Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10110
Total
681
Critical
2907
High
3176
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-46720 | HIGH | 8.2 | Net::Statsd::Tiny versions before 0.3.8 for Perl allowed metric injections. The metric names and set values were not checked for newlines, colons or pipes. Metrics generated … | May 17, 2026 |
| CVE-2026-8759 | HIGH | 7.3 | A vulnerability was identified in xiandafu beetl up to 3.20.2. Affected is an unknown function of the file beetl-classic-integration/beetl-spring-classic/src/main/java/org/beetl/ext/spring/SpELFunction.java of the component SpELFunction. The manipulation … | May 17, 2026 |
| CVE-2026-8758 | HIGH | 7.3 | A vulnerability was determined in Metasoft 美特软件 MetaCRM up to 6.4.0 Beta06. This impacts an unknown function of the file /common/jsp/upload3.jsp. Executing a manipulation of … | May 17, 2026 |
| CVE-2026-8757 | HIGH | 7.3 | A vulnerability was found in adenhq hive up to 0.11.0. This affects the function _read_events_tail of the file core/framework/server/routes_sessions.py of the component Delete Request Handler. … | May 17, 2026 |
| CVE-2026-8756 | HIGH | 7.3 | A vulnerability has been found in fishaudio Bert-VITS2 up to 8f7fbd8c4770965225d258db548da27dc8dd934c. The impacted element is the function generate_config of the file webui_preprocess.py of the component … | May 17, 2026 |
| CVE-2026-8755 | HIGH | 7.3 | A flaw has been found in fishaudio Bert-VITS2 up to 8f7fbd8c4770965225d258db548da27dc8dd934c. The affected element is the function _get_all_models of the file hiyoriUI.py of the component … | May 17, 2026 |
| CVE-2026-8754 | MEDIUM | 6.3 | A vulnerability was detected in AstrBotDevs AstrBot up to 4.23.5. Impacted is the function post_file of the file astrbot/dashboard/routes/chat.py of the component File Upload Handler. … | May 17, 2026 |
| CVE-2026-8753 | MEDIUM | 6.3 | A security vulnerability has been detected in kalcaddle Kodbox up to 1.64. This issue affects the function parseVideoInfo of the file /workspace/source-code/plugins/fileThumb/lib/VideoResize.class.php of the component … | May 17, 2026 |
| CVE-2018-25339 | HIGH | 8.2 | Zechat 1.5 contains a SQL injection vulnerability in the v parameter that allows unauthenticated attackers to extract database information using time-based blind techniques. Attackers can … | May 17, 2026 |
| CVE-2018-25338 | HIGH | 8.2 | Zechat 1.5 contains a SQL injection vulnerability in the hashtag parameter that allows unauthenticated attackers to extract database information using union-based techniques. Attackers can exploit … | May 17, 2026 |
| CVE-2018-25337 | MEDIUM | 4.3 | Joomla JoomOCShop 1.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of authenticated users. Attackers can craft malicious … | May 17, 2026 |
| CVE-2018-25336 | MEDIUM | 5.3 | Joomla jCart for OpenCart 2.3.0.2 contains a cross-site request forgery vulnerability that allows attackers to modify user account information without authentication. Attackers can craft malicious … | May 17, 2026 |
| CVE-2018-25335 | CRITICAL | 9.8 | WordPress Plugin Peugeot Music 1.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the … | May 17, 2026 |
| CVE-2018-25334 | MEDIUM | 5.4 | Zechat 1.5 contains a Cross-Site Request Forgery (CSRF) vulnerability that allows an attacker to change a user's information by bypassing anti-CSRF protections. The application uses … | May 17, 2026 |
| CVE-2018-25333 | HIGH | 8.2 | Nordex N149/4.0-4.5 Wind Turbine Web Server 4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code … | May 17, 2026 |
| CVE-2018-25332 | CRITICAL | 9.8 | GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands by exploiting weak secret token generation and insecure file … | May 17, 2026 |
| CVE-2018-25331 | MEDIUM | 6.1 | Zenar Content Management System contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating form parameters in POST requests. Attackers … | May 17, 2026 |
| CVE-2018-25330 | HIGH | 8.2 | Joomla! extension EkRishta 2.10 contains persistent cross-site scripting and SQL injection vulnerabilities that allow attackers to inject malicious code through profile fields and POST parameters. … | May 17, 2026 |
| CVE-2018-25329 | HIGH | 7.5 | WordPress Plugin WP with Spritz 1.0 contains a remote file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by injecting file paths into … | May 17, 2026 |
| CVE-2018-25328 | HIGH | 8.4 | VX Search 10.6.18 contains a local buffer overflow vulnerability that allows attackers to overwrite the instruction pointer by supplying an oversized string in the directory … | May 17, 2026 |
| CVE-2018-25327 | MEDIUM | 5.3 | Joomla! Component Js Jobs 1.2.0 contains a cross-site request forgery vulnerability that allows attackers to perform state-changing actions without token validation. Attackers can craft malicious … | May 17, 2026 |
| CVE-2018-25326 | HIGH | 7.5 | Google Drive for WordPress 2.2 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by injecting directory traversal sequences in the … | May 17, 2026 |
| CVE-2018-25325 | HIGH | 7.5 | Woocommerce CSV Importer 3.3.6 contains a path traversal vulnerability that allows any registered user to delete arbitrary files by submitting unescaped filenames through the delete_export_file … | May 17, 2026 |
| CVE-2018-25324 | MEDIUM | 6.2 | Simple Fields 0.2 through 0.3.5 WordPress Plugin contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by injecting null bytes … | May 17, 2026 |
| CVE-2018-25323 | HIGH | 8.4 | Allok AVI DivX MPEG to DVD Converter 2.6.1217 contains a structured exception handler buffer overflow vulnerability that allows local attackers to execute arbitrary code by … | May 17, 2026 |