Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
6.5 MEDIUM
CVE-2026-4570 — SourceCodester Sales and Inventory System HTTP POST Request view_customers.php sql inject…

A vulnerability was identified in SourceCodester Sales and Inventory System 1.0. Affected is an unknown function of the file /view_customers.php of the component HTTP POST Request Handler. Such manip…

sales_and_inventory_system | Remote | Injection
Mar 23, 2026 Mar 23, 2026
Mar 23, 2026
Mar 23, 2026
6.5 MEDIUM
CVE-2025-10736 — ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Review…

The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to unauthorized access of data due to improper authori…

Remote | Authorization
Mar 23, 2026 Mar 23, 2026
Mar 23, 2026
Mar 23, 2026
6.5 MEDIUM
CVE-2026-4569 — SourceCodester Sales and Inventory System HTTP POST Request view_category.php sql injecti…

A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This impacts an unknown function of the file /view_category.php of the component HTTP POST Request Handler. This manip…

sales_and_inventory_system | Remote | Injection
Mar 23, 2026 Mar 23, 2026
Mar 23, 2026
Mar 23, 2026
6.5 MEDIUM
CVE-2026-4568 — SourceCodester Sales and Inventory System HTTP GET Request update_supplier.php sql inject…

A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown function of the file /update_supplier.php of the component HTTP GET Request Handler. The manipulati…

sales_and_inventory_system | Remote | Injection
Mar 23, 2026 Mar 23, 2026
Mar 23, 2026
Mar 23, 2026
10.0 HIGH
CVE-2026-4567 — Tenda A15 UploadCfg stack-based overflow

A vulnerability has been found in Tenda A15 15.13.07.13. The impacted element is the function UploadCfg of the file /cgi-bin/UploadCfg. The manipulation of the argument File leads to stack-based buff…

a15_firmware | Remote | Memory Corruption
Mar 23, 2026 Mar 23, 2026
Mar 23, 2026
Mar 23, 2026
9.0 HIGH
CVE-2026-4566 — Belkin F9K1122 formWISP5G stack-based overflow

A flaw has been found in Belkin F9K1122 1.00.33. The affected element is the function formWISP5G of the file /goform/formWISP5G. Executing a manipulation of the argument webpage can lead to stack-bas…

f9k1122_firmware | Remote | Memory Corruption
Mar 23, 2026 Mar 23, 2026
Mar 23, 2026
Mar 23, 2026
10.0 CRITICAL
CVE-2026-4606 — GeoVision ERM Improper Privilege Assignment Leads to SYSTEM-Level Privilege

GV Edge Recording Manager (ERM) v2.3.1 improperly runs application components with SYSTEM-level privileges, allowing any local user to gain full control of the operating system.  During installation…

Remote | Authentication
Mar 23, 2026 Mar 23, 2026
Mar 23, 2026
Mar 23, 2026
9.0 HIGH
CVE-2026-4565 — Tenda AC21 SetNetControlList formSetQosBand buffer overflow

A vulnerability was detected in Tenda AC21 16.03.08.16. Impacted is the function formSetQosBand of the file /goform/SetNetControlList. Performing a manipulation of the argument list results in buffer…

ac21_firmware | Remote | Memory Corruption
Mar 23, 2026 Mar 23, 2026
Mar 23, 2026
Mar 23, 2026
5.8 MEDIUM
CVE-2026-4564 — yangzongzhuan RuoYi Quartz Job job code injection

A security vulnerability has been detected in yangzongzhuan RuoYi up to 4.8.2. This issue affects some unknown processing of the file /monitor/job/ of the component Quartz Job Handler. Such manipulat…

ruoyi | Remote | Injection
Mar 23, 2026 Mar 23, 2026
Mar 23, 2026
Mar 23, 2026
5.3 MEDIUM
CVE-2026-4563 — MacCMS Member Order Detail User.php order_info authorization

A weakness has been identified in MacCMS up to 2025.1000.4052. This vulnerability affects the function order_info of the file application/index/controller/User.php of the component Member Order Detai…

maccms | Remote | Authorization
Mar 23, 2026 Mar 23, 2026
Mar 23, 2026
Mar 23, 2026
7.5 HIGH
CVE-2026-4562 — MacCMS Timming API Endpoint Timming.php weak authentication

