Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
8.8 HIGH
CVE-2021-47935 — Sentry 8.2.0 Remote Code Execution via Pickle Deserialization

Sentry 8.2.0 contains a remote code execution vulnerability that allows authenticated superusers to execute arbitrary commands by injecting malicious pickle-serialized objects through the audit log e…

Remote | Injection
May 10, 2026 May 10, 2026
May 10, 2026
May 10, 2026
9.8 CRITICAL
CVE-2021-47933 — WordPress MStore API 2.0.6 Arbitrary File Upload

WordPress MStore API 2.0.6 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the REST API endpoint. Attackers…

Remote | Authentication
May 10, 2026 May 10, 2026
May 10, 2026
May 10, 2026
9.8 CRITICAL
CVE-2021-47932 — WordPress TheCartPress 1.5.3.6 Privilege Escalation Unauthenticated

WordPress TheCartPress 1.5.3.6 contains an unauthenticated privilege escalation vulnerability that allows attackers to create administrator accounts by submitting crafted requests to the AJAX handler…

Remote | Authentication
May 10, 2026 May 10, 2026
May 10, 2026
May 10, 2026
6.4 MEDIUM
CVE-2021-47931 — Exponent CMS 2.6 Multiple Vulnerabilities Stored XSS Authentication

Exponent CMS 2.6 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Title and Text Block parameters in the text editing e…

Remote | Cross-Site Scripting
May 10, 2026 May 10, 2026
May 10, 2026
May 10, 2026
8.8 HIGH
CVE-2021-47930 — Balbooa Joomla Forms Builder 2.0.6 SQL Injection Unauthenticated

Balbooa Joomla Forms Builder 2.0.6 contains an unauthenticated SQL injection vulnerability in the form submission handler that allows remote attackers to execute arbitrary SQL queries. Attackers can …

Remote | Injection
May 10, 2026 May 10, 2026
May 10, 2026
May 10, 2026
6.4 MEDIUM
CVE-2021-47929 — WordPress Plugin Filterable Portfolio Gallery 1.0 Stored XSS

Filterable Portfolio Gallery 1.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by entering payloads in the title field. Attac…

Remote | Cross-Site Scripting
May 10, 2026 May 10, 2026
May 10, 2026
May 10, 2026
8.8 HIGH
CVE-2021-47928 — Opencart TMD Vendor System 3.x Blind SQL Injection via product route

Opencart TMD Vendor System 3.x contains a blind SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the product_id paramete…

Remote | Injection
May 10, 2026 May 10, 2026
May 10, 2026
May 10, 2026
6.4 MEDIUM
CVE-2021-47927 — WordPress Plugin WP Symposium Pro 2021.10 Stored XSS via wps_admin_forum_add_name

WordPress Plugin WP Symposium Pro 2021.10 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by exploiting insufficient sanitization …

Remote | Cross-Site Scripting
May 10, 2026 May 10, 2026
May 10, 2026
May 10, 2026
6.4 MEDIUM
CVE-2021-47926 — WordPress Contact Form to Email 1.3.24 Stored XSS

Contact Form to Email 1.3.24 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by creating forms with script tags in the form name f…

Remote | Cross-Site Scripting
May 10, 2026 May 10, 2026
May 10, 2026
May 10, 2026
6.4 MEDIUM
CVE-2021-47925 — CMDBuild 3.3.2 Multiple Stored Cross-Site Scripting

CMDBuild 3.3.2 contains multiple stored cross-site scripting vulnerabilities that allow authenticated attackers to inject arbitrary web script or HTML via crafted input in card creation and file uplo…

Remote | Cross-Site Scripting
May 10, 2026 May 10, 2026
May 10, 2026
May 10, 2026
6.4 MEDIUM
CVE-2021-47924 — WordPress Plugin Ultimate Product Catalog 5.8.2 Stored XSS via price

