Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
6.9 MEDIUM
CVE-2022-50956 — WordPress Plugin amministrazione-aperta 3.7.3 Local File Read

WordPress Plugin amministrazione-aperta 3.7.3 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting insufficient input validation in the…

| Path Traversal
May 10, 2026 May 10, 2026
May 10, 2026
May 10, 2026
5.3 MEDIUM
CVE-2022-50955 — WordPress Plugin Curtain 1.0.2 Cross-site Request Forgery

WordPress Plugin Curtain 1.0.2 contains a cross-site request forgery vulnerability that allows attackers to activate or deactivate site maintenance mode by crafting malicious requests. Attackers can …

curtain | Remote | Cross-Site Request Forgery
May 10, 2026 May 10, 2026
May 10, 2026
May 10, 2026
6.9 MEDIUM
CVE-2022-50954 — WordPress Plugin cab-fare-calculator 1.0.3 Local File Inclusion

WordPress Plugin cab-fare-calculator 1.0.3 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the controller parameter in tbli…

cab_fare_calculator | Path Traversal
May 10, 2026 May 10, 2026
May 10, 2026
May 10, 2026
6.4 MEDIUM
CVE-2022-50949 — WordPress Plugin Videos sync PDF 1.7.4 Stored XSS

WordPress Plugin Videos sync PDF 1.7.4 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by exploiting unsanitized nom, pdf, mp4, we…

Remote | Cross-Site Scripting
May 10, 2026 May 10, 2026
May 10, 2026
May 10, 2026
6.4 MEDIUM
CVE-2022-50948 — Motopress Hotel Booking Lite 4.2.4 Stored Cross-Site Scripting

Motopress Hotel Booking Lite 4.2.4 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting payloads in accommodation type fi…

hotel_booking_lite | Remote | Cross-Site Scripting
May 10, 2026 May 10, 2026
May 10, 2026
May 10, 2026
6.4 MEDIUM
CVE-2022-50947 — WordPress Plugin Testimonial Slider and Showcase 2.2.6 Stored XSS

WordPress Plugin Testimonial Slider and Showcase 2.2.6 contains a stored cross-site scripting vulnerability that allows authenticated editors to inject malicious scripts by failing to sanitize the po…

testimonial_slider_and_showcase | Remote | Cross-Site Scripting
May 10, 2026 May 10, 2026
May 10, 2026
May 10, 2026
6.4 MEDIUM
CVE-2022-50946 — WordPress Plugin Netroics Blog Posts Grid 1.0 Stored XSS

WordPress Plugin Netroics Blog Posts Grid 1.0 contains a stored cross-site scripting vulnerability that allows authenticated editors to inject malicious scripts by failing to sanitize the post_title …

Remote | Cross-Site Scripting
May 10, 2026 May 10, 2026
May 10, 2026
May 10, 2026
6.4 MEDIUM
CVE-2022-50945 — WordPress 3dady Real-Time Web Stats 1.0 Stored XSS

WordPress 3dady real-time web stats plugin 1.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by exploiting unsanitized input …

Remote | Cross-Site Scripting
May 10, 2026 May 10, 2026
May 10, 2026
May 10, 2026
8.8 HIGH
CVE-2022-50944 — Aero CMS 0.0.1 PHP Code Injection via posts.php

Aero CMS 0.0.1 contains a PHP code injection vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious files through the image parameter. Attackers can up…

aerocms | Remote | Injection
May 10, 2026 May 10, 2026
May 10, 2026
May 10, 2026
6.1 MEDIUM
CVE-2022-50943 — Moodle LMS 4.0 Cross-Site Scripting via course search.php

Moodle LMS 4.0 contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting payloads through the search parameter. Attackers can injec…

Remote | Cross-Site Scripting
May 10, 2026 May 10, 2026
May 10, 2026
May 10, 2026
5.3 MEDIUM
CVE-2021-47953 — OpenCart 3.0.3.7 Cross-Site Request Forgery via account/password