A security flaw has been discovered in MacCMS 2025.1000.4052. This affects an unknown part of the file application/api/controller/Timming.php of the component Timming API Endpoint. The manipulation r…

maccms | Remote | Authentication
Mar 23, 2026 Mar 23, 2026
Mar 23, 2026
Mar 23, 2026
7.5 HIGH
CVE-2026-2580 — WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters <= 4…

The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up …

Remote | Injection
Mar 23, 2026 Mar 23, 2026
Mar 23, 2026
Mar 23, 2026
9.0 HIGH
CVE-2026-4558 — Linksys MR9600 SmartConnect.lua smartConnectConfigure os command injection

A flaw has been found in Linksys MR9600 2.0.6.206937. Affected is the function smartConnectConfigure of the file SmartConnect.lua. Executing a manipulation of the argument configApSsid/configApPassph…

mr9600_firmware | Remote | Injection
Mar 22, 2026 Mar 22, 2026
Mar 22, 2026
Mar 22, 2026
5.3 MEDIUM
CVE-2026-4557 — code-projects Exam Form Submission update_s1.php cross site scripting

A vulnerability was detected in code-projects Exam Form Submission 1.0. This impacts an unknown function of the file /admin/update_s1.php. Performing a manipulation of the argument sname results in c…

exam_form_submission | Remote | Cross-Site Scripting
Mar 22, 2026 Mar 22, 2026
Mar 22, 2026
Mar 22, 2026
9.0 HIGH
CVE-2026-4555 — D-Link DIR-513 boa formEasySetTimezone memory corruption

A weakness has been identified in D-Link DIR-513 1.10. The impacted element is the function formEasySetTimezone of the file /goform/formEasySetTimezone of the component boa. This manipulation of the …

dir-513_firmware | Remote | Memory Corruption
Mar 22, 2026 Mar 22, 2026
Mar 22, 2026
Mar 22, 2026
6.5 MEDIUM
CVE-2026-4554 — Tenda F453 WriteFacMac FormWriteFacMac privilege escalation

A security flaw has been discovered in Tenda F453 1.0.0.3. The affected element is the function FormWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac results in comman…

f453_firmware | Remote | Injection
Mar 22, 2026 Mar 22, 2026
Mar 22, 2026
Mar 22, 2026
5.9 MEDIUM
CVE-2026-33319 — AVideo Vulnerable to OS Command Injection via Unescaped URL in LinkedIn Video Upload Shel…

WWBN AVideo is an open source video platform. Prior to version 26.0, the `uploadVideoToLinkedIn()` method in the SocialMediaPublisher plugin constructs a shell command by directly interpolating an up…

avideo | Remote | Injection
Mar 22, 2026 Mar 22, 2026
Mar 22, 2026
Mar 22, 2026
2.1 LOW
CVE-2026-33296 — AVideo has an Open Redirect via Unvalidated redirectUri in userLogin.php

WWBN AVideo is an open source video platform. Prior to version 26.0, WWBN/AVideo contains an open redirect vulnerability in the login flow where a user-supplied redirectUri parameter is reflected dir…

avideo | Remote | Misconfiguration
Mar 22, 2026 Mar 22, 2026
Mar 22, 2026
Mar 22, 2026
8.2 HIGH
CVE-2026-33295 — AVideo Vulnerable to Stored XSS via Unescaped Video Title in CDN downloadButtons.php

WWBN AVideo is an open source video platform. Prior to version 26.0, WWBN/AVideo contains a stored cross-site scripting vulnerability in the CDN plugin's download buttons component. The `clean_title`…

avideo | Remote | Cross-Site Scripting
Mar 22, 2026 Mar 22, 2026
Mar 22, 2026
Mar 22, 2026
5.0 MEDIUM
CVE-2026-33294 — AVideo has SSRF in BulkEmbed Thumbnail Fetch that Allows Reading Internal Network Resourc…

WWBN AVideo is an open source video platform. Prior to version 26.0, the BulkEmbed plugin's save endpoint (`plugin/BulkEmbed/save.json.php`) fetches user-supplied thumbnail URLs via `url_get_contents…

avideo | Remote | Server-Side Request Forgery
Mar 22, 2026 Mar 22, 2026
Mar 22, 2026
Mar 22, 2026
Showing 20 of 5202 Results