Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
8.8 HIGH
CVE-2021-47976 — TextPattern CMS 4.9.0-dev Authenticated Remote Code Execution via Plugin Upload

TextPattern CMS 4.9.0-dev contains a remote code execution vulnerability that allows authenticated attackers to upload arbitrary PHP files by exploiting the plugin upload functionality. Attackers can…

Remote | Authentication
May 16, 2026 May 16, 2026
May 16, 2026
May 16, 2026
7.2 HIGH
CVE-2021-47975 — WordPress Plugin WP Learn Manager 1.1.2 Stored XSS

WP Learn Manager 1.1.2 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the fieldtitle parameter. Attackers can submit PO…

Remote | Cross-Site Scripting
May 16, 2026 May 16, 2026
May 16, 2026
May 16, 2026
8.5 HIGH
CVE-2021-47974 — VX Search 13.5.28 Unquoted Service Path Privilege Escalation

VX Search 13.5.28 contains an unquoted service path vulnerability in both VX Search Server and VX Search Enterprise services that allows local attackers to escalate privileges. Attackers can place ma…

| Misconfiguration
May 16, 2026 May 16, 2026
May 16, 2026
May 16, 2026
8.7 HIGH
CVE-2021-47973 — Sticky Notes Widget 3.0.6 Denial of Service via Buffer Overflow

Sticky Notes Widget 3.0.6 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note fields. Attackers can gener…

Remote | Denial of Service
May 16, 2026 May 16, 2026
May 16, 2026
May 16, 2026
8.7 HIGH
CVE-2021-47972 — Sticky Notes & Color Widgets 1.4.2 Denial of Service

Sticky Notes & Color Widgets 1.4.2 contains a denial of service vulnerability that allows attackers to crash the application by creating notes with excessively long character strings. Attackers can p…

Remote | Denial of Service
May 16, 2026 May 16, 2026
May 16, 2026
May 16, 2026
8.7 HIGH
CVE-2021-47971 — My Notes Safe 5.3 Denial of Service via Buffer Overflow

My Notes Safe 5.3 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note fields. Attackers can generate a pa…

Remote | Denial of Service
May 16, 2026 May 16, 2026
May 16, 2026
May 16, 2026
8.7 HIGH
CVE-2021-47970 — Macaron Notes 5.5 Denial of Service via Buffer Overflow

Macaron Notes 5.5 contains a denial of service vulnerability that allows attackers to crash the application by creating notes with excessively long character strings. Attackers can generate a payload…

Remote | Denial of Service
May 16, 2026 May 16, 2026
May 16, 2026
May 16, 2026
8.7 HIGH
CVE-2021-47969 — Color Notes 1.4 Denial of Service via Long Character String

Color Notes 1.4 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note fields. Attackers can generate a payl…

Remote | Denial of Service
May 16, 2026 May 16, 2026
May 16, 2026
May 16, 2026
6.4 MEDIUM
CVE-2021-47957 — WordPress Plugin Cookie Law Bar 1.2.1 Stored XSS via clb_bar_msg

Cookie Law Bar 1.2.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting unsanitized input to the Bar Message field. Att…

Remote | Cross-Site Scripting
May 16, 2026 May 16, 2026
May 16, 2026
May 16, 2026
8.8 HIGH
CVE-2021-47956 — EgavilanMedia PHPCRUD 1.0 SQL Injection via firstname

EgavilanMedia PHPCRUD 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the firstname parameter. Attackers…

Remote | Injection
May 16, 2026 May 16, 2026
May 16, 2026
May 16, 2026
5.4 MEDIUM
CVE-2021-47955 — CouchCMS 2.2.1 Cross-Site Scripting via SVG File Upload

CouchCMS 2.2.1 contains a cross-site scripting vulnerability that allows authenticated attackers to execute arbitrary JavaScript by uploading malicious SVG files through the file upload functionality…

Remote | Cross-Site Scripting
May 16, 2026 May 16, 2026
May 16, 2026
May 16, 2026
8.8 HIGH
CVE-2021-47954 — LayerBB 1.1.4 SQL Injection via search_query Parameter

LayerBB 1.1.4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the search_query parameter. Attackers can send…

Remote | Injection
May 16, 2026 May 16, 2026
May 16, 2026
May 16, 2026
9.8 CRITICAL
CVE-2021-47952 — python jsonpickle 2.0.0 Remote Code Execution via py/repr

python jsonpickle 2.0.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary Python commands by deserializing malicious JSON payloads containing py/repr objects. …

Remote | Injection
May 16, 2026 May 16, 2026
May 16, 2026
May 16, 2026
8.7 HIGH
CVE-2021-47942 — Home Assistant Community Store 1.10.0 Path Traversal Account Takeover

Home Assistant Community Store (HACS) 1.10.0 contains a path traversal vulnerability that allows unauthenticated attackers to read sensitive files by traversing directories via the /hacsfiles/ endpoi…

Remote | Path Traversal
May 16, 2026 May 16, 2026
May 16, 2026
May 16, 2026
6.9 MEDIUM
CVE-2021-47934 — MyBB Timeline Plugin 1.0 Cross-Site Scripting and CSRF

MyBB Timeline Plugin 1.0 contains cross-site scripting vulnerabilities that allow attackers to inject malicious scripts through thread titles, post content, and user profile fields like Location and …

Remote | Cross-Site Scripting
May 16, 2026 May 16, 2026
May 16, 2026
May 16, 2026
8.5 HIGH
CVE-2020-37247 — Kite 4.2.0.1 U1 Unquoted Service Path Privilege Escalation

Kite 4.2.0.1 U1 contains an unquoted service path vulnerability in the KiteService Windows service that allows local attackers to escalate privileges by exploiting the service binary path. Attackers …

| Misconfiguration
May 16, 2026 May 16, 2026
May 16, 2026
May 16, 2026
6.9 MEDIUM
CVE-2020-37246 — WordPress Plugin Supsystic Backup 2.3.9 Local File Inclusion

Supsystic Backup 2.3.9 contains a local file inclusion vulnerability that allows unauthenticated attackers to read and delete arbitrary files by manipulating the download path parameter. Attackers ca…

| Path Traversal
May 16, 2026 May 16, 2026
May 16, 2026
May 16, 2026
8.7 HIGH
CVE-2020-37245 — WordPress Plugin Supsystic Digital Publications 1.6.9 Path Traversal XSS

Supsystic Digital Publications 1.6.9 contains a path traversal vulnerability in the Folder input field that allows attackers to access files outside the web root by injecting directory traversal sequ…

Remote | Path Traversal
May 16, 2026 May 16, 2026
May 16, 2026
May 16, 2026
8.8 HIGH
CVE-2020-37244 — WordPress Plugin Supsystic Membership 1.4.7 SQL Injection via sidx

Supsystic Membership 1.4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'search' and 'sidx' p…

Remote | Injection
May 16, 2026 May 16, 2026
May 16, 2026
May 16, 2026
8.8 HIGH
CVE-2020-37243 — WordPress Plugin Supsystic Pricing Table 1.8.7 SQL Injection XSS

Supsystic Pricing Table 1.8.7 contains an SQL injection vulnerability in the 'sidx' GET parameter that allows unauthenticated attackers to execute arbitrary SQL queries through the getListForTbl acti…

Remote | Injection
May 16, 2026 May 16, 2026
May 16, 2026
May 16, 2026
Showing 20 of 6220 Results