Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
9.8 CRITICAL
CVE-2024-58348 — WordPress Background Image Cropper 1.2 Remote Code Execution

WordPress Background Image Cropper version 1.2 contains a remote code execution vulnerability that allows unauthenticated attackers to upload arbitrary files by accessing the ups.php endpoint. Attack…

Remote | Injection
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
9.8 CRITICAL
CVE-2023-54352 — WordPress Seotheme Remote Code Execution Unauthenticated

WordPress Seotheme contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by uploading malicious files to the theme directory. Attackers ca…

Remote | Misconfiguration
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
7.2 HIGH
CVE-2023-54351 — WordPress Sonaar Music Plugin 4.7 Stored XSS via Comments

WordPress Sonaar Music Plugin 4.7 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the comment functionality. Attackers c…

Remote | Cross-Site Scripting
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
8.7 HIGH
CVE-2023-54350 — WordPress Augmented-Reality Plugin Remote Code Execution Unauthenticated

WordPress Augmented-Reality plugin contains a remote code execution vulnerability in the elFinder connector that allows unauthenticated attackers to upload and execute arbitrary PHP files. Attackers …

ar | Remote | Injection
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
6.9 MEDIUM
CVE-2022-50953 — WordPress Plugin admin-word-count-column 2.2 Local File Read

WordPress Plugin admin-word-count-column 2.2 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting null byte injection in the path param…

| Path Traversal
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
6.4 MEDIUM
CVE-2021-47984 — WordPress Plugin WP24 Domain Check 1.6.2 Stored XSS

WordPress Plugin WP24 Domain Check 1.6.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the fieldn…

Remote | Cross-Site Scripting
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
6.4 MEDIUM
CVE-2021-47983 — WordPress Plugin Stripe Payments 2.0.39 Stored XSS via currency_code

WordPress Plugin Stripe Payments 2.0.39 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the AcceptStripePayments-settings[…

Remote | Cross-Site Scripting
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
6.4 MEDIUM
CVE-2021-47982 — WordPress Plugin WP-Paginate 2.1.3 Stored XSS via preset

WordPress Plugin WP-Paginate 2.1.3 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by manipulating the preset parameter. Attackers…

wp-paginate | Remote | Cross-Site Scripting
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
7.5 HIGH
CVE-2026-11474 — Kushan2k student-management-system Registration Endpoint RegisterService.php unrestricted…

A security flaw has been discovered in Kushan2k student-management-system up to f16a4ceaddd6729c4b306ed4641cda3176c1ef2a. Affected is an unknown function of the file service/RegisterService.php of th…

student-management-system | Remote | Misconfiguration
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
6.5 MEDIUM
CVE-2026-11473 — jflyfox jfinal_cms AdvicefeedbackController.java list sql injection

A vulnerability was identified in jflyfox jfinal_cms up to 5.1.0. This impacts the function list of the file AdvicefeedbackController.java. Such manipulation of the argument orderBy leads to sql inje…

jfinal_cms | Remote | Injection
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
7.5 HIGH
CVE-2026-11472 — SourceCodester Class and Exam Timetabling System index1.php sql injection

A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0. This affects an unknown function of the file /index1.php. This manipulation of the argument Password causes sql…

class_and_exam_timetabling_system | Remote | Injection
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
7.5 HIGH
CVE-2026-11471 — SourceCodester Class and Exam Timetabling System index2.php sql injection

A vulnerability was found in SourceCodester Class and Exam Timetabling System 1.0. The impacted element is an unknown function of the file /index2.php. The manipulation of the argument Password resul…

class_and_exam_timetabling_system | Remote | Injection
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
6.5 MEDIUM
CVE-2026-11470 — hs-web hsweb-framework File Upload FileUploadProperties.java denied path traversal

A vulnerability has been found in hs-web hsweb-framework up to 5.0.1. The affected element is the function denied of the file hsweb-system/hsweb-system-file/src/main/java/org/hswebframework/web/file/…

hsweb-framework | Remote | Path Traversal
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
5.8 MEDIUM
CVE-2026-11469 — jishenghua jshERP platformConfig Add Endpoint PlatformConfigService.java insertPlatformCo…

A flaw has been found in jishenghua jshERP up to 3.6. Impacted is the function insertPlatformConfig of the file jshERP-boot/src/main/java/com/jsh/erp/service/PlatformConfigService.java of the compone…

jsherp | Remote | Server-Side Request Forgery
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
3.3 LOW
CVE-2026-11468 — SourceCodester Hospitals Patient Records Management System page room_types cross site scr…

A vulnerability was detected in SourceCodester Hospitals Patient Records Management System 1.0. This issue affects some unknown processing of the file /admin/?page=room_types. Performing a manipulati…

hospitals_patient_records_management_system | Remote | Cross-Site Scripting
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
5.5 MEDIUM
CVE-2026-11467 — jishenghua jshERP addAccountHeadAndDetail Endpoint AccountHeadService.java path traversal

A security vulnerability has been detected in jishenghua jshERP up to 3.6. This vulnerability affects the function addAccountHeadAndDetail of the file jshERP-boot/src/main/java/com/jsh/erp/service/Ac…

jsherp | Remote | Path Traversal
Jun 08, 2026 Jun 08, 2026
Jun 08, 2026
Jun 08, 2026
5.5 MEDIUM
CVE-2026-11466 — zilliztech deep-searcher collection_router.py CollectionRouter.invoke access control

A weakness has been identified in zilliztech deep-searcher up to 0.0.2. This affects the function CollectionRouter.invoke of the file deepsearcher/agent/collection_router.py. This manipulation of the…

deep-searcher | Remote | Authorization
Jun 07, 2026 Jun 08, 2026
Jun 07, 2026
Jun 08, 2026
3.1 LOW
CVE-2026-11465 — songquanpeng one-api Redemption Code Top-Up Endpoint redemption.go Redeem logic error

A security flaw has been discovered in songquanpeng one-api up to 0.6.11-preview.7. Affected by this issue is the function Redeem of the file model/redemption.go of the component Redemption Code Top-…

one-api | Remote
Jun 07, 2026 Jun 08, 2026
Jun 07, 2026
Jun 08, 2026
3.1 LOW
CVE-2026-11464 — JeecgBoot User List Endpoint SysUserController.java queryPageList information disclosure

A vulnerability was identified in JeecgBoot up to 3.9.2. Affected by this vulnerability is the function queryPageList of the file src\main\java\org\jeecg\modules\system\controller\SysUserController.j…

jeecgboot | Remote | Information Disclosure
Jun 07, 2026 Jun 08, 2026
Jun 07, 2026
Jun 08, 2026
7.5 HIGH
CVE-2026-11463 — USCiLab Cereal Shared Pointer type confusion

A vulnerability was determined in USCiLab Cereal up to 1.3.2. Affected is an unknown function of the component Shared Pointer Handler. Executing a manipulation can lead to type confusion. The attack …

cereal | Remote | Memory Corruption
Jun 07, 2026 Jun 08, 2026
Jun 07, 2026
Jun 08, 2026
Showing 20 of 6833 Results