You are subscribed to Vulnerability Bulletins for Cybersecurity and Infrastructure Security Agency. This information has recently been updated and is now available.
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
05/18/2026 05:00 PM EDT
High Vulnerabilities
|
Primary Vendor -- Product |
Description | Published | CVSS Score | Source Info | Patch Info |
|---|---|---|---|---|---|
| acl--ACL Analytics | ACL Analytics versions 11.x through 13.0.0.579 contain an arbitrary code execution vulnerability that allows attackers to execute arbitrary commands by leveraging the EXECUTE function. Attackers can use bitsadmin to download malicious PowerShell scripts and execute them with system privileges to establish reverse shells and gain complete system control. | 2026-05-17 | 9.8 | CVE-2018-25320 |
ExploitDB-44281 Official Product Homepage Product Reference VulnCheck Advisory: ACL Analytics 11.x - 13.0.0.579 Arbitrary Code Execution |
| gitbucket--GitBucket | GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands by exploiting weak secret token generation and insecure file upload functionality. Attackers can brute-force the Blowfish encryption key, upload a malicious JAR plugin via the git-lfs endpoint, and execute system commands through an exposed exploit endpoint. | 2026-05-17 | 9.8 | CVE-2018-25332 |
ExploitDB-44668 Official Product Homepage Product Reference VulnCheck Advisory: GitBucket 4.23.1 Unauthenticated Remote Code Execution |
| peugeot-music-plugin--Peugeot Music | WordPress Plugin Peugeot Music 1.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the upload.php endpoint. Attackers can upload files with arbitrary extensions by manipulating the 'name' parameter to execute code from the uploads directory. | 2026-05-17 | 9.8 | CVE-2018-25335 |
ExploitDB-44737 VulnCheck Advisory: WordPress Plugin Peugeot Music 1.0 Arbitrary File Upload |
| Paiement--Ecommerce Systempay | Ecommerce Systempay 1.0 contains a weak cryptographic implementation vulnerability that allows attackers to brute force the 16-character production secret key used for payment signature generation. Attackers can extract payment form data and signatures from POST requests to the payment endpoint, then use SHA1 hash comparison to iteratively test key candidates until discovering the correct production key, enabling them to forge valid payment signatures and manipulate transaction amounts. | 2026-05-13 | 9.8 | CVE-2020-37168 |
ExploitDB-48017 Official Product Homepage Product Reference VulnCheck Advisory: Ecommerce Systempay 1.0 Production Key Brute Force |
| Yerootech--iDS6 DSSPro Digital Signage System | iDS6 DSSPro Digital Signage System 6.2 contains a CAPTCHA security bypass vulnerability that allows attackers to bypass authentication by requesting the autoLoginVerifyCode object. Attackers can retrieve valid CAPTCHA codes via the login endpoint and use them to perform brute-force attacks against user accounts. | 2026-05-16 | 9.8 | CVE-2020-37228 |
ExploitDB-48991 Vulnerability Advisory Official Product Homepage VulnCheck Advisory: iDS6 DSSPro Digital Signage System 6.2 CAPTCHA Security Bypass |
| Gegl--libbabl | libbabl 0.1.62 contains a broken double free detection vulnerability that allows attackers to bypass memory safety checks by exploiting signature overwriting in freed chunks. Attackers can call babl_free() twice on the same pointer without triggering detection, as libc's malloc metadata overwrites babl's signature field upon freeing, enabling potential memory corruption and code execution. | 2026-05-16 | 9.8 | CVE-2020-37239 |
ExploitDB-49259 Official Product Homepage Product Reference VulnCheck Advisory: libbabl 0.1.62 Broken Double Free Detection Memory Safety |
| Jsonpickle--python jsonpickle | python jsonpickle 2.0.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary Python commands by deserializing malicious JSON payloads containing py/repr objects. Attackers can craft JSON strings with py/repr directives that invoke the eval function during deserialization to execute system commands and arbitrary code. | 2026-05-16 | 9.8 | CVE-2021-47952 |
ExploitDB-49585 Official Product Homepage Product Reference VulnCheck Advisory: python jsonpickle 2.0.0 Remote Code Execution via py/repr |
| wp-super-edit--WP Super Edit | WordPress Plugin WP Super Edit 2.5.4 and earlier contains an unrestricted file upload vulnerability in the FCKeditor component that allows attackers to upload dangerous file types without validation. Attackers can upload arbitrary files through the filemanager upload endpoint to achieve remote code execution and complete system compromise. | 2026-05-15 | 9.8 | CVE-2021-47965 |
ExploitDB-49839 Official Product Homepage Product Reference VulnCheck Advisory: WordPress Plugin WP Super Edit 2.5.4 Unrestricted File Upload |
| Akilli Commerce Software Technologies Ltd. Co.--E-Commerce Website | Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows Blind SQL Injection. This issue affects E-Commerce Website: before 4.5.001. | 2026-05-14 | 9.8 | CVE-2025-11024 |
https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0222 |
| Hitachi Vantara--Pentaho Data Integration and Analytics | Hitachi Vantara Pentaho Data Integration & Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to external script execution when a new connection is created by a data source administrator. | 2026-05-13 | 9.1 | CVE-2025-11159 |
https://support.pentaho.com/hc/en-us/articles/39954640408077--Resolved-Hitachi-Vantara-Pentaho-Data-Integration-Analytics-Dependency-on-Vulnerable-Third-Party-Component-Versions-before-10-2-0-7-and-11-0-0-0-Impacted-CVE-2025-11159 |
| alloksoft--Fast AVI MPEG Splitter | Allok Fast AVI MPEG Splitter 1.2 contains a stack based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious license name string. Attackers can craft a payload with 780 bytes of junk data followed by structured shellcode and place it in the License Name field to trigger the overflow and execute code with application privileges. | 2026-05-17 | 8.4 | CVE-2018-25322 |
ExploitDB-44341 Official Product Homepage Product Reference VulnCheck Advisory: Allok Fast AVI MPEG Splitter 1.2 Stack Based Buffer Overflow |
