Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
6.1 MEDIUM
CVE-2020-37111 — 60CycleCMS 2.5.2 - 'news.php' Cross-site Scripting (XSS) Vulnerability

60CycleCMS 2.5.2 contains a cross-site scripting (XSS) vulnerability in news.php that allows attackers to inject malicious scripts through GET parameters. Attackers can craft malicious URLs with XSS …

60cyclecms 60cyclecms | Remote | Cross-Site Scripting
Feb 03, 2026 Feb 18, 2026
Feb 03, 2026
Feb 18, 2026
9.8 CRITICAL
CVE-2020-37110 — 60CycleCMS 2.5.2 - 'news.php' SQL Injection Vulnerability

60CycleCMS 2.5.2 contains an SQL injection vulnerability in news.php and common/lib.php that allows attackers to manipulate database queries through unvalidated user input. Attackers can exploit vuln…

60cyclecms 60cyclecms | Remote | Injection
Feb 03, 2026 Feb 18, 2026
Feb 03, 2026
Feb 18, 2026
7.1 HIGH
CVE-2020-37108 — PhpIX 2012 Professional - 'id' SQL Injection

PhpIX 2012 Professional contains a SQL injection vulnerability in the 'id' parameter of product_detail.php that allows remote attackers to manipulate database queries. Attackers can inject malicious …

Remote | Injection
Feb 03, 2026 Feb 04, 2026
Feb 03, 2026
Feb 04, 2026
7.1 HIGH
CVE-2020-37105 — PMB 5.6 - 'logid' SQL Injection

PMB 5.6 contains a SQL injection vulnerability in the administration download script that allows authenticated attackers to execute arbitrary SQL commands through the 'logid' parameter. Attackers can…

pmb | Remote | Injection
Feb 03, 2026 Feb 04, 2026
Feb 03, 2026
Feb 04, 2026
6.4 MEDIUM
CVE-2020-37103 — DotNetNuke 9.5 - Persistent Cross-Site Scripting

DotNetNuke 9.5 contains a persistent cross-site scripting vulnerability that allows normal users to upload malicious XML files with executable scripts through journal tools. Attackers can upload XML …

dotnetnuke | Remote | Cross-Site Scripting
Feb 03, 2026 Feb 09, 2026
Feb 03, 2026
Feb 09, 2026
6.4 MEDIUM
CVE-2019-25265 — Online Inventory Manager 3.2 - Persistent Cross-Site Scripting

Online Inventory Manager 3.2 contains a stored cross-site scripting vulnerability in the group description field of the admin edit groups section. Attackers can inject malicious JavaScript through th…

online_invoicing_system | Remote | Cross-Site Scripting
Feb 03, 2026 Feb 04, 2026
Feb 03, 2026
Feb 04, 2026
6.4 MEDIUM
CVE-2019-25264 — Snipe-IT Open Source Asset Management 4.7.5 - Persistent Cross-Site Scripting

Snipe-IT 4.7.5 contains a persistent cross-site scripting vulnerability that allows authorized users to upload malicious SVG files with embedded JavaScript. Attackers can craft SVG files with script …

Remote | Cross-Site Scripting
Feb 03, 2026 Feb 04, 2026
Feb 03, 2026
Feb 04, 2026
6.4 MEDIUM
CVE-2019-25263 — Zendesk App SweetHawk Survey 1.6 - Persistent Cross-Site Scripting

Zendesk SweetHawk Survey 1.6 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through support ticket submissions. Attackers can insert XSS pa…

Remote | Cross-Site Scripting
Feb 03, 2026 Feb 04, 2026
Feb 03, 2026
Feb 04, 2026
9.6 CRITICAL
CVE-2026-1568 — Rapid7 InsightVM Signature Validation Vulnerability

Rapid7 InsightVM versions before 8.34.0 contain a signature verification issue on the Assertion Consumer Service (ACS) cloud endpoint that could allow an attacker to gain unauthorized access to Insig…

Remote | Authentication
Feb 03, 2026 Feb 04, 2026
Feb 03, 2026
Feb 04, 2026
7.5 HIGH
CVE-2026-24762 — RustFS Logs Sensitive Credentials in Plaintext

