Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
7.1 HIGH
CVE-2020-37226 — Joomla J2 JOBS 1.3.0 Authenticated SQL Injection via sortby

Joomla J2 JOBS 1.3.0 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'sortby' parameter. Att…

Remote | Injection
May 13, 2026 May 13, 2026
May 13, 2026
May 13, 2026
6.4 MEDIUM
CVE-2020-37225 — Powie's WHOIS Domain Check 0.9.31 Persistent Cross-Site Scripting

Powie's WHOIS Domain Check 0.9.31 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary JavaScript by exploiting unsanitized input fields in…

pfile | Remote | Cross-Site Scripting
May 13, 2026 May 13, 2026
May 13, 2026
May 13, 2026
7.1 HIGH
CVE-2020-37224 — Joomla J2 JOBS 1.3.0 Authenticated SQL Injection via sortby

Joomla J2 JOBS 1.3.0 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'sortby' parameter. Att…

Remote | Injection
May 13, 2026 May 13, 2026
May 13, 2026
May 13, 2026
8.5 HIGH
CVE-2020-37223 — IObit Uninstaller 9.5.0.15 Unquoted Service Path Privilege Escalation

IObit Uninstaller 9.5.0.15 contains an unquoted service path vulnerability in the IObitUnSvr service that allows local attackers to escalate privileges to SYSTEM level. Attackers can place a maliciou…

| Misconfiguration
May 13, 2026 May 13, 2026
May 13, 2026
May 13, 2026
7.2 HIGH
CVE-2020-37222 — Kuicms Php EE 2.0 Persistent Cross-Site Scripting via bbs reply

Kuicms Php EE 2.0 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted content through the bbs reply endpoi…

Remote | Cross-Site Scripting
May 13, 2026 May 13, 2026
May 13, 2026
May 13, 2026
8.6 HIGH
CVE-2020-37221 — Atomic Alarm Clock 6.3 Stack Overflow via SEH Unicode

Atomic Alarm Clock 6.3 contains a stack overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string to the display name textbox in the Time Zones Cloc…

| Memory Corruption
May 13, 2026 May 13, 2026
May 13, 2026
May 13, 2026
8.7 HIGH
CVE-2020-37220 — Huawei HG630 V2 Router Authentication Bypass via Serial Number

Huawei HG630 V2 router contains an authentication bypass vulnerability that allows unauthenticated attackers to obtain administrative access by retrieving the device serial number. Attackers can quer…

Remote | Authentication
May 13, 2026 May 26, 2026
May 13, 2026
May 26, 2026
8.7 HIGH
CVE-2020-37219 — Joomla com_fabrik 3.9.11 Directory Traversal via image.php

Joomla com_fabrik 3.9.11 contains a directory traversal vulnerability that allows unauthenticated attackers to list arbitrary files by manipulating the folder parameter. Attackers can send GET reques…

fabrik | Remote | Path Traversal
May 13, 2026 May 13, 2026
May 13, 2026
May 13, 2026
8.8 HIGH
CVE-2020-37218 — Joomla com_hdwplayer 4.2 SQL Injection via search.php

Joomla com_hdwplayer 4.2 contains an SQL injection vulnerability in the search.php file that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the …

hdw_player | Remote | Injection
May 13, 2026 May 13, 2026
May 13, 2026
May 13, 2026
5.1 MEDIUM
CVE-2020-37217 — Easy2Pilot 7 Cross-Site Request Forgery via admin.php

Easy2Pilot 7 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized user accounts by tricking authenticated administrators into visiting malicious pages. Attack…

Remote | Cross-Site Request Forgery
May 13, 2026 May 13, 2026
May 13, 2026
May 13, 2026
5.5 MEDIUM
CVE-2020-37174 — WOOF / Products Filter Professional for WooCommerce 1.2.3 Persistent XSS

WOOF Products Filter for WooCommerce 1.2.3 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by entering XSS payloads in design …

husky_-_products_filter_professional_for_woocommerce | Remote | Cross-Site Scripting
May 13, 2026 May 13, 2026
May 13, 2026
May 13, 2026
6.8 MEDIUM
CVE-2020-37169 — WordPress Plugin ultimate-member 2.1.3 Local File Inclusion

WordPress Plugin ultimate-member 2.1.3 contains a local file inclusion vulnerability that allows authenticated attackers to include arbitrary files by manipulating the pack parameter in class-admin-u…

ultimate_member | Path Traversal
May 13, 2026 May 13, 2026
May 13, 2026
May 13, 2026
9.8 CRITICAL
CVE-2020-37168 — Ecommerce Systempay 1.0 Production Key Brute Force

Ecommerce Systempay 1.0 contains a weak cryptographic implementation vulnerability that allows attackers to brute force the 16-character production secret key used for payment signature generation. A…

Remote | Cryptography
May 13, 2026 May 13, 2026
May 13, 2026
May 13, 2026
5.3 MEDIUM
CVE-2026-8463 — Crypt::Argon2 versions from 0.017 before 0.031 for Perl perform a heap out-of-bounds read…

Crypt::Argon2 versions from 0.017 before 0.031 for Perl perform a heap out-of-bounds read in argon2_verify on empty encoded input. The auto-detect form of argon2_verify passes encoded_len - 1 as the…

crypt\ | Remote | Memory Corruption
May 13, 2026 May 13, 2026
May 13, 2026
May 13, 2026
6.0 MEDIUM
CVE-2026-8369 — Improper Input Validation in OpenThread NAT64 Translator

Improper Input Validation in the NAT64 translator in The OpenThread Authors OpenThread before commit 26a882d on all platforms allows an attacker on the adjacent IPv4 network to inject corrupted IPv6 …

| Injection
May 13, 2026 May 13, 2026
May 13, 2026
May 13, 2026
7.1 HIGH
CVE-2026-4609 — ProfileGrid <= 5.9.8.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary G…

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the pm_invite_user function in all versions up t…

profilegrid | Remote | Authorization
May 13, 2026 May 13, 2026
May 13, 2026
May 13, 2026
6.5 MEDIUM
CVE-2026-4608 — ProfileGrid <= 5.9.8.4 - Authenticated (Subscriber+) SQL Injection via 'rid' Parameter

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to blind SQL Injection via the 'rid' parameter in all versions up to, and including, 5.9.8.4 due to insuffic…

profilegrid | Remote | Injection
May 13, 2026 May 13, 2026
May 13, 2026
May 13, 2026
4.3 MEDIUM
CVE-2026-4607 — ProfileGrid <= 5.9.8.4 - Missing Authorization to Authenticated (Subscriber+) Group Setti…

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.9.8.4. This is due to the plugin not properl…

profilegrid | Remote | Authorization
May 13, 2026 May 13, 2026
May 13, 2026
May 13, 2026
8.7 HIGH
CVE-2026-39806 — HTTP/1 chunked decoder infinite loop on requests with trailer fields in bandit

Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in mtrudel bandit allows unauthenticated remote denial of service via worker process exhaustion. 'Elixir.Bandit.HTTP1.Socket':do_…

bandit | Remote | Denial of Service
May 13, 2026 May 21, 2026
May 13, 2026
May 21, 2026
8.7 HIGH
CVE-2026-39803 — HTTP/1 chunked body reader ignores length cap in bandit

Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated remote denial of service via memory exhaustion. The chunked clause of 'Elixir.Bandit.HTTP1…

bandit | Remote | Denial of Service
May 13, 2026 May 21, 2026
May 13, 2026
May 21, 2026
Showing 20 of 7097 Results