| Alloksoft--Allok AVI DivX MPEG to DVD Converter | Allok AVI DivX MPEG to DVD Converter 2.6.1217 contains a structured exception handler buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload. Attackers can craft a text file with a specially crafted buffer containing shellcode and SEH chain overwrite values, then paste the contents into the License Name field to trigger code execution. | 2026-05-17 | 8.4 | CVE-2018-25323 |
ExploitDB-44363 VulnCheck Advisory: Allok AVI DivX MPEG to DVD Converter 2.6.1217 Buffer Overflow SEH |
| vxsearch--VX Search | VX Search 10.6.18 contains a local buffer overflow vulnerability that allows attackers to overwrite the instruction pointer by supplying an oversized string in the directory field. Attackers can craft a malicious input file containing 271 bytes of junk data followed by a return address to execute arbitrary code with application privileges. | 2026-05-17 | 8.4 | CVE-2018-25328 |
ExploitDB-44494 Official Product Homepage Official Product Homepage VulnCheck Advisory: VX Search 10.6.18 Local Buffer Overflow via Directory Field |
| Joomlaextensions--Joomla! extension EkRishta | Joomla! extension EkRishta 2.10 contains persistent cross-site scripting and SQL injection vulnerabilities that allow attackers to inject malicious code through profile fields and POST parameters. Attackers can inject script payloads in profile information fields like Address that execute when users visit the profile, or submit SQL injection payloads via the phone_no parameter to the user_setting endpoint to manipulate database queries. | 2026-05-17 | 8.2 | CVE-2018-25330 |
ExploitDB-44660 Official Product Homepage Product Reference VulnCheck Advisory: Joomla! EkRishta 2.10 Persistent XSS and SQL Injection |
| nordex-online--N149 Wind Turbine Web Server | Nordex N149/4.0-4.5 Wind Turbine Web Server 4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the login parameter in login.php. Attackers can submit crafted POST requests with SQL injection payloads in the login field to extract sensitive database information and bypass authentication mechanisms. | 2026-05-17 | 8.2 | CVE-2018-25333 |
ExploitDB-44684 Official Product Homepage VulnCheck Advisory: Nordex N149/4.0-4.5 Wind Turbine Web Server SQL Injection |
| Bylancer--Zechat | Zechat 1.5 contains a SQL injection vulnerability in the hashtag parameter that allows unauthenticated attackers to extract database information using union-based techniques. Attackers can exploit the hashtag parameter with union-based payloads to retrieve table and column names. | 2026-05-17 | 8.2 | CVE-2018-25338 |
ExploitDB-44685 Official Product Homepage VulnCheck Advisory: Zechat 1.5 SQL Injection via hashtag parameter |
| Bylancer--Zechat | Zechat 1.5 contains a SQL injection vulnerability in the v parameter that allows unauthenticated attackers to extract database information using time-based blind techniques. Attackers can exploit the v parameter with sleep-based blind injection to confirm vulnerability and extract data. | 2026-05-17 | 8.2 | CVE-2018-25339 |
ExploitDB-44685 Official Product Homepage VulnCheck Advisory: Zechat 1.5 SQL Injection via v parameter (time-based blind) |
| Hdwplayer--com_hdwplayer | Joomla com_hdwplayer 4.2 contains an SQL injection vulnerability in the search.php file that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the hdwplayersearch parameter. Attackers can submit POST requests with crafted SQL payloads in the hdwplayersearch parameter to extract sensitive database information from the hdwplayer_videos table. | 2026-05-13 | 8.2 | CVE-2020-37218 |
ExploitDB-48242 Official Product Homepage Product Reference VulnCheck Advisory: Joomla com_hdwplayer 4.2 SQL Injection via search.php |
| Drive-software--Atomic Alarm Clock | Atomic Alarm Clock 6.3 contains a stack overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string to the display name textbox in the Time Zones Clock configuration. Attackers can craft a buffer with structured exception handling overwrite and encoded shellcode to bypass SafeSEH protections and execute arbitrary commands with application privileges. | 2026-05-13 | 8.4 | CVE-2020-37221 |
ExploitDB-48346 VulnCheck Advisory: Atomic Alarm Clock 6.3 Stack Overflow via SEH Unicode |
| Heliossolutions--HS Brand Logo Slider | HS Brand Logo Slider 2.1 contains an unrestricted file upload vulnerability that allows authenticated users to bypass client-side file extension validation by uploading arbitrary files. Attackers can intercept upload requests to the logoupload parameter in the admin interface and rename files to executable extensions .php to achieve remote code execution. | 2026-05-16 | 8.8 | CVE-2020-37227 |
ExploitDB-48913 Official Product Homepage Product Reference VulnCheck Advisory: WordPress Plugin HS Brand Logo Slider 2.1 Unrestricted File Upload |
| Supsystic--Ultimate Maps | Supsystic Ultimate Maps 1.1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'sidx' GET parameter. Attackers can send crafted requests to the getListForTbl action with boolean-based blind or time-based blind SQL injection payloads to extract sensitive database information. | 2026-05-16 | 8.2 | CVE-2020-37242 |
ExploitDB-49532 Official Product Homepage Product Reference VulnCheck Advisory: WordPress Plugin Supsystic Ultimate Maps 1.1.12 SQL Injection via sidx |
| Supsystic--Pricing Table | Supsystic Pricing Table 1.8.7 contains an SQL injection vulnerability in the 'sidx' GET parameter that allows unauthenticated attackers to execute arbitrary SQL queries through the getListForTbl action. The plugin also contains stored cross-site scripting vulnerabilities in the 'Edit name' and 'Edit HTML' fields that execute malicious scripts when viewing pricing tables. | 2026-05-16 | 8.2 | CVE-2020-37243 |
ExploitDB-49533 Official Product Homepage Product Reference VulnCheck Advisory: WordPress Plugin Supsystic Pricing Table 1.8.7 SQL Injection XSS |
| Supsystic--Membership | Supsystic Membership 1.4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'search' and 'sidx' parameters. Attackers can send GET requests to the badges module with crafted payloads to extract sensitive database information using time-based blind or UNION-based SQL injection techniques. | 2026-05-16 | 8.2 | CVE-2020-37244 |
ExploitDB-49540 Official Product Homepage Product Reference VulnCheck Advisory: WordPress Plugin Supsystic Membership 1.4.7 SQL Injection via sidx |
