Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10110
Total
681
Critical
2907
High
3176
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2021-47934 | MEDIUM | 5.3 | MyBB Timeline Plugin 1.0 contains cross-site scripting vulnerabilities that allow attackers to inject malicious scripts through thread titles, post content, and user profile fields like … | May 16, 2026 |
| CVE-2020-37247 | HIGH | 7.8 | Kite 4.2.0.1 U1 contains an unquoted service path vulnerability in the KiteService Windows service that allows local attackers to escalate privileges by exploiting the service … | May 16, 2026 |
| CVE-2020-37246 | MEDIUM | 6.2 | Supsystic Backup 2.3.9 contains a local file inclusion vulnerability that allows unauthenticated attackers to read and delete arbitrary files by manipulating the download path parameter. … | May 16, 2026 |
| CVE-2020-37245 | HIGH | 7.5 | Supsystic Digital Publications 1.6.9 contains a path traversal vulnerability in the Folder input field that allows attackers to access files outside the web root by … | May 16, 2026 |
| CVE-2020-37244 | HIGH | 8.2 | Supsystic Membership 1.4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'search' and … | May 16, 2026 |
| CVE-2020-37243 | HIGH | 8.2 | Supsystic Pricing Table 1.8.7 contains an SQL injection vulnerability in the 'sidx' GET parameter that allows unauthenticated attackers to execute arbitrary SQL queries through the … | May 16, 2026 |
| CVE-2020-37242 | HIGH | 8.2 | Supsystic Ultimate Maps 1.1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'sidx' … | May 16, 2026 |
| CVE-2020-37241 | MEDIUM | 5.3 | bloofoxCMS 0.5.2.1 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious pages. Attackers can … | May 16, 2026 |
| CVE-2020-37240 | MEDIUM | 6.4 | Queue Management System 4.0.0 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through user creation fields. Attackers can insert … | May 16, 2026 |
| CVE-2020-37239 | CRITICAL | 9.8 | libbabl 0.1.62 contains a broken double free detection vulnerability that allows attackers to bypass memory safety checks by exploiting signature overwriting in freed chunks. Attackers … | May 16, 2026 |
| CVE-2020-37238 | MEDIUM | 6.4 | CMS Made Simple 2.2.15 contains a stored cross-site scripting vulnerability that allows authenticated users with Content Manager access to inject malicious scripts through SVG file … | May 16, 2026 |
| CVE-2020-37237 | MEDIUM | 6.4 | Composr CMS 10.0.34 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the banner management interface. Attackers with admin … | May 16, 2026 |
| CVE-2020-37236 | MEDIUM | 6.4 | NewsLister contains an authenticated persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the title parameter in the news addition interface. … | May 16, 2026 |
| CVE-2020-37235 | MEDIUM | 6.4 | WordPress Theme Wibar 1.1.8 contains a stored cross-site scripting vulnerability in the Brand component that allows authenticated users to inject malicious scripts by manipulating the … | May 16, 2026 |
| CVE-2020-37234 | MEDIUM | 6.2 | Internet Download Manager 6.38.12 contains a buffer overflow vulnerability in the Scheduler component that allows local attackers to crash the application by supplying oversized input. … | May 16, 2026 |
| CVE-2020-37233 | MEDIUM | 6.4 | WordPress Plugin Buddypress 6.2.0 contains a persistent cross-site scripting vulnerability that allows authenticated attackers with moderator privileges to inject malicious script code through the figure … | May 16, 2026 |
| CVE-2020-37232 | HIGH | 7.8 | Advanced System Care Service 13.0.0.157 contains an unquoted service path vulnerability in the AdvancedSystemCareService13 service binary path that allows local attackers to escalate privileges. Attackers … | May 16, 2026 |
| CVE-2020-37231 | HIGH | 7.8 | Privacy Drive 3.17.0 contains an unquoted service path vulnerability in the pdsvc.exe service binary that allows local attackers to escalate privileges by exploiting the service … | May 16, 2026 |
| CVE-2020-37230 | HIGH | 7.8 | Syncplify.me Server! 5.0.37 contains an unquoted service path vulnerability in the SMWebRestServicev5 service that allows local attackers to escalate privileges by exploiting the unquoted binary … | May 16, 2026 |
| CVE-2020-37229 | HIGH | 7.8 | OKI sPSV Port Manager 1.0.41 contains an unquoted service path vulnerability in the sPSVOpLclSrv service that allows local attackers to escalate privileges by inserting executable … | May 16, 2026 |
| CVE-2020-37228 | CRITICAL | 9.8 | iDS6 DSSPro Digital Signage System 6.2 contains a CAPTCHA security bypass vulnerability that allows attackers to bypass authentication by requesting the autoLoginVerifyCode object. Attackers can … | May 16, 2026 |
| CVE-2020-37227 | HIGH | 8.8 | HS Brand Logo Slider 2.1 contains an unrestricted file upload vulnerability that allows authenticated users to bypass client-side file extension validation by uploading arbitrary files. … | May 16, 2026 |
| CVE-2026-46719 | UNKNOWN | — | Net::Statsd::Lite versions before 0.9.0 for Perl allowed metric injections. The metric names were not checked for newlines, colons or pipes. Metrics generated from untrusted sources … | May 16, 2026 |
| CVE-2025-4202 | MEDIUM | 4.3 | The Multicollab: Content Team Collaboration and Editorial Workflow plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on … | May 16, 2026 |
| CVE-2026-8657 | HIGH | 8.2 | Versions of the package jsondiffpatch before 0.7.6 are vulnerable to Prototype Pollution via the jsondiffpatch.patch() and jsondiffpatch/formatters/jsonpatch.patch() APIs. An attacker can perform prototype pollution by … | May 16, 2026 |