Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
9.8 CRITICAL
CVE-2018-25332 — GitBucket 4.23.1 Unauthenticated Remote Code Execution

GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands by exploiting weak secret token generation and insecure file uploa…

gitbucket gitbucket | Remote | Injection
May 17, 2026 May 27, 2026
May 17, 2026
May 27, 2026
6.1 MEDIUM
CVE-2018-25331 — Zenar Content Management System Cross-Site Scripting via ajax.php

Zenar Content Management System contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating form parameters in POST requests. Attac…

Remote | Cross-Site Scripting
May 17, 2026 May 18, 2026
May 17, 2026
May 18, 2026
8.8 HIGH
CVE-2018-25330 — Joomla! EkRishta 2.10 Persistent XSS and SQL Injection

Joomla! extension EkRishta 2.10 contains persistent cross-site scripting and SQL injection vulnerabilities that allow attackers to inject malicious code through profile fields and POST parameters. At…

Remote | Cross-Site Scripting
May 17, 2026 May 18, 2026
May 17, 2026
May 18, 2026
8.7 HIGH
CVE-2018-25329 — WordPress Plugin WP with Spritz 1.0 Remote File Inclusion

WordPress Plugin WP with Spritz 1.0 contains a remote file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by injecting file paths into the url parameter. Attack…

Remote | Path Traversal
May 17, 2026 May 18, 2026
May 17, 2026
May 18, 2026
8.6 HIGH
CVE-2018-25328 — VX Search 10.6.18 Local Buffer Overflow via Directory Field

VX Search 10.6.18 contains a local buffer overflow vulnerability that allows attackers to overwrite the instruction pointer by supplying an oversized string in the directory field. Attackers can craf…

better_search | Memory Corruption
May 17, 2026 May 18, 2026
May 17, 2026
May 18, 2026
6.9 MEDIUM
CVE-2018-25327 — Joomla! Component Js Jobs 1.2.0 Cross-Site Request Forgery

Joomla! Component Js Jobs 1.2.0 contains a cross-site request forgery vulnerability that allows attackers to perform state-changing actions without token validation. Attackers can craft malicious HTM…

js_jobs | Remote | Cross-Site Request Forgery
May 17, 2026 May 18, 2026
May 17, 2026
May 18, 2026
8.7 HIGH
CVE-2018-25326 — Google Drive for WordPress 2.2 Path Traversal RCE via gdrive-ajaxs.php

Google Drive for WordPress 2.2 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by injecting directory traversal sequences in the file_name parame…

google_drive | Remote | Path Traversal
May 17, 2026 May 18, 2026
May 17, 2026
May 18, 2026
8.7 HIGH
CVE-2018-25325 — Woocommerce CSV Importer 3.3.6 Path Traversal File Deletion

Woocommerce CSV Importer 3.3.6 contains a path traversal vulnerability that allows any registered user to delete arbitrary files by submitting unescaped filenames through the delete_export_file AJAX …

Remote | Path Traversal
May 17, 2026 May 18, 2026
May 17, 2026
May 18, 2026
6.9 MEDIUM
CVE-2018-25324 — Simple Fields 0.2-0.3.5 Local File Inclusion via wp_abspath

Simple Fields 0.2 through 0.3.5 WordPress Plugin contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by injecting null bytes into the wp_abspat…

| Path Traversal
May 17, 2026 May 18, 2026
May 17, 2026
May 18, 2026
8.6 HIGH
CVE-2018-25323 — Allok AVI DivX MPEG to DVD Converter 2.6.1217 Buffer Overflow SEH

Allok AVI DivX MPEG to DVD Converter 2.6.1217 contains a structured exception handler buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payl…

wmv_to_avi_mpeg_dvd_wmv_convertor | Memory Corruption
May 17, 2026 May 18, 2026
May 17, 2026
May 18, 2026
8.6 HIGH
CVE-2018-25322 — Allok Fast AVI MPEG Splitter 1.2 Stack Based Buffer Overflow