| LayerBB--LayerBB | LayerBB 1.1.4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the search_query parameter. Attackers can send POST requests to /search.php with malicious search_query values using CASE WHEN statements to extract sensitive database information. | 2026-05-16 | 8.2 | CVE-2021-47954 |
ExploitDB-49593 VulnCheck Advisory: LayerBB 1.1.4 SQL Injection via search_query Parameter |
| Egavilanmedia--EgavilanMedia PHPCRUD | EgavilanMedia PHPCRUD 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the firstname parameter. Attackers can send POST requests to insert.php with malicious firstname values to extract sensitive database information. | 2026-05-16 | 8.2 | CVE-2021-47956 |
ExploitDB-49878 Official Product Homepage Product Reference VulnCheck Advisory: EgavilanMedia PHPCRUD 1.0 SQL Injection via firstname |
| Schlix--Schlix CMS | Schlix CMS 2.2.6-6 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious extension packages through the block manager. Attackers can upload a crafted ZIP file containing PHP code in the packageinfo.inc file and trigger execution by accessing the About tab of the installed extension. | 2026-05-15 | 8.8 | CVE-2021-47964 |
ExploitDB-49838 Official Product Homepage Product Reference VulnCheck Advisory: Schlix CMS 2.2.6-6 Remote Code Execution via core.blockmanager |
| Timeclock--PHP Timeclock | PHP Timeclock 1.04 contains time-based and boolean-based blind SQL injection vulnerabilities in the login_userid parameter of login.php that allows unauthenticated attackers to extract database contents. Attackers can submit crafted POST requests with SQL payloads using SLEEP functions or RLIKE conditional statements to dump sensitive database information including employee names and credentials. | 2026-05-15 | 8.2 | CVE-2021-47966 |
ExploitDB-49849 Official Product Homepage Product Reference VulnCheck Advisory: PHP Timeclock 1.04 SQL Injection via login.php |
| Textpattern--TextPattern CMS | TextPattern CMS 4.9.0-dev contains a remote code execution vulnerability that allows authenticated attackers to upload arbitrary PHP files by exploiting the plugin upload functionality. Attackers can authenticate, retrieve a CSRF token from the plugin event page, and upload malicious PHP files to the textpattern/tmp/ directory for code execution. | 2026-05-16 | 8.8 | CVE-2021-47976 |
ExploitDB-50095 Official Product Homepage Product Reference VulnCheck Advisory: TextPattern CMS 4.9.0-dev Authenticated Remote Code Execution via Plugin Upload |
| Miniorange--Backup and Restore | WordPress Plugin Backup and Restore 1.0.3 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating parameters in AJAX requests. Attackers can send POST requests to admin-ajax.php with crafted file_name and folder_name parameters to delete arbitrary files from the WordPress installation directory. | 2026-05-16 | 8.8 | CVE-2021-47979 |
ExploitDB-50503 Official Product Homepage Product Reference VulnCheck Advisory: WordPress Plugin Backup and Restore 1.0.3 Arbitrary File Deletion |
| WSO2--WSO2 Identity Server | The Magic Link authentication flow accepts multiple invalid authentication requests without adequate rate limiting or resource control, leading to uncontrolled memory usage growth. This vulnerability can result in a denial-of-service condition, causing service unavailability for deployments that utilize the Magic Link authenticator. The impact is limited to these specific deployments and requires repeated invalid authentication attempts to trigger. | 2026-05-11 | 8.6 | CVE-2025-10470 |
https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4469/ |
| APPYAP Technology and Information Inc.--Yaay Social Media App | Authorization bypass through User-Controlled key vulnerability in APPYAP Technology and Information Inc. Yaay Social Media App allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Yaay Social Media App: from 3.8.0 through 24102025. | 2026-05-14 | 8.8 | CVE-2025-12008 |
https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0238 |
| Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc.--Library Automation System | Incorrect Authorization vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Library Automation System: from v.19.5 before v.22.1. | 2026-05-14 | 8.8 | CVE-2025-15023 |
https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0240 |
| Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc.--Library Automation System | Improper Control of Generation of Code ('Code Injection') vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Remote Code Inclusion. This issue affects Library Automation System: from v.19.5 before v.22.1. | 2026-05-14 | 8.8 | CVE-2025-15024 |
https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0240 |
| Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc.--Library Automation System | Authorization bypass through User-Controlled key vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Exploitation of Trusted Identifiers. This issue affects Library Automation System: from v.21.6 before v.22.1. | 2026-05-14 | 8.8 | CVE-2025-15025 |
https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0240 |
| wende60--Redaxo CMS Addon MyEvents | Redaxo CMS Addon MyEvents 2.2.1 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the myevents_id parameter. Attackers can send GET requests to the event_add.php page with malicious myevents_id values to extract or modify sensitive database information. | 2026-05-17 | 7.1 | CVE-2018-25319 |
ExploitDB-44261 Official Product Homepage VulnCheck Advisory: Redaxo CMS Addon MyEvents 2.2.1 SQL Injection via event_add.php |
| woocommerce-csvimport--WooCommerce CSV-Importer | Woocommerce CSV Importer 3.3.6 contains a path traversal vulnerability that allows any registered user to delete arbitrary files by submitting unescaped filenames through the delete_export_file AJAX action. Attackers can craft POST requests with directory traversal sequences in the filename parameter to delete sensitive files like wp-config.php outside the intended export directory. | 2026-05-17 | 7.5 | CVE-2018-25325 |
ExploitDB-44433 Official Product Homepage VulnCheck Advisory: Woocommerce CSV Importer 3.3.6 Path Traversal File Deletion |
| wp-google-drive--Google Drive | Google Drive for WordPress 2.2 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by injecting directory traversal sequences in the file_name parameter. Attackers can send POST requests to gdrive-ajaxs.php with the ajaxstype parameter set to del_fl_bkp and file_name containing traversal sequences ../../wp-config.php to access sensitive configuration files. | 2026-05-17 | 7.5 | CVE-2018-25326 |
