Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
8.8 HIGH
CVE-2015-20120 — RealtyScript 4.0.2 Multiple Time-based Blind SQL Injection

Next Click Ventures RealtyScript 4.0.2 contains multiple time-based blind SQL injection vulnerabilities that allow unauthenticated attackers to extract database information by injecting SQL code into…

Remote | Injection
Mar 15, 2026 Mar 15, 2026
Mar 15, 2026
Mar 15, 2026
8.7 HIGH
CVE-2017-20220 — Serviio PRO 1.8 Unauthenticated Password Change via REST API

Serviio PRO 1.8 contains an improper access control vulnerability in the Configuration REST API that allows unauthenticated attackers to change the mediabrowser login password. Attackers can send spe…

Remote | Authentication
Mar 15, 2026 Mar 15, 2026
Mar 15, 2026
Mar 15, 2026
6.1 MEDIUM
CVE-2017-20219 — Serviio PRO 1.8 DOM-based Cross-Site Scripting via mediabrowser

Serviio PRO 1.8 DLNA Media Streaming Server contains a DOM-based cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads. At…

Remote | Cross-Site Scripting
Mar 15, 2026 Mar 15, 2026
Mar 15, 2026
Mar 15, 2026
8.5 HIGH
CVE-2017-20218 — Serviio PRO 1.8 Local Privilege Escalation via Unquoted Path

Serviio PRO 1.8 contains an unquoted search path vulnerability in the Windows service that allows local users to execute arbitrary code with elevated privileges by placing malicious executables in th…

| Misconfiguration
Mar 15, 2026 Mar 15, 2026
Mar 15, 2026
Mar 15, 2026
8.7 HIGH
CVE-2017-20217 — Serviio PRO 1.8 REST API Information Disclosure

Serviio PRO 1.8 contains an information disclosure vulnerability due to improper access control enforcement in the Configuration REST API that allows unauthenticated attackers to access sensitive inf…

Remote | Information Disclosure
Mar 15, 2026 Mar 15, 2026
Mar 15, 2026
Mar 15, 2026
6.1 MEDIUM
CVE-2016-20036 — Wowza Streaming Engine 4.5.0 Multiple Cross-Site Scripting Vulnerabilities

Wowza Streaming Engine 4.5.0 contains multiple reflected cross-site scripting vulnerabilities in the enginemanager interface where input passed through various parameters is not properly sanitized be…

Remote | Cross-Site Scripting
Mar 15, 2026 Mar 15, 2026
Mar 15, 2026
Mar 15, 2026
6.9 MEDIUM
CVE-2016-20035 — Wowza Streaming Engine 4.5.0 CSRF via user edit endpoint

Wowza Streaming Engine 4.5.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by crafting malicious web pages. Attackers can trick logged-in…

Remote | Cross-Site Request Forgery
Mar 15, 2026 Mar 15, 2026
Mar 15, 2026
Mar 15, 2026
8.8 HIGH
CVE-2016-20034 — Wowza Streaming Engine 4.5.0 Privilege Escalation via user edit

Wowza Streaming Engine 4.5.0 contains a privilege escalation vulnerability that allows authenticated read-only users to elevate privileges to administrator by manipulating POST parameters. Attackers …

Remote | Authentication
Mar 15, 2026 Mar 15, 2026
Mar 15, 2026
Mar 15, 2026
8.5 HIGH
CVE-2016-20033 — Wowza Streaming Engine 4.5.0 Local Privilege Escalation via nssm_x64.exe

Wowza Streaming Engine 4.5.0 contains a local privilege escalation vulnerability that allows authenticated users to escalate privileges by replacing executable files due to improper file permissions …

| Authorization
Mar 15, 2026 Mar 15, 2026
Mar 15, 2026
Mar 15, 2026
8.8 HIGH
CVE-2015-20121 — RealtyScript 4.0.2 SQL Injection via u_id and agent Parameters

Next Click Ventures RealtyScript 4.0.2 contains SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting arbitrary SQL code through the GET param…

Remote | Injection
Mar 15, 2026 Mar 15, 2026
Mar 15, 2026
Mar 15, 2026
6.4 MEDIUM
CVE-2015-20119 — RealtyScript 4.0.2 Stored Cross-Site Scripting via text Parameter in pages.php

