Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2021-47969 | HIGH | 7.5 | Color Notes 1.4 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note fields. … | May 16, 2026 |
| CVE-2021-47957 | MEDIUM | 6.4 | Cookie Law Bar 1.2.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting unsanitized input to the Bar … | May 16, 2026 |
| CVE-2021-47956 | HIGH | 8.2 | EgavilanMedia PHPCRUD 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the firstname parameter. Attackers … | May 16, 2026 |
| CVE-2021-47955 | MEDIUM | 5.4 | CouchCMS 2.2.1 contains a cross-site scripting vulnerability that allows authenticated attackers to execute arbitrary JavaScript by uploading malicious SVG files through the file upload functionality. … | May 16, 2026 |
| CVE-2021-47954 | HIGH | 8.2 | LayerBB 1.1.4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the search_query parameter. Attackers can … | May 16, 2026 |
| CVE-2021-47952 | CRITICAL | 9.8 | python jsonpickle 2.0.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary Python commands by deserializing malicious JSON payloads containing py/repr objects. … | May 16, 2026 |
| CVE-2021-47942 | HIGH | 7.5 | Home Assistant Community Store (HACS) 1.10.0 contains a path traversal vulnerability that allows unauthenticated attackers to read sensitive files by traversing directories via the /hacsfiles/ … | May 16, 2026 |
| CVE-2021-47934 | MEDIUM | 5.3 | MyBB Timeline Plugin 1.0 contains cross-site scripting vulnerabilities that allow attackers to inject malicious scripts through thread titles, post content, and user profile fields like … | May 16, 2026 |
| CVE-2020-37247 | HIGH | 7.8 | Kite 4.2.0.1 U1 contains an unquoted service path vulnerability in the KiteService Windows service that allows local attackers to escalate privileges by exploiting the service … | May 16, 2026 |
| CVE-2020-37246 | MEDIUM | 6.2 | Supsystic Backup 2.3.9 contains a local file inclusion vulnerability that allows unauthenticated attackers to read and delete arbitrary files by manipulating the download path parameter. … | May 16, 2026 |
| CVE-2020-37245 | HIGH | 7.5 | Supsystic Digital Publications 1.6.9 contains a path traversal vulnerability in the Folder input field that allows attackers to access files outside the web root by … | May 16, 2026 |
| CVE-2020-37244 | HIGH | 8.2 | Supsystic Membership 1.4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'search' and … | May 16, 2026 |
| CVE-2020-37243 | HIGH | 8.2 | Supsystic Pricing Table 1.8.7 contains an SQL injection vulnerability in the 'sidx' GET parameter that allows unauthenticated attackers to execute arbitrary SQL queries through the … | May 16, 2026 |
| CVE-2020-37242 | HIGH | 8.2 | Supsystic Ultimate Maps 1.1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'sidx' … | May 16, 2026 |
| CVE-2020-37241 | MEDIUM | 5.3 | bloofoxCMS 0.5.2.1 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious pages. Attackers can … | May 16, 2026 |
| CVE-2020-37240 | MEDIUM | 6.4 | Queue Management System 4.0.0 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through user creation fields. Attackers can insert … | May 16, 2026 |
| CVE-2020-37239 | CRITICAL | 9.8 | libbabl 0.1.62 contains a broken double free detection vulnerability that allows attackers to bypass memory safety checks by exploiting signature overwriting in freed chunks. Attackers … | May 16, 2026 |
| CVE-2020-37238 | MEDIUM | 6.4 | CMS Made Simple 2.2.15 contains a stored cross-site scripting vulnerability that allows authenticated users with Content Manager access to inject malicious scripts through SVG file … | May 16, 2026 |
| CVE-2020-37237 | MEDIUM | 6.4 | Composr CMS 10.0.34 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the banner management interface. Attackers with admin … | May 16, 2026 |
| CVE-2020-37236 | MEDIUM | 6.4 | NewsLister contains an authenticated persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the title parameter in the news addition interface. … | May 16, 2026 |
| CVE-2020-37235 | MEDIUM | 6.4 | WordPress Theme Wibar 1.1.8 contains a stored cross-site scripting vulnerability in the Brand component that allows authenticated users to inject malicious scripts by manipulating the … | May 16, 2026 |
| CVE-2020-37234 | MEDIUM | 6.2 | Internet Download Manager 6.38.12 contains a buffer overflow vulnerability in the Scheduler component that allows local attackers to crash the application by supplying oversized input. … | May 16, 2026 |
| CVE-2020-37233 | MEDIUM | 6.4 | WordPress Plugin Buddypress 6.2.0 contains a persistent cross-site scripting vulnerability that allows authenticated attackers with moderator privileges to inject malicious script code through the figure … | May 16, 2026 |
| CVE-2020-37232 | HIGH | 7.8 | Advanced System Care Service 13.0.0.157 contains an unquoted service path vulnerability in the AdvancedSystemCareService13 service binary path that allows local attackers to escalate privileges. Attackers … | May 16, 2026 |
| CVE-2020-37231 | HIGH | 7.8 | Privacy Drive 3.17.0 contains an unquoted service path vulnerability in the pdsvc.exe service binary that allows local attackers to escalate privileges by exploiting the service … | May 16, 2026 |