ExploitDB-44435 Official Product Homepage VulnCheck Advisory: Google Drive for WordPress 2.2 Path Traversal RCE via gdrive-ajaxs.php |
| wp-with-spritz--WP with Spritz | WordPress Plugin WP with Spritz 1.0 contains a remote file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by injecting file paths into the url parameter. Attackers can send GET requests to wp.spritz.content.filter.php with malicious url values to access sensitive files like system configuration and credentials. | 2026-05-17 | 7.5 | CVE-2018-25329 |
ExploitDB-44544 Product Reference VulnCheck Advisory: WordPress Plugin WP with Spritz 1.0 Remote File Inclusion |
| Fabrikar--com_fabrik | Joomla com_fabrik 3.9.11 contains a directory traversal vulnerability that allows unauthenticated attackers to list arbitrary files by manipulating the folder parameter. Attackers can send GET requests to the onAjax_files method with path traversal sequences to enumerate files in system directories outside the intended web root. | 2026-05-13 | 7.5 | CVE-2020-37219 |
ExploitDB-48263 Official Product Homepage Product Reference VulnCheck Advisory: Joomla com_fabrik 3.9.11 Directory Traversal via image.php |
| www.huawei.com--Huawei HG630 Router | Huawei HG630 V2 router contains an authentication bypass vulnerability that allows unauthenticated attackers to obtain administrative access by retrieving the device serial number. Attackers can query the /api/system/deviceinfo endpoint without authentication to extract the SerialNumber field, then use the last 8 characters as the default password to login to the router. | 2026-05-13 | 7.5 | CVE-2020-37220 |
ExploitDB-48310 Reference VulnCheck Advisory: Huawei HG630 V2 Router Authentication Bypass via Serial Number |
| Kuicms--Kuicms Php EE | Kuicms Php EE 2.0 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted content through the bbs reply endpoint. Attackers can send POST requests to /web/?c=bbs&a=reply with HTML and JavaScript payloads in the content parameter to execute arbitrary scripts in users' browsers. | 2026-05-13 | 7.2 | CVE-2020-37222 |
ExploitDB-48526 Official Product Homepage Product Reference VulnCheck Advisory: Kuicms Php EE 2.0 Persistent Cross-Site Scripting via bbs reply |
| Iobit--IObit Uninstaller | IObit Uninstaller 9.5.0.15 contains an unquoted service path vulnerability in the IObitUnSvr service that allows local attackers to escalate privileges to SYSTEM level. Attackers can place a malicious executable named IObit.exe in the C:\Program Files (x86)\IObit directory and restart the service to execute code with SYSTEM privileges. | 2026-05-13 | 7.8 | CVE-2020-37223 |
ExploitDB-48543 Official Product Homepage Product Reference VulnCheck Advisory: IObit Uninstaller 9.5.0.15 Unquoted Service Path Privilege Escalation |
| Joomsky--J2 JOBS | Joomla J2 JOBS 1.3.0 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'sortby' parameter. Attackers can send POST requests to the administrator index with malicious 'sortby' values to extract sensitive database information. | 2026-05-13 | 7.1 | CVE-2020-37224 |
ExploitDB-48648 Official Product Homepage Product Reference VulnCheck Advisory: Joomla J2 JOBS 1.3.0 Authenticated SQL Injection via sortby |
| Joomsky--J2 JOBS | Joomla J2 JOBS 1.3.0 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'sortby' parameter. Attackers can send POST requests to the administrator index with malicious 'sortby' values to extract sensitive database information using automated tools. | 2026-05-13 | 7.1 | CVE-2020-37226 |
ExploitDB-48670 Official Product Homepage Product Reference VulnCheck Advisory: Joomla J2 JOBS 1.3.0 Authenticated SQL Injection via sortby |
| Oki--OKI sPSV Port Manager | OKI sPSV Port Manager 1.0.41 contains an unquoted service path vulnerability in the sPSVOpLclSrv service that allows local attackers to escalate privileges by inserting executable files into the unquoted path. Attackers can place a malicious executable in a directory within the service path that will execute with LocalSystem privileges when the service restarts or the system reboots. | 2026-05-16 | 7.8 | CVE-2020-37229 |
ExploitDB-49005 Official Product Homepage Product Reference VulnCheck Advisory: OKI sPSV Port Manager 1.0.41 Unquoted Service Path Privilege Escalation |
| Syncplify--Syncplify.me Server! | Syncplify.me Server! 5.0.37 contains an unquoted service path vulnerability in the SMWebRestServicev5 service that allows local attackers to escalate privileges by exploiting the unquoted binary path. Attackers can insert a malicious executable into the service path and execute it with LocalSystem privileges when the service restarts or the system reboots. | 2026-05-16 | 7.8 | CVE-2020-37230 |
ExploitDB-49009 Official Product Homepage Product Reference VulnCheck Advisory: Syncplify.me Server! 5.0.37 Unquoted Service Path Privilege Escalation |
| Cybertronsoft--Privacy Drive | Privacy Drive 3.17.0 contains an unquoted service path vulnerability in the pdsvc.exe service binary that allows local attackers to escalate privileges by exploiting the service startup process. Attackers can place malicious executables in the unquoted path directories to execute arbitrary code with LocalSystem privileges during service startup or system reboot. | 2026-05-16 | 7.8 | CVE-2020-37231 |
ExploitDB-49023 Official Product Homepage Product Reference VulnCheck Advisory: Privacy Drive 3.17.0 Unquoted Service Path Privilege Escalation |
| Iobit--Advanced System Care Service | Advanced System Care Service 13.0.0.157 contains an unquoted service path vulnerability in the AdvancedSystemCareService13 service binary path that allows local attackers to escalate privileges. Attackers can place malicious executables in the system root path that will be executed with LocalSystem privileges during service startup or system reboot. | 2026-05-16 | 7.8 | CVE-2020-37232 |
ExploitDB-49049 Official Product Homepage Product Reference VulnCheck Advisory: Advanced System Care Service 13.0.0.157 Unquoted Service Path Privilege Escalation |