OpenCart 3.0.3.7 contains a cross-site request forgery vulnerability that allows attackers to change user passwords by sending crafted requests to the account/password endpoint. Attackers can trick a…

opencart | Remote | Cross-Site Request Forgery
May 10, 2026 May 10, 2026
May 10, 2026
May 10, 2026
6.4 MEDIUM
CVE-2021-47951 — WordPress Picture Gallery 1.4.2 Stored XSS via Edit Content URL

WordPress Picture Gallery 1.4.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Edit Content URL field in the Access C…

picture_gallery | Remote | Cross-Site Scripting
May 10, 2026 May 10, 2026
May 10, 2026
May 10, 2026
6.4 MEDIUM
CVE-2021-47950 — Advanced Guestbook 2.4.4 Persistent XSS via Smilies

Advanced Guestbook 2.4.4 contains a persistent cross-site scripting vulnerability in the smilies administration interface that allows authenticated attackers to inject malicious scripts by manipulati…

Remote | Cross-Site Scripting
May 10, 2026 May 10, 2026
May 10, 2026
May 10, 2026
8.8 HIGH
CVE-2021-47949 — CyberPanel 2.1 Authenticated Remote Code Execution via Symlink Attack

CyberPanel 2.1 contains a command execution vulnerability that allows authenticated attackers to read arbitrary files and execute remote code by exploiting symlink attacks through the filemanager con…

cyberpanel | Remote | Path Traversal
May 10, 2026 May 10, 2026
May 10, 2026
May 10, 2026
5.4 MEDIUM
CVE-2021-47948 — WordPress GetPaid Plugin 2.4.6 HTML Injection via Help Text

WordPress GetPaid Plugin 2.4.6 contains an HTML injection vulnerability that allows authenticated attackers to inject arbitrary HTML code by exploiting the Help Text field in payment forms. Attackers…

Remote | Injection
May 10, 2026 May 10, 2026
May 10, 2026
May 10, 2026
6.4 MEDIUM
CVE-2021-47947 — Projectsend r1295 Stored Cross-Site Scripting via files-edit.php

Projectsend r1295 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input in the 'name' parameter of files-edi…

projectsend | Remote | Cross-Site Scripting
May 10, 2026 May 10, 2026
May 10, 2026
May 10, 2026
6.9 MEDIUM
CVE-2021-47946 — OpenCart 3.0.36 Account Takeover via Cross Site Request Forgery

OpenCart 3.0.36 contains a cross-site request forgery vulnerability in the /account/edit endpoint that allows unauthenticated attackers to modify victim account details by tricking users into visitin…

opencart | Remote | Cross-Site Request Forgery
May 10, 2026 May 10, 2026
May 10, 2026
May 10, 2026
8.5 HIGH
CVE-2021-47945 — Argus Surveillance DVR 4.0 Unquoted Service Path Privilege Escalation

Argus Surveillance DVR 4.0 contains an unquoted service path vulnerability in the DVRWatchdog service that allows local attackers to escalate privileges by exploiting the service binary path. Attacke…

| Misconfiguration
May 10, 2026 May 10, 2026
May 10, 2026
May 10, 2026
8.7 HIGH
CVE-2021-47944 — memono Notepad 4.2 Denial of Service via Buffer Overflow

memono Notepad 4.2 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character buffers into note fields. Attackers can generate a p…

Remote | Denial of Service
May 10, 2026 May 10, 2026
May 10, 2026
May 10, 2026
8.8 HIGH
CVE-2021-47943 — TextPattern CMS 4.8.7 Remote Code Execution via File Upload

TextPattern CMS 4.8.7 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by uploading malicious PHP files through the file upload functio…

textpattern | Remote | Misconfiguration
May 10, 2026 May 10, 2026
May 10, 2026
May 10, 2026
Showing 20 of 5469 Results