Ultimate Product Catalog 5.8.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the price parameter. Attackers can submit P…

Remote | Cross-Site Scripting
May 10, 2026 May 10, 2026
May 10, 2026
May 10, 2026
9.8 CRITICAL
CVE-2021-47923 — OpenCart 3.0.3.8 Session Fixation via OCSESSID Cookie

OpenCart 3.0.3.8 contains a session fixation vulnerability that allows attackers to hijack user sessions by injecting arbitrary values into the OCSESSID cookie. Attackers can set malicious OCSESSID c…

Remote | Authentication
May 10, 2026 May 10, 2026
May 10, 2026
May 10, 2026
6.4 MEDIUM
CVE-2021-47922 — WordPress Plugin Slider by Soliloquy 2.6.2 Stored XSS

Slider by Soliloquy 2.6.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the title parameter. Attackers can add JavaScrip…

Remote | Cross-Site Scripting
May 10, 2026 May 10, 2026
May 10, 2026
May 10, 2026
6.4 MEDIUM
CVE-2021-47910 — WordPress Plugin AccessPress Social Icons 1.8.2 Stored XSS

AccessPress Social Icons 1.8.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by entering JavaScript payloads into the 'icon titl…

Remote | Cross-Site Scripting
May 10, 2026 May 10, 2026
May 10, 2026
May 10, 2026
6.4 MEDIUM
CVE-2021-47907 — Rocket LMS 1.1 Persistent Cross-Site Scripting via Support Tickets

Rocket LMS 1.1 contains a persistent cross-site scripting vulnerability in the support ticket module that allows authenticated users to inject malicious script code through the title parameter. Attac…

Remote | Cross-Site Scripting
May 10, 2026 May 10, 2026
May 10, 2026
May 10, 2026
5.5 MEDIUM
CVE-2026-8244 — Industrial Application Software IAS Canias ERP Login RMI improper authentication

A vulnerability was identified in Industrial Application Software IAS Canias ERP 8.03. This impacts an unknown function of the component Login RMI Interface. The manipulation of the argument clientVe…

Remote | Authentication
May 10, 2026 May 10, 2026
May 10, 2026
May 10, 2026
6.9 MEDIUM
CVE-2026-8243 — Industrial Application Software IAS Canias ERP JNLP Deployment Endpoint hard-coded key

A vulnerability was determined in Industrial Application Software IAS Canias ERP 8.03. This affects an unknown function of the component JNLP Deployment Endpoint. Executing a manipulation can lead to…

Remote | Cryptography
May 10, 2026 May 10, 2026
May 10, 2026
May 10, 2026
3.7 LOW
CVE-2026-8242 — Industrial Application Software IAS Canias ERP Login RMI doAction response discrepancy

A vulnerability was found in Industrial Application Software IAS Canias ERP 8.03. The impacted element is the function doAction of the component Login RMI Interface. Performing a manipulation results…

Remote | Information Disclosure
May 10, 2026 May 10, 2026
May 10, 2026
May 10, 2026
5.5 MEDIUM
CVE-2026-8241 — Industrial Application Software IAS Canias ERP RMI iasGetServerInfoEvent improper authori…

A vulnerability has been found in Industrial Application Software IAS Canias ERP 8.03. The affected element is the function iasGetServerInfoEvent of the component RMI Interface. Such manipulation lea…

Remote | Authorization
May 10, 2026 May 10, 2026
May 10, 2026
May 10, 2026
5.5 MEDIUM
CVE-2026-8235 — 8421bit MiniClaw System kernel.ts resolveSkillScriptPath os command injection

A vulnerability was detected in 8421bit MiniClaw 0.8.0/0.9.0. This issue affects the function resolveSkillScriptPath of the file src/kernel.ts of the component System Command Handler. The manipulatio…

| Injection
May 10, 2026 May 10, 2026
May 10, 2026
May 10, 2026
Showing 20 of 5593 Results