Allok Fast AVI MPEG Splitter 1.2 contains a stack based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious license name string. Attackers can…

| Memory Corruption
May 17, 2026 May 18, 2026
May 17, 2026
May 18, 2026
5.3 MEDIUM
CVE-2018-25321 — TP-Link TL-WR720N CSRF via Administrative Interfaces (firmware V1_130719)

TP-Link TL-WR720N wireless router contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious web requests. Attacker…

tl-wr720n_firmware tl-wr720n | Remote | Cross-Site Request Forgery
May 17, 2026 May 18, 2026
May 17, 2026
May 18, 2026
9.8 CRITICAL
CVE-2018-25320 — ACL Analytics 11.x - 13.0.0.579 Arbitrary Code Execution

ACL Analytics versions 11.x through 13.0.0.579 contain an arbitrary code execution vulnerability that allows attackers to execute arbitrary commands by leveraging the EXECUTE function. Attackers can …

Remote | Injection
May 17, 2026 May 18, 2026
May 17, 2026
May 18, 2026
7.1 HIGH
CVE-2018-25319 — Redaxo CMS Addon MyEvents 2.2.1 SQL Injection via event_add.php

Redaxo CMS Addon MyEvents 2.2.1 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the myevents_id parameter. Att…

Remote | Injection
May 17, 2026 May 18, 2026
May 17, 2026
May 18, 2026
5.5 MEDIUM
CVE-2026-8752 — h2oai h2o-3 Rapids setproperty Primitive AstSetProperty.java exec access control

A weakness has been identified in h2oai h2o-3 up to 7402. This vulnerability affects the function exec of the file h2o-core/src/main/java/water/rapids/ast/prims/misc/AstSetProperty.java of the compon…

h2o h2o-3 | Remote | Authorization
May 17, 2026 May 19, 2026
May 17, 2026
May 19, 2026
9.8 CRITICAL
CVE-2026-8751 — h2oai h2o-3 JAR Model.java importBinaryModel deserialization

A security flaw has been discovered in h2oai h2o-3 up to 7402. This affects the function importBinaryModel of the file h2o-core/src/main/java/hex/Model.java of the component JAR Handler. Performing a…

h2o h2o-3 | Remote | Injection
May 17, 2026 May 19, 2026
May 17, 2026
May 19, 2026
7.5 HIGH
CVE-2026-8750 — h2oai h2o-3 ImportFile API PersistNFS.java importFiles information disclosure

A vulnerability was identified in h2oai h2o-3 up to 7402. Affected by this issue is the function importFiles of the file h2o-core/src/main/java/water/persist/PersistNFS.java of the component ImportFi…

h2o h2o-3 | Remote | Information Disclosure
May 17, 2026 May 19, 2026
May 17, 2026
May 19, 2026
6.5 MEDIUM
CVE-2026-8747 — Z-BlogPHP Commend Approval c_system_event.php CheckComment improper authorization

A weakness has been identified in Z-BlogPHP 1.7.4.3430. This affects the function CheckComment of the file zb_system/function/c_system_event.php of the component Commend Approval Handler. This manipu…

z-blogphp | Remote | Authorization
May 17, 2026 May 18, 2026
May 17, 2026
May 18, 2026
6.5 MEDIUM
CVE-2026-8746 — Open5GS NRF nghttp2-server.c discover_handler use after free

A security flaw has been discovered in Open5GS up to 2.7.7. Affected by this issue is the function discover_handler in the library /lib/sbi/nghttp2-server.c of the component NRF. The manipulation res…

open5gs | Remote | Memory Corruption
May 17, 2026 May 18, 2026
May 17, 2026
May 18, 2026
6.5 MEDIUM
CVE-2026-8745 — Open5GS AUSF nausf-handler.c ogs_timer_add denial of service

A vulnerability was identified in Open5GS up to 2.7.7. Affected by this vulnerability is the function ogs_timer_add in the library /src/ausf/nausf-handler.c of the component AUSF. The manipulation le…

open5gs | Remote | Denial of Service
May 17, 2026 May 18, 2026
May 17, 2026
May 18, 2026
Showing 20 of 7094 Results