Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
13428
Total
886
Critical
3903
High
4235
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2018-25249 | MEDIUM | 6.4 | MyBB My Arcade Plugin 1.3 contains a persistent cross-site scripting vulnerability that allows authenticated users to inject malicious scripts through arcade game score comments. Attackers … | Apr 04, 2026 |
| CVE-2018-25248 | HIGH | 7.2 | MyBB Downloads Plugin 2.0.3 contains a persistent cross-site scripting vulnerability that allows regular members to inject malicious scripts through the download title field. Attackers can … | Apr 04, 2026 |
| CVE-2018-25247 | MEDIUM | 6.1 | MyBB Like Plugin 3.0.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts by creating posts or threads with unvalidated subject content. … | Apr 04, 2026 |
| CVE-2018-25245 | HIGH | 7.5 | 7 Tik 1.0.1.0 contains a denial of service vulnerability that allows attackers to crash the application by submitting excessively long input strings to the search … | Apr 04, 2026 |
| CVE-2018-25244 | MEDIUM | 6.2 | Eco Search 1.0.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string to the … | Apr 04, 2026 |
| CVE-2018-25243 | MEDIUM | 6.2 | FastTube 1.0.1.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string to the search … | Apr 04, 2026 |
| CVE-2018-25242 | MEDIUM | 6.2 | One Search 1.1.0.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting excessively long input strings to the … | Apr 04, 2026 |
| CVE-2018-25241 | HIGH | 7.5 | VPN Browser+ 1.1.0.0 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting oversized input through the search functionality. … | Apr 04, 2026 |
| CVE-2018-25240 | MEDIUM | 6.2 | Watchr 1.1.0.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string to the search … | Apr 04, 2026 |
| CVE-2018-25239 | MEDIUM | 6.2 | Smart VPN 1.1.3.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input through the search interface. … | Apr 04, 2026 |
| CVE-2018-25238 | MEDIUM | 6.2 | VSCO 1.1.1.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string through the search … | Apr 04, 2026 |
| CVE-2016-20061 | HIGH | 7.8 | sheed AntiVirus 2.3 contains an unquoted service path vulnerability in the ShavProt service that allows local attackers to escalate privileges by exploiting the service binary … | Apr 04, 2026 |
| CVE-2016-20060 | HIGH | 7.8 | Hotspot Shield 6.0.3 contains an unquoted service path vulnerability in the hshld service binary that allows local attackers to escalate privileges by injecting malicious executables. … | Apr 04, 2026 |
| CVE-2016-20059 | HIGH | 7.8 | IObit Malware Fighter 4.3.1 contains an unquoted service path vulnerability in the IMFservice and LiveUpdateSvc services that allows local attackers to escalate privileges. Attackers can … | Apr 04, 2026 |
| CVE-2016-20058 | HIGH | 7.8 | Netgate AMITI Antivirus build 23.0.305 contains an unquoted service path vulnerability in the AmitiAvSrv and AmitiAntivirusHealth services that allows local attackers to escalate privileges. Attackers … | Apr 04, 2026 |
| CVE-2016-20057 | HIGH | 7.8 | NETGATE Registry Cleaner build 16.0.205 contains an unquoted service path vulnerability in the NGRegClnSrv service that allows local attackers to escalate privileges by exploiting the … | Apr 04, 2026 |
| CVE-2016-20056 | HIGH | 7.8 | Spy Emergency build 23.0.205 contains an unquoted service path vulnerability in the SpyEmrgHealth and SpyEmrgSrv services that allows local attackers to escalate privileges by inserting … | Apr 04, 2026 |
| CVE-2016-20055 | HIGH | 7.8 | IObit Advanced SystemCare 10.0.2 contains an unquoted service path vulnerability in the AdvancedSystemCareService10 service that allows local attackers to escalate privileges. Attackers can place a … | Apr 04, 2026 |
| CVE-2016-20053 | MEDIUM | 5.3 | Redaxo CMS 5.2 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by tricking authenticated administrators into visiting malicious … | Apr 04, 2026 |
| CVE-2016-20052 | CRITICAL | 9.8 | Snews CMS 1.7 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files including PHP executables to the snews_files directory. Attackers … | Apr 04, 2026 |
| CVE-2016-20051 | MEDIUM | 5.3 | Snews CMS 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials without authentication by crafting malicious HTML forms. Attackers can … | Apr 04, 2026 |
| CVE-2016-20050 | MEDIUM | 6.2 | NetSchedScan 1.0 contains a buffer overflow vulnerability in the scan Hostname/IP field that allows local attackers to crash the application by supplying an oversized input … | Apr 04, 2026 |
| CVE-2026-3666 | HIGH | 8.8 | The wpForo Forum plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 2.4.16. This is due to a … | Apr 04, 2026 |
| CVE-2026-3309 | MEDIUM | 6.5 | The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to arbitrary shortcode … | Apr 04, 2026 |
| CVE-2026-2936 | HIGH | 7.2 | The Visitor Traffic Real Time Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'page_title' parameter in all versions up to, and … | Apr 04, 2026 |