RustFS is a distributed object storage system built in Rust. From versions alpha.13 to alpha.81, RustFS logs sensitive credential material (access key, secret key, session token) to application logs …

rustfs | Remote | Information Disclosure
Feb 03, 2026 Feb 23, 2026
Feb 03, 2026
Feb 23, 2026
4.9 MEDIUM
CVE-2026-23795 — Apache Syncope: Console XXE on Keymaster parameters

Improper Restriction of XML External Entity Reference vulnerability in Apache Syncope Console. An administrator with adequate entitlements to create or edit Keymaster parameters via Console can const…

syncope | Remote | XML External Entity
Feb 03, 2026 Feb 06, 2026
Feb 03, 2026
Feb 06, 2026
6.8 MEDIUM
CVE-2026-23794 — Apache Syncope: Reflected XSS on Enduser Login

Reflected XSS in Apache Syncope's Enduser Login page. An attacker that tricks a legitimate user into clicking a malicious link and logging in to Syncope Enduser could steal that user's credentials. …

syncope | Remote | Cross-Site Scripting
Feb 03, 2026 Feb 06, 2026
Feb 03, 2026
Feb 06, 2026
7.7 HIGH
CVE-2026-21862 — RustFS sourceIp bypass via spoofed X-Forwarded-For/Real-IP headers

RustFS is a distributed object storage system built in Rust. Prior to version alpha.78, IP-based access control can be bypassed: get_condition_values trusts client-supplied X-Forwarded-For/X-Real-Ip …

rustfs | Remote | Misconfiguration
Feb 03, 2026 Feb 23, 2026
Feb 03, 2026
Feb 23, 2026
6.5 MEDIUM
CVE-2026-25036 — WordPress Passster plugin <= 4.2.25 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Chill Passster content-protector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Passster: from n/a through <= 4.2…

Remote | Authorization
Feb 03, 2026 Feb 12, 2026
Feb 03, 2026
Feb 12, 2026
5.4 MEDIUM
CVE-2026-25028 — WordPress ElementInvader Addons for Elementor plugin <= 1.4.1 - Broken Access Control vul…

Missing Authorization vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.…

elementinvader_addons_for_elementor | Remote | Authorization
Feb 03, 2026 Feb 05, 2026
Feb 03, 2026
Feb 05, 2026
7.5 HIGH
CVE-2026-25027 — WordPress Unicamp theme <= 2.7.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Unicamp unicamp allows PHP Local File Inclusion.This issue affects U…

unicamp | Remote | Injection
Feb 03, 2026 Feb 04, 2026
Feb 03, 2026
Feb 04, 2026
5.4 MEDIUM
CVE-2026-25024 — WordPress ThirstyAffiliates plugin <= 3.11.9 - Cross Site Request Forgery (CSRF) vulnerab…

Cross-Site Request Forgery (CSRF) vulnerability in Blair Williams ThirstyAffiliates thirstyaffiliates allows Cross Site Request Forgery.This issue affects ThirstyAffiliates: from n/a through <= 3.11.…

thirstyaffiliates_affiliate_link_manager | Remote | Cross-Site Request Forgery
Feb 03, 2026 Feb 03, 2026
Feb 03, 2026
Feb 03, 2026
5.3 MEDIUM
CVE-2026-25023 — WordPress Run Contests, Raffles, and Giveaways with ContestsWP plugin <= 2.0.7 - Sensitiv…

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in mdedev Run Contests, Raffles, and Giveaways with ContestsWP contest-code-checker allows Retrieve Embedded S…

Remote | Information Disclosure
Feb 03, 2026 Feb 03, 2026
Feb 03, 2026
Feb 03, 2026
8.5 HIGH
CVE-2026-25022 — WordPress KiviCare plugin <= 3.6.16 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Blind SQL Injection.This issue af…

kivicare | Remote | Injection
Feb 03, 2026 Feb 03, 2026
Feb 03, 2026
Feb 03, 2026
5.4 MEDIUM
CVE-2026-25021 — WordPress Mizan Demo Importer plugin <= 0.1.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Mizan Themes Mizan Demo Importer mizan-demo-importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mizan Demo Impor…

Remote | Authorization
Feb 03, 2026 Feb 03, 2026
Feb 03, 2026
Feb 03, 2026
Showing 20 of 5252 Results