication

Exponent CMS 2.6 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Title and Text Block parameters in the text editing e…

exponent_cms | Remote | Cross-Site Scripting
May 10, 2026 May 10, 2026
May 10, 2026
May 10, 2026
8.8 HIGH
CVE-2021-47930 — Balbooa Joomla Forms Builder 2.0.6 SQL Injection Unauthenticated

Balbooa Joomla Forms Builder 2.0.6 contains an unauthenticated SQL injection vulnerability in the form submission handler that allows remote attackers to execute arbitrary SQL queries. Attackers can …

Remote | Injection
May 10, 2026 May 10, 2026
May 10, 2026
May 10, 2026
6.4 MEDIUM
CVE-2021-47929 — WordPress Plugin Filterable Portfolio Gallery 1.0 Stored XSS

Filterable Portfolio Gallery 1.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by entering payloads in the title field. Attac…

Remote | Cross-Site Scripting
May 10, 2026 May 10, 2026
May 10, 2026
May 10, 2026
8.8 HIGH
CVE-2021-47928 — Opencart TMD Vendor System 3.x Blind SQL Injection via product route

Opencart TMD Vendor System 3.x contains a blind SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the product_id paramete…

Remote | Injection
May 10, 2026 May 10, 2026
May 10, 2026
May 10, 2026
6.4 MEDIUM
CVE-2021-47927 — WordPress Plugin WP Symposium Pro 2021.10 Stored XSS via wps_admin_forum_add_name

WordPress Plugin WP Symposium Pro 2021.10 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by exploiting insufficient sanitization …

wp_symposium_pro | Remote | Cross-Site Scripting
May 10, 2026 May 10, 2026
May 10, 2026
May 10, 2026
Showing 20 of 5475 Results