Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-32643 | HIGH | 8.7 | A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects … | May 13, 2026 |
| CVE-2026-31156 | UNKNOWN | — | A path injection vulnerability exists in OpenPLC v3 (2c82b0e79c53f8c1f1458eee15fec173400d6e1a) as the binary program compiled from glue_generator.cpp does not perform any validation on the file path … | May 13, 2026 |
| CVE-2026-28758 | MEDIUM | 4.4 | When BIG-IP DNS is provisioned, a vulnerability exists in the gtm_add and bigip_add iControl REST commands that return the ssh-password parameter in cleartext in the … | May 13, 2026 |
| CVE-2026-24464 | MEDIUM | 6.8 | When running in Appliance mode, a directory traversal vulnerability exists in an undisclosed iControl REST endpoint that may allow an authenticated attacker with administrator role … | May 13, 2026 |
| CVE-2026-20916 | HIGH | 8.1 | An authenticated iControl REST user with low privileges can create or modify arbitrary files through an undisclosed iControl REST endpoint on the BIG-IQ system. Note: … | May 13, 2026 |
| CVE-2025-32425 | UNKNOWN | — | AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. In AutoGPT, the execution process … | May 13, 2026 |
| CVE-2025-29338 | UNKNOWN | — | NXP moal.ko Wi-Fi driver 5.1.7.10 FW version from v17.92.1.p149.43 To v17.92.1.p149.157 was discovered to contain a buffer overflow via the mod_para parameter in the woal_init_module_param … | May 13, 2026 |
| CVE-2025-28344 | UNKNOWN | — | striso-control-firmware 54c9722 is vulnerable to Buffer Overflow in function AuxJack. | May 13, 2026 |
| CVE-2025-28343 | UNKNOWN | — | striso-control-firmware 54c9722 is vulnerable to Buffer Overflow in function ThreadReadButtons. | May 13, 2026 |
| CVE-2024-55045 | UNKNOWN | — | Firmament-Autopilot FMT-Firmware commit de5aec was discovered to contain a buffer overflow via the task_mavobc_entry function at /comm/task_comm.c. | May 13, 2026 |
| CVE-2024-51395 | UNKNOWN | — | Buffer Overflow vulnerability in Ardupiot Copter Latest commit 92693e023793133e49a035daf37c14433e484778 allows a local attacker to cause a denial of service via the AP_SmartAudio::loop, AP_SmartAudio, AP_SmartAudio.cpp components. | May 13, 2026 |
| CVE-2024-51394 | MEDIUM | 5.5 | Buffer Overflow vulnerability in Ardupiot Copter Latest commit 92693e023793133e49a035daf37c14433e484778 allows a local attacker to cause a denial of service via the AP_MSP::loop, AP_MSP, AP_MSP.cpp components. | May 13, 2026 |
| CVE-2020-37226 | HIGH | 7.1 | Joomla J2 JOBS 1.3.0 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'sortby' … | May 13, 2026 |
| CVE-2020-37225 | MEDIUM | 6.4 | Powie's WHOIS Domain Check 0.9.31 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary JavaScript by exploiting unsanitized input fields in … | May 13, 2026 |
| CVE-2020-37224 | HIGH | 7.1 | Joomla J2 JOBS 1.3.0 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'sortby' … | May 13, 2026 |
| CVE-2020-37223 | HIGH | 7.8 | IObit Uninstaller 9.5.0.15 contains an unquoted service path vulnerability in the IObitUnSvr service that allows local attackers to escalate privileges to SYSTEM level. Attackers can … | May 13, 2026 |
| CVE-2020-37222 | HIGH | 7.2 | Kuicms Php EE 2.0 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted content through the bbs … | May 13, 2026 |
| CVE-2020-37221 | HIGH | 8.4 | Atomic Alarm Clock 6.3 contains a stack overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string to the display … | May 13, 2026 |
| CVE-2020-37220 | HIGH | 7.5 | Huawei HG630 V2 router contains an authentication bypass vulnerability that allows unauthenticated attackers to obtain administrative access by retrieving the device serial number. Attackers can … | May 13, 2026 |
| CVE-2020-37219 | HIGH | 7.5 | Joomla com_fabrik 3.9.11 contains a directory traversal vulnerability that allows unauthenticated attackers to list arbitrary files by manipulating the folder parameter. Attackers can send GET … | May 13, 2026 |
| CVE-2020-37218 | HIGH | 8.2 | Joomla com_hdwplayer 4.2 contains an SQL injection vulnerability in the search.php file that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code … | May 13, 2026 |
| CVE-2020-37217 | MEDIUM | 4.3 | Easy2Pilot 7 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized user accounts by tricking authenticated administrators into visiting malicious pages. Attackers … | May 13, 2026 |
| CVE-2020-37174 | MEDIUM | 5.5 | WOOF Products Filter for WooCommerce 1.2.3 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by entering XSS payloads in … | May 13, 2026 |
| CVE-2020-37169 | MEDIUM | 5.5 | WordPress Plugin ultimate-member 2.1.3 contains a local file inclusion vulnerability that allows authenticated attackers to include arbitrary files by manipulating the pack parameter in class-admin-upgrade.php. … | May 13, 2026 |
| CVE-2020-37168 | CRITICAL | 9.8 | Ecommerce Systempay 1.0 contains a weak cryptographic implementation vulnerability that allows attackers to brute force the 16-character production secret key used for payment signature generation. … | May 13, 2026 |