| Supsystic--Digital Publications | Supsystic Digital Publications 1.6.9 contains a path traversal vulnerability in the Folder input field that allows attackers to access files outside the web root by injecting directory traversal sequences. Additionally, the plugin fails to sanitize input fields in publication settings, allowing stored cross-site scripting attacks through script injection in parameters like Area Width and Publication Width that execute when publications are viewed or edited. | 2026-05-16 | 7.5 | CVE-2020-37245 |
ExploitDB-49542 Official Product Homepage Product Reference VulnCheck Advisory: WordPress Plugin Supsystic Digital Publications 1.6.9 Path Traversal XSS |
| Kite--Kite | Kite 4.2.0.1 U1 contains an unquoted service path vulnerability in the KiteService Windows service that allows local attackers to escalate privileges by exploiting the service binary path. Attackers can place a malicious executable in the Program Files directory to be executed with LocalSystem privileges when the service starts. | 2026-05-16 | 7.8 | CVE-2020-37247 |
ExploitDB-50975 Official Product Homepage VulnCheck Advisory: Kite 4.2.0.1 U1 Unquoted Service Path Privilege Escalation |
| Home-Assistant--Home Assistant Community Store (HACS) | Home Assistant Community Store (HACS) 1.10.0 contains a path traversal vulnerability that allows unauthenticated attackers to read sensitive files by traversing directories via the /hacsfiles/ endpoint. Attackers can retrieve the .storage/auth file containing user credentials and refresh tokens, then craft valid JWT tokens to gain administrative access to Home Assistant instances. | 2026-05-16 | 7.5 | CVE-2021-47942 |
ExploitDB-49495 Official Product Homepage Product Reference VulnCheck Advisory: Home Assistant Community Store 1.10.0 Path Traversal Account Takeover |
| Wpgraphql--WPGraphQL | WordPress Plugin WPGraphQL 1.3.5 contains a denial of service vulnerability that allows unauthenticated attackers to exhaust server resources by sending batched GraphQL queries with duplicated fields. Attackers can send POST requests to the GraphQL endpoint with amplified field duplication payloads to trigger server out-of-memory conditions and MySQL connection errors. | 2026-05-15 | 7.5 | CVE-2021-47959 |
ExploitDB-49807 Official Product Homepage VulnCheck Advisory: WordPress Plugin WPGraphQL 1.3.5 Denial of Service |
| AnotherNote--Anote | Anote 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to execute arbitrary code by injecting malicious payloads into markdown files stored within the application. Attackers can craft malicious markdown files with embedded JavaScript that executes system commands when opened, enabling remote code execution on the victim's computer. | 2026-05-15 | 7.2 | CVE-2021-47963 |
ExploitDB-49836 Official Product Homepage VulnCheck Advisory: Anote 1.0 Persistent Cross-Site Scripting Remote Code Execution |
| color-notes--Color Notes | Color Notes 1.4 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note fields. Attackers can generate a payload containing 350,000 repeated characters and paste it twice into a new note to cause the application to stop responding. | 2026-05-16 | 7.5 | CVE-2021-47969 |
ExploitDB-49952 VulnCheck Advisory: Color Notes 1.4 Denial of Service via Long Character String |
| macaron-notes-great-notebook--Macaron Notes Gear Notebook | Macaron Notes 5.5 contains a denial of service vulnerability that allows attackers to crash the application by creating notes with excessively long character strings. Attackers can generate a payload containing 350000 repeated characters and paste it into a note field to trigger application crash and stop functionality. | 2026-05-16 | 7.5 | CVE-2021-47970 |
ExploitDB-49953 VulnCheck Advisory: Macaron Notes 5.5 Denial of Service via Buffer Overflow |
| my-notes-safe--My Notes Safe | My Notes Safe 5.3 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note fields. Attackers can generate a payload containing 350000 repeated characters and paste it twice into a new note to trigger an application crash. | 2026-05-16 | 7.5 | CVE-2021-47971 |
ExploitDB-49954 VulnCheck Advisory: My Notes Safe 5.3 Denial of Service via Buffer Overflow |
| sticky-notes-color-widgets--Sticky Notes Color Widgets | Sticky Notes & Color Widgets 1.4.2 contains a denial of service vulnerability that allows attackers to crash the application by creating notes with excessively long character strings. Attackers can paste large payloads of repeated characters into note fields to trigger application crashes and make the application stop responding. | 2026-05-16 | 7.5 | CVE-2021-47972 |
ExploitDB-49957 VulnCheck Advisory: Sticky Notes & Color Widgets 1.4.2 Denial of Service |
| sticky-notes--Sticky Notes Widget | Sticky Notes Widget 3.0.6 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note fields. Attackers can generate a payload containing 350000 repeated characters and paste it twice into a new note to trigger an application crash on iOS devices. | 2026-05-16 | 7.5 | CVE-2021-47973 |
ExploitDB-49978 VulnCheck Advisory: Sticky Notes Widget 3.0.6 Denial of Service via Buffer Overflow |
| Vxsearch--VX Search | VX Search 13.5.28 contains an unquoted service path vulnerability in both VX Search Server and VX Search Enterprise services that allows local attackers to escalate privileges. Attackers can place malicious executables in unquoted path directories like C:\Program Files\VX Search to execute arbitrary code with LocalSystem privileges when services restart. | 2026-05-16 | 7.8 | CVE-2021-47974 |
ExploitDB-50026 Official Product Homepage VulnCheck Advisory: VX Search 13.5.28 Unquoted Service Path Privilege Escalation |
| Wplearnmanager--WP Learn Manager | WP Learn Manager 1.1.2 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the fieldtitle parameter. Attackers can submit POST requests to the jslm_fieldordering page with XSS payloads in the fieldtitle field to execute arbitrary JavaScript when administrators view the field ordering interface. | 2026-05-16 | 7.2 | CVE-2021-47975 |
ExploitDB-50086 Official Product Homepage Product Reference VulnCheck Advisory: WordPress Plugin WP Learn Manager 1.1.2 Stored XSS |
| Gotmls--Malware Security and Bruteforce Firewall | WordPress Plugin Anti-Malware Security and Bruteforce Firewall 4.20.59 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the file parameter. Attackers can send requests to the duplicator_download action via admin-ajax.php with path traversal sequences to access sensitive system files outside the intended directory. | 2026-05-16 | 7.5 | CVE-2021-47977 |
