Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
9.8 CRITICAL
CVE-2022-50993 — Weaver E-office < 10.0_20221201 Unauthenticated Arbitrary File Read via XmlRpcServlet

Weaver (Fanwei) E-office versions prior to 10.0_20221201 contain an unauthenticated arbitrary file upload vulnerability in the OfficeServer.php endpoint that allows remote attackers to upload malicio…

Remote | Authentication
Apr 30, 2026 Apr 30, 2026
Apr 30, 2026
Apr 30, 2026
8.7 HIGH
CVE-2022-50992 — Weaver E-cology 9.5 Unauthenticated Arbitrary File Read via XmlRpcServlet

Weaver (Fanwei) E-cology 9.5 versions prior to 10.52 contain an arbitrary file read vulnerability in the XmlRpcServlet interface at the XML-RPC endpoint that allows unauthenticated remote attackers t…

e-cology | Remote | Path Traversal
Apr 30, 2026 Apr 30, 2026
Apr 30, 2026
Apr 30, 2026
8.8 HIGH
CVE-2026-5174 — Improper Access Control Vulnerability in Progress MOVEit Automation

Improper input validation vulnerability in Progress Software MOVEit Automation allows Privilege Escalation. This issue affects MOVEit Automation: from 2025.1.0 before 2025.1.5, from 2025.0.0 before …

moveit_automation | Remote | Authorization
Apr 30, 2026 May 04, 2026
Apr 30, 2026
May 04, 2026
9.8 CRITICAL
CVE-2026-4670 — Improper Authentication vulnerability in Progress MOVEit Automation

Authentication bypass by primary weakness vulnerability in Progress Software MOVEit Automation allows Authentication Bypass. This issue affects MOVEit Automation: from 2025.0.0 before 2025.0.9, from…

moveit_automation | Remote | Authentication
Apr 30, 2026 May 04, 2026
Apr 30, 2026
May 04, 2026
6.1 MEDIUM
CVE-2026-38940 — RafyMrX TOKO-ONLINE-ROTI Cross-Site Scripting

Cross Site Scripting vulnerability in RafyMrX TOKO-ONLINE-ROTI v.1.0 allows a remote attacker to execute arbitrary code via the detail_produk.php component

Remote | Cross-Site Scripting
Apr 30, 2026 Apr 30, 2026
Apr 30, 2026
Apr 30, 2026
6.1 MEDIUM
CVE-2026-38939 — Andrewtch88 MVC-Ecommerce Cross-Site Scripting Vulnerability

Cross Site Scripting vulnerability in andrewtch88 mvc-ecommerce v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the product_catalogue.php component

Remote | Cross-Site Scripting
Apr 30, 2026 Apr 30, 2026
Apr 30, 2026
Apr 30, 2026
8.8 HIGH
CVE-2026-36960 — U-SPEED N300 Router CSRF Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability exists in the web management interface of the U-SPEED N300 Rounter V1.0.0. The device does not implement CSRF protection mechanisms such as anti-CSRF…

Remote | Cross-Site Request Forgery
Apr 30, 2026 Apr 30, 2026
Apr 30, 2026
Apr 30, 2026
6.5 MEDIUM
CVE-2026-36759 — Halo SSRF Vulnerability

A Server-Side Request Forgery (SSRF) in the /themes/{name}/upgrade-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request.

Remote | Server-Side Request Forgery
Apr 30, 2026 Apr 30, 2026
Apr 30, 2026
Apr 30, 2026
4.3 MEDIUM
CVE-2026-36758 — Halo SSRF

A Server-Side Request Forgery (SSRF) in the /themes/-/install-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request.

Remote | Server-Side Request Forgery
Apr 30, 2026 Apr 30, 2026
Apr 30, 2026
Apr 30, 2026
5.4 MEDIUM
CVE-2026-36756 — Halo SSRF

A Server-Side Request Forgery (SSRF) in the /plugins/-/install-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request.

Remote | Server-Side Request Forgery
Apr 30, 2026 Apr 30, 2026
Apr 30, 2026
Apr 30, 2026
8.1 HIGH
CVE-2026-36340 — Krayin CRM Remote Code Execution

An issue in Krayin CRM v.2.1.5 and fixed in v.2.1.6 allows a remote attacker to execute arbitrary code via the compose email function

Remote | Information Disclosure
Apr 30, 2026 Apr 30, 2026
Apr 30, 2026
Apr 30, 2026
9.1 CRITICAL
CVE-2025-14543 — Improper Restriction of XML External Entity Reference vulnerability in Connext Profession…

Improper Restriction of XML External Entity Reference vulnerability in Connext Professional (Core Libraries) allows Serialized Data External Linking.This issue affects Connext Professional: from 7.4.…

connext_professional | Remote | XML External Entity
Apr 30, 2026 May 04, 2026
Apr 30, 2026
May 04, 2026
Showing 20 of 6952 Results