Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10307
Total
705
Critical
2965
High
3260
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2024-51395 | UNKNOWN | — | Buffer Overflow vulnerability in Ardupiot Copter Latest commit 92693e023793133e49a035daf37c14433e484778 allows a local attacker to cause a denial of service via the AP_SmartAudio::loop, AP_SmartAudio, AP_SmartAudio.cpp components. | May 13, 2026 |
| CVE-2024-51394 | MEDIUM | 5.5 | Buffer Overflow vulnerability in Ardupiot Copter Latest commit 92693e023793133e49a035daf37c14433e484778 allows a local attacker to cause a denial of service via the AP_MSP::loop, AP_MSP, AP_MSP.cpp components. | May 13, 2026 |
| CVE-2020-37226 | HIGH | 7.1 | Joomla J2 JOBS 1.3.0 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'sortby' … | May 13, 2026 |
| CVE-2020-37225 | MEDIUM | 6.4 | Powie's WHOIS Domain Check 0.9.31 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary JavaScript by exploiting unsanitized input fields in … | May 13, 2026 |
| CVE-2020-37224 | HIGH | 7.1 | Joomla J2 JOBS 1.3.0 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'sortby' … | May 13, 2026 |
| CVE-2020-37223 | HIGH | 7.8 | IObit Uninstaller 9.5.0.15 contains an unquoted service path vulnerability in the IObitUnSvr service that allows local attackers to escalate privileges to SYSTEM level. Attackers can … | May 13, 2026 |
| CVE-2020-37222 | HIGH | 7.2 | Kuicms Php EE 2.0 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted content through the bbs … | May 13, 2026 |
| CVE-2020-37221 | HIGH | 8.4 | Atomic Alarm Clock 6.3 contains a stack overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string to the display … | May 13, 2026 |
| CVE-2020-37220 | HIGH | 7.5 | Huawei HG630 V2 router contains an authentication bypass vulnerability that allows unauthenticated attackers to obtain administrative access by retrieving the device serial number. Attackers can … | May 13, 2026 |
| CVE-2020-37219 | HIGH | 7.5 | Joomla com_fabrik 3.9.11 contains a directory traversal vulnerability that allows unauthenticated attackers to list arbitrary files by manipulating the folder parameter. Attackers can send GET … | May 13, 2026 |
| CVE-2020-37218 | HIGH | 8.2 | Joomla com_hdwplayer 4.2 contains an SQL injection vulnerability in the search.php file that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code … | May 13, 2026 |
| CVE-2020-37217 | MEDIUM | 4.3 | Easy2Pilot 7 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized user accounts by tricking authenticated administrators into visiting malicious pages. Attackers … | May 13, 2026 |
| CVE-2020-37174 | MEDIUM | 5.5 | WOOF Products Filter for WooCommerce 1.2.3 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by entering XSS payloads in … | May 13, 2026 |
| CVE-2020-37169 | MEDIUM | 5.5 | WordPress Plugin ultimate-member 2.1.3 contains a local file inclusion vulnerability that allows authenticated attackers to include arbitrary files by manipulating the pack parameter in class-admin-upgrade.php. … | May 13, 2026 |
| CVE-2020-37168 | CRITICAL | 9.8 | Ecommerce Systempay 1.0 contains a weak cryptographic implementation vulnerability that allows attackers to brute force the 16-character production secret key used for payment signature generation. … | May 13, 2026 |
| CVE-2026-8463 | MEDIUM | 5.3 | Crypt::Argon2 versions from 0.017 before 0.031 for Perl perform a heap out-of-bounds read in argon2_verify on empty encoded input. The auto-detect form of argon2_verify passes … | May 13, 2026 |
| CVE-2026-8369 | UNKNOWN | — | Improper Input Validation in the NAT64 translator in The OpenThread Authors OpenThread before commit 26a882d on all platforms allows an attacker on the adjacent IPv4 … | May 13, 2026 |
| CVE-2026-4609 | HIGH | 7.1 | The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the pm_invite_user … | May 13, 2026 |
| CVE-2026-4608 | MEDIUM | 6.5 | The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to blind SQL Injection via the 'rid' parameter in all versions up … | May 13, 2026 |
| CVE-2026-4607 | MEDIUM | 4.3 | The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.9.8.4. This … | May 13, 2026 |
| CVE-2026-39806 | UNKNOWN | — | Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in mtrudel bandit allows unauthenticated remote denial of service via worker process exhaustion. 'Elixir.Bandit.HTTP1.Socket':do_read_chunked_data!/5 in lib/bandit/http1/socket.ex terminates … | May 13, 2026 |
| CVE-2026-39803 | UNKNOWN | — | Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated remote denial of service via memory exhaustion. The chunked clause of 'Elixir.Bandit.HTTP1.Socket':read_data/2 … | May 13, 2026 |
| CVE-2026-37430 | UNKNOWN | — | An arbitrary file upload vulnerability in the ShopOrderImportController.java component of qihang-wms commit 75c15a allows attackers to execute arbitrary code via uploading a crafted file. | May 13, 2026 |
| CVE-2026-37429 | MEDIUM | 6.5 | qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysUserMapper.xml file. This vulnerability allows attackers to access … | May 13, 2026 |
| CVE-2026-37428 | MEDIUM | 6.5 | qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysDeptMapper.xml file. This vulnerability allows attackers to access … | May 13, 2026 |