ExploitDB-50107 Official Product Homepage Product Reference VulnCheck Advisory: WordPress Anti-Malware Security Bruteforce Firewall 4.20.59 Directory Traversal |
| Getfuelcms--Fuel CMS | Fuel CMS 1.4.13 contains a blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'col' parameter in the Activity Log interface. Attackers can send requests to the logs endpoint with malicious SQL payloads in the 'col' parameter to extract database information based on response time delays. | 2026-05-16 | 7.1 | CVE-2021-47980 |
ExploitDB-50523 Official Product Homepage Product Reference VulnCheck Advisory: Fuel CMS 1.4.13 Blind SQL Injection via col Parameter |
| GitLab--GitLab | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to cause denial of service by sending specially crafted payloads on certain API endpoints. | 2026-05-14 | 7.5 | CVE-2025-14869 |
HackerOne Bug Bounty Report #3447146 https://gitlab.com/gitlab-org/gitlab/-/work_items/584489 https://about.gitlab.com/releases/2026/05/13/patch-release-gitlab-18-11-3-released/ |
| GitLab--GitLab | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to cause denial of service by sending specially crafted JSON payloads due to insufficient input validation. | 2026-05-14 | 7.5 | CVE-2025-14870 |
HackerOne Bug Bounty Report #3446641 https://gitlab.com/gitlab-org/gitlab/-/work_items/584490 https://about.gitlab.com/releases/2026/05/13/patch-release-gitlab-18-11-3-released/ |
Medium Vulnerabilities
|
Primary Vendor -- Product |
Description | Published | CVSS Score | Source Info | Patch Info |
|---|---|---|---|---|---|
| Simple-Fields--Simple Fields | Simple Fields 0.2 through 0.3.5 WordPress Plugin contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by injecting null bytes into the wp_abspath parameter on PHP versions before 5.3.4. Attackers can supply malicious wp_abspath values to simple_fields.php to include files like /etc/passwd or inject PHP code into Apache logs for remote code execution when allow_url_include is enabled. | 2026-05-17 | 6.2 | CVE-2018-25324 |
ExploitDB-44425 Official Product Homepage Product Reference VulnCheck Advisory: Simple Fields 0.2-0.3.5 Local File Inclusion via wp_abspath |
| zenar--Zenar Content Management System | Zenar Content Management System contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating form parameters in POST requests. Attackers can inject script tags through the current_page parameter sent to the ajax.php endpoint, which reflects unsanitized user input in the response HTML to execute arbitrary JavaScript in victim browsers. | 2026-05-17 | 6.1 | CVE-2018-25331 |
ExploitDB-44664 Official Product Homepage Product Reference VulnCheck Advisory: Zenar Content Management System Cross-Site Scripting via ajax.php |
| Powie--WHOIS Domain Check | Powie's WHOIS Domain Check 0.9.31 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary JavaScript by exploiting unsanitized input fields in plugin settings. Attackers can submit malicious payloads through textarea and input elements in the pwhois_settings.php configuration page to execute JavaScript in the admin context and escalate privileges. | 2026-05-13 | 6.4 | CVE-2020-37225 |
ExploitDB-48656 Official Product Homepage Official Product Homepage Product Reference VulnCheck Advisory: Powie's WHOIS Domain Check 0.9.31 Persistent Cross-Site Scripting |
| Wordpress--Buddypress | WordPress Plugin Buddypress 6.2.0 contains a persistent cross-site scripting vulnerability that allows authenticated attackers with moderator privileges to inject malicious script code through the figure parameter in wp:html blocks. Attackers can inject iframe elements with event handlers like onload that execute when administrators or privileged users preview or view the affected page content, enabling session hijacking and persistent phishing attacks. | 2026-05-16 | 6.4 | CVE-2020-37233 |
ExploitDB-49061 Official Product Homepage VulnCheck Advisory: WordPress Plugin Buddypress 6.2.0 Persistent Cross-Site Scripting |
| Internetdownloadmanager--Internet Download Manager | Internet Download Manager 6.38.12 contains a buffer overflow vulnerability in the Scheduler component that allows local attackers to crash the application by supplying oversized input. Attackers can paste malicious data exceeding 5000 bytes into the 'Open the following file when done' field to trigger a denial of service condition. | 2026-05-16 | 6.2 | CVE-2020-37234 |
ExploitDB-49083 Official Product Homepage Product Reference VulnCheck Advisory: Internet Download Manager 6.38.12 Scheduler Buffer Overflow |
| themeftc--Theme Wibar | WordPress Theme Wibar 1.1.8 contains a stored cross-site scripting vulnerability in the Brand component that allows authenticated users to inject malicious scripts by manipulating the Logo URL parameter. Attackers with editor, administrator, contributor, or author privileges can inject base64-encoded script payloads through the ftc_brand_url input field to execute arbitrary JavaScript when users visit the brand page. | 2026-05-16 | 6.4 | CVE-2020-37235 |
ExploitDB-49107 Official Product Homepage Product Reference VulnCheck Advisory: WordPress Theme Wibar 1.1.8 Stored Cross-Site Scripting via Brand Component |
| Netartmedia--NewsLister | NewsLister contains an authenticated persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the title parameter in the news addition interface. Attackers can inject JavaScript payloads via the title field in the admin panel that execute when news items are viewed by other users. | 2026-05-16 | 6.4 | CVE-2020-37236 |
ExploitDB-49160 Official Product Homepage VulnCheck Advisory: NewsLister Authenticated Persistent Cross-Site Scripting via Admin Panel |
| Compo--Composr CMS | Composr CMS 10.0.34 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the banner management interface. Attackers with admin credentials can inject XSS payloads in the Description field of the Add banner functionality, which execute for all website visitors when they access the home page. | 2026-05-16 | 6.4 | CVE-2020-37237 |
ExploitDB-49190 Official Product Homepage Product Reference VulnCheck Advisory: Composr CMS 10.0.34 Persistent Cross-Site Scripting via banners |
