Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
7.1 HIGH
CVE-2020-37112 — GUnet OpenEclass 1.7.3 E-learning platform - 'month' SQL Injection

GUnet OpenEclass 1.7.3 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through unvalidated parameters. Attackers can exploit the 'mon…

open_eclass_platform openeclass | Remote | Injection
Feb 03, 2026 Feb 12, 2026
Feb 03, 2026
Feb 12, 2026
6.1 MEDIUM
CVE-2020-37111 — 60CycleCMS 2.5.2 - 'news.php' Cross-site Scripting (XSS) Vulnerability

60CycleCMS 2.5.2 contains a cross-site scripting (XSS) vulnerability in news.php that allows attackers to inject malicious scripts through GET parameters. Attackers can craft malicious URLs with XSS …

60cyclecms 60cyclecms | Remote | Cross-Site Scripting
Feb 03, 2026 Feb 18, 2026
Feb 03, 2026
Feb 18, 2026
9.8 CRITICAL
CVE-2020-37110 — 60CycleCMS 2.5.2 - 'news.php' SQL Injection Vulnerability

60CycleCMS 2.5.2 contains an SQL injection vulnerability in news.php and common/lib.php that allows attackers to manipulate database queries through unvalidated user input. Attackers can exploit vuln…

60cyclecms 60cyclecms | Remote | Injection
Feb 03, 2026 Feb 18, 2026
Feb 03, 2026
Feb 18, 2026
7.1 HIGH
CVE-2020-37108 — PhpIX 2012 Professional - 'id' SQL Injection

PhpIX 2012 Professional contains a SQL injection vulnerability in the 'id' parameter of product_detail.php that allows remote attackers to manipulate database queries. Attackers can inject malicious …

Remote | Injection
Feb 03, 2026 Feb 04, 2026
Feb 03, 2026
Feb 04, 2026
7.1 HIGH
CVE-2020-37105 — PMB 5.6 - 'logid' SQL Injection

PMB 5.6 contains a SQL injection vulnerability in the administration download script that allows authenticated attackers to execute arbitrary SQL commands through the 'logid' parameter. Attackers can…

pmb | Remote | Injection
Feb 03, 2026 Feb 04, 2026
Feb 03, 2026
Feb 04, 2026
6.4 MEDIUM
CVE-2020-37103 — DotNetNuke 9.5 - Persistent Cross-Site Scripting

DotNetNuke 9.5 contains a persistent cross-site scripting vulnerability that allows normal users to upload malicious XML files with executable scripts through journal tools. Attackers can upload XML …

dotnetnuke | Remote | Cross-Site Scripting
Feb 03, 2026 Feb 09, 2026
Feb 03, 2026
Feb 09, 2026
6.4 MEDIUM
CVE-2019-25265 — Online Inventory Manager 3.2 - Persistent Cross-Site Scripting

Online Inventory Manager 3.2 contains a stored cross-site scripting vulnerability in the group description field of the admin edit groups section. Attackers can inject malicious JavaScript through th…

online_invoicing_system | Remote | Cross-Site Scripting
Feb 03, 2026 Feb 04, 2026
Feb 03, 2026
Feb 04, 2026
6.4 MEDIUM
CVE-2019-25264 — Snipe-IT Open Source Asset Management 4.7.5 - Persistent Cross-Site Scripting

Snipe-IT 4.7.5 contains a persistent cross-site scripting vulnerability that allows authorized users to upload malicious SVG files with embedded JavaScript. Attackers can craft SVG files with script …

Remote | Cross-Site Scripting
Feb 03, 2026 Feb 04, 2026
Feb 03, 2026
Feb 04, 2026
6.4 MEDIUM
CVE-2019-25263 — Zendesk App SweetHawk Survey 1.6 - Persistent Cross-Site Scripting

Zendesk SweetHawk Survey 1.6 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through support ticket submissions. Attackers can insert XSS pa…

Remote | Cross-Site Scripting
Feb 03, 2026 Feb 04, 2026
Feb 03, 2026
Feb 04, 2026
9.6 CRITICAL
CVE-2026-1568 — Rapid7 InsightVM Signature Validation Vulnerability

Rapid7 InsightVM versions before 8.34.0 contain a signature verification issue on the Assertion Consumer Service (ACS) cloud endpoint that could allow an attacker to gain unauthorized access to Insig…

Remote | Authentication
Feb 03, 2026 Feb 04, 2026
Feb 03, 2026
Feb 04, 2026
Showing 20 of 5210 Results