Next Click Ventures RealtyScript 4.0.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious HTML and iframe elements through the text parameter…

Remote | Cross-Site Scripting
Mar 15, 2026 Mar 15, 2026
Mar 15, 2026
Mar 15, 2026
7.2 HIGH
CVE-2015-20118 — RealtyScript 4.0.2 Stored Cross-Site Scripting via location_name Parameter

Next Click Ventures RealtyScript 4.0.2 contains a stored cross-site scripting vulnerability in the location_name parameter of the admin locations interface. Attackers can submit POST requests to the …

Remote | Cross-Site Scripting
Mar 15, 2026 Mar 15, 2026
Mar 15, 2026
Mar 15, 2026
6.9 MEDIUM
CVE-2015-20117 — RealtyScript 4.0.2 Cross-Site Request Forgery Unauthorized User Creation

Next Click Ventures RealtyScript 4.0.2 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create unauthorized user accounts and administrative users by craft…

Remote | Cross-Site Request Forgery
Mar 15, 2026 Mar 15, 2026
Mar 15, 2026
Mar 15, 2026
6.1 MEDIUM
CVE-2015-20116 — RealtyScript 4.0.2 Stored Cross-Site Scripting via CSV File Upload Filename

Next Click Ventures RealtyScript 4.0.2 fails to properly sanitize CSV file uploads, allowing attackers to inject malicious scripts through filename parameters in multipart form data. Attackers can up…

Remote | Cross-Site Scripting
Mar 15, 2026 Mar 15, 2026
Mar 15, 2026
Mar 15, 2026
7.2 HIGH
CVE-2015-20115 — RealtyScript 4.0.2 Stored Cross-Site Scripting via File Upload Parameter

Next Click Ventures RealtyScript 4.0.2 fails to properly sanitize file uploads, allowing attackers to store malicious scripts through the file POST parameter in admin/tools.php. Attackers can upload …

Remote | Cross-Site Scripting
Mar 15, 2026 Mar 15, 2026
Mar 15, 2026
Mar 15, 2026
6.1 MEDIUM
CVE-2015-20114 — RealtyScript 4.0.2 Cross-Site Scripting via Multiple Parameters

Next Click Ventures RealtyScript 4.0.2 contains a cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious input through multiple para…

Remote | Cross-Site Scripting
Mar 15, 2026 Mar 15, 2026
Mar 15, 2026
Mar 15, 2026
6.9 MEDIUM
CVE-2015-20113 — RealtyScript 4.0.2 Multiple Cross-Site Request Forgery and Persistent Cross-Site Scriptin…

Next Click Ventures RealtyScript 4.0.2 contains cross-site request forgery and persistent cross-site scripting vulnerabilities that allow attackers to perform administrative actions and inject malici…

Remote | Cross-Site Request Forgery
Mar 15, 2026 Mar 15, 2026
Mar 15, 2026
Mar 15, 2026
8.7 HIGH
CVE-2013-20006 — Qool CMS Multiple Persistent Cross-Site Scripting Vulnerabilities

Qool CMS contains multiple persistent cross-site scripting vulnerabilities in several administrative scripts where POST parameters are not properly sanitized before being stored and returned to users…

Remote | Cross-Site Scripting
Mar 15, 2026 Mar 15, 2026
Mar 15, 2026
Mar 15, 2026
6.9 MEDIUM
CVE-2013-20005 — Qool CMS 2.0 RC2 Cross-Site Request Forgery via adduser

Qool CMS 2.0 RC2 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious web pages. Attackers c…

Remote | Cross-Site Request Forgery
Mar 15, 2026 Mar 15, 2026
Mar 15, 2026
Mar 15, 2026
0.0 NA
CVE-2026-4185 — GPAC MP4Box swf_parse.c swf_def_bits_jpeg stack-based overflow

A vulnerability was found in GPAC up to 2.5-DEV-rev2167-gcc9d617c0-master. This vulnerability affects the function swf_def_bits_jpeg of the file src/scene_manager/swf_parse.c of the component MP4Box.…

| Memory Corruption
Mar 15, 2026 Mar 15, 2026
Mar 15, 2026
Mar 15, 2026
Showing 20 of 5293 Results