| Cmsmadesimple--CMS Made Simple | CMS Made Simple 2.2.15 contains a stored cross-site scripting vulnerability that allows authenticated users with Content Manager access to inject malicious scripts through SVG file uploads. Attackers can upload SVG files containing embedded JavaScript to the file manager, which executes when other authenticated users access the uploaded file, enabling cookie theft and session hijacking. | 2026-05-16 | 6.4 | CVE-2020-37238 |
ExploitDB-49199 Official Product Homepage Product Reference VulnCheck Advisory: CMS Made Simple 2.2.15 Stored XSS via SVG File Upload |
| Codekernel--Queue Management System | Queue Management System 4.0.0 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through user creation fields. Attackers can insert JavaScript payloads in the First Name, Last Name, and Email fields during user creation, which execute when viewing the User List page. | 2026-05-16 | 6.4 | CVE-2020-37240 |
ExploitDB-49296 Official Product Homepage Product Reference VulnCheck Advisory: Queue Management System 4.0.0 Stored XSS via Add User |
| Supsystic--Backup | Supsystic Backup 2.3.9 contains a local file inclusion vulnerability that allows unauthenticated attackers to read and delete arbitrary files by manipulating the download path parameter. Attackers can modify the download parameter in admin.php requests with directory traversal sequences to access sensitive files like /etc/passwd or delete files via the removeAction parameter. | 2026-05-16 | 6.2 | CVE-2020-37246 |
ExploitDB-49545 Official Product Homepage Product Reference VulnCheck Advisory: WordPress Plugin Supsystic Backup 2.3.9 Local File Inclusion |
| Cookielawinfo--Cookie Law Bar | Cookie Law Bar 1.2.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting unsanitized input to the Bar Message field. Attackers can inject script payloads through the plugin settings page that execute in the browsers of all WordPress users viewing the site, enabling cookie theft and sensitive data exfiltration. | 2026-05-16 | 6.4 | CVE-2021-47957 |
ExploitDB-49905 Official Product Homepage Product Reference VulnCheck Advisory: WordPress Plugin Cookie Law Bar 1.2.1 Stored XSS via clb_bar_msg |
| savsofts--Savsoft Quiz | Savsoft Quiz 5.0 contains a persistent cross-site scripting vulnerability in the user account settings page that allows authenticated attackers to inject malicious HTML and JavaScript code. Attackers can inject script payloads into user profile fields at the edit_user endpoint, which execute in the browsers of users viewing the affected profile after submission. | 2026-05-15 | 6.4 | CVE-2021-47962 |
ExploitDB-49825 Official Product Homepage Product Reference VulnCheck Advisory: Savsoft Quiz 5.0 Persistent Cross-Site Scripting via User Settings |
| Timeclock--PHP Timeclock | PHP Timeclock 1.04 contains multiple cross-site scripting vulnerabilities that allow unauthenticated attackers to inject arbitrary JavaScript by manipulating URL paths and POST parameters. Attackers can append malicious payloads to login.php, timeclock.php, audit.php, and timerpt.php endpoints, or inject code through from_date and to_date parameters in report requests to execute scripts in user browsers. | 2026-05-15 | 6.1 | CVE-2021-47967 |
ExploitDB-49853 Official Product Homepage Product Reference VulnCheck Advisory: PHP Timeclock 1.04 Multiple Cross-Site Scripting via Parameters |
| Podcastgenerator--Podcast Generator | Podcast Generator 3.1 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting unfiltered JavaScript code in the long_description parameter. Attackers can inject script tags through episode creation or editing requests to execute arbitrary JavaScript when other users view the episode details. | 2026-05-15 | 6.4 | CVE-2021-47968 |
ExploitDB-49866 Official Product Homepage Product Reference VulnCheck Advisory: Podcast Generator 3.1 Persistent Cross-Site Scripting via long_description |
| Processmaker--ProcessMaker | ProcessMaker 3.5.4 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting improper path traversal validation. Attackers can send requests with directory traversal sequences to access sensitive system files like /etc/passwd without authentication. | 2026-05-16 | 6.2 | CVE-2021-47978 |
ExploitDB-50229 Official Product Homepage VulnCheck Advisory: ProcessMaker 3.5.4 Local File Inclusion via Path Traversal |
| interactivegeomaps--MapGeo Interactive Geo Maps | The MapGeo - Interactive Geo Maps plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'map' parameter in the display-map shortcode in all versions up to, and including, 1.6.27 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2026-05-14 | 6.1 | CVE-2025-15345 |
https://www.wordfence.com/threat-intel/vulnerabilities/id/bfccbf41-c861-4bf1-b400-7858cb255b9a?source=cve https://research.cleantalk.org/cve-2025-15345 https://plugins.trac.wordpress.org/changeset?old_path=/interactive-geo-maps/tags/1.6.27/src/Plugin/Map.php&new_path=/interactive-geo-maps/tags/1.6.28/src/Plugin/Map.php |
| hwk-fr--Advanced Custom Fields: Extended | The The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 0.9.2.3. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | 2026-05-12 | 6.5 | CVE-2025-15463 |
https://www.wordfence.com/threat-intel/vulnerabilities/id/f8544784-1994-47e2-be39-568d0ab9ee00?source=cve https://plugins.trac.wordpress.org/browser/acf-extended/tags/0.9.2.2/includes/modules/form/module-form-action-email.php#L111 https://plugins.trac.wordpress.org/browser/acf-extended/tags/0.9.2.2/includes/modules/form/module-form-front-render.php#L35 |
| Joomsky--JS Jobs | Joomla! Component Js Jobs 1.2.0 contains a cross-site request forgery vulnerability that allows attackers to perform state-changing actions without token validation. Attackers can craft malicious HTML forms targeting administrative endpoints like job.jobenforcedelete to delete job entries or modify component settings when administrators visit attacker-controlled pages. | 2026-05-17 | 5.3 | CVE-2018-25327 |
ExploitDB-44492 Official Product Homepage Product Reference VulnCheck Advisory: Joomla! Component Js Jobs 1.2.0 Cross-Site Request Forgery |
| Bylancer--Zechat | Zechat 1.5 contains a Cross-Site Request Forgery (CSRF) vulnerability that allows an attacker to change a user's information by bypassing anti-CSRF protections. The application uses a CSRF token, but an attacker can use the hashtag parameter to inject an encoded payload and bypass the CSRF protection, allowing for unauthorized changes to user data. This can be exploited by tricking a user into submitting a crafted form or by using a script to obtain and set the CSRF token. | 2026-05-17 | 5.4 | CVE-2018-25334 |
ExploitDB-44685 Official Product Homepage VulnCheck Advisory: Zechat 1.5 Cross-Site Request Forgery (CSRF) via hashtag parameter |
| Joomlaextensions--Joomla! extension jCart for OpenCart | Joomla jCart for OpenCart 2.3.0.2 contains a cross-site request forgery vulnerability that allows attackers to modify user account information without authentication. Attackers can craft malicious HTML forms targeting endpoints , and to change user credentials, passwords, and affiliate account details when victims visit the attacker-controlled page. | 2026-05-17 | 5.3 | CVE-2018-25336 |
ExploitDB-44788 Official Product Homepage Product Reference VulnCheck Advisory: Joomla jCart for OpenCart 2.3.0.2 Cross-Site Request Forgery |
| Ultimate Member--ultimate-member | WordPress Plugin ultimate-member 2.1.3 contains a local file inclusion vulnerability that allows authenticated attackers to include arbitrary files by manipulating the pack parameter in class-admin-upgrade.php. Attackers can send POST requests with malicious pack values to include unintended PHP files from the packages directory and execute arbitrary code. | 2026-05-13 | 5.5 | CVE-2020-37169 |
ExploitDB-48065 VulnCheck Advisory: WordPress Plugin ultimate-member 2.1.3 Local File Inclusion |
| HUSKY--Products Filter Professional for WooCommerce | WOOF Products Filter for WooCommerce 1.2.3 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by entering XSS payloads in design tab textfields. Attackers can inject JavaScript code through fields like 'Text for block toggle' and 'Custom front css styles' that executes on frontend pages when saved, affecting all site visitors. | 2026-05-13 | 5.5 | CVE-2020-37174 |
ExploitDB-48088 Official Product Homepage Product Reference VulnCheck Advisory: WOOF Products Filter for WooCommerce 1.2.3 Persistent XSS |
| Bloofox--bloofoxCMS | bloofoxCMS 0.5.2.1 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious pages. Attackers can craft hidden forms targeting the admin user creation endpoint to add new administrative accounts with arbitrary credentials without requiring explicit user consent. | 2026-05-16 | 5.3 | CVE-2020-37241 |
ExploitDB-49507 Official Product Homepage Product Reference VulnCheck Advisory: bloofoxCMS 0.5.2.1 Cross-Site Request Forgery via user add |
| MyBB--MyBB Timeline Plugin | MyBB Timeline Plugin 1.0 contains cross-site scripting vulnerabilities that allow attackers to inject malicious scripts through thread titles, post content, and user profile fields like Location and Bio. Attackers can also exploit a cross-site request forgery vulnerability in the timeline.php profile action to change a user's cover picture by crafting malicious forms that execute when victims visit affected profiles. | 2026-05-16 | 5.3 | CVE-2021-47934 |
ExploitDB-49467 Product Reference VulnCheck Advisory: MyBB Timeline Plugin 1.0 Cross-Site Scripting and CSRF |
| CouchCMS--CouchCMS | CouchCMS 2.2.1 contains a cross-site scripting vulnerability that allows authenticated attackers to execute arbitrary JavaScript by uploading malicious SVG files through the file upload functionality. Attackers can upload SVG files containing embedded script tags to the browse.php endpoint, which are then executed in users' browsers when the files are accessed or previewed. | 2026-05-16 | 5.4 | CVE-2021-47955 |
ExploitDB-49636 Official Product Homepage VulnCheck Advisory: CouchCMS 2.2.1 Cross-Site Scripting via SVG File Upload |
| Opensolution--Quick.CMS | Quick.CMS 6.7 contains a cross-site scripting vulnerability in the sliders form that allows authenticated attackers to inject malicious scripts by submitting XSS payloads through the sDescription parameter. Attackers can craft CSRF forms targeting the admin.php?p=sliders-form endpoint to execute arbitrary JavaScript in victim browsers when the form is submitted. | 2026-05-16 | 5.4 | CVE-2021-47981 |
ExploitDB-50530 Official Product Homepage Product Reference VulnCheck Advisory: Quick.CMS 6.7 Cross-Site Scripting via CSRF to Sliders Form |
| WSO2--WSO2 Identity Server | The check user account lock states feature within the email OTP flow fails to validate user input, allowing an attacker to infer the existence of registered user accounts. The discovery of valid usernames can increase the risk of brute-force and social engineering attacks. Attackers can leverage this information to craft targeted phishing campaigns or other malicious activities aimed at tricking users into divulging sensitive data, potentially damaging the organization's reputation and leading to regulatory non-compliance and financial consequences. | 2026-05-11 | 5.3 | CVE-2024-0391 |
https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2024-3115/ |
| Siemens--SIPROTEC 5 6MD84 (CP300) | A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V11.0), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 6MD89 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 6MU85 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7KE85 (CP200) (All versions), SIPROTEC 5 7KE85 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7SA82 (CP100) (All versions >= V7.80), SIPROTEC 5 7SA82 (CP150) (All versions < V11.0), SIPROTEC 5 7SA84 (CP200) (All versions), SIPROTEC 5 7SA86 (CP200) (All versions), SIPROTEC 5 7SA86 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7SA87 (CP200) (All versions), SIPROTEC 5 7SA87 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7SD82 (CP100) (All versions >= V7.80), SIPROTEC 5 7SD82 (CP150) (All versions < V11.0), SIPROTEC 5 7SD84 (CP200) (All versions), SIPROTEC 5 7SD86 (CP200) (All versions), SIPROTEC 5 7SD86 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7SD87 (CP200) (All versions), SIPROTEC 5 7SD87 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7SJ81 (CP100) (All versions >= V7.80), SIPROTEC 5 7SJ81 (CP150) (All versions < V11.0), SIPROTEC 5 7SJ82 (CP100) (All versions >= V7.80), SIPROTEC 5 7SJ82 (CP150) (All versions < V11.0), SIPROTEC 5 7SJ85 (CP200) (All versions), SIPROTEC 5 7SJ85 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7SJ86 (CP200) (All versions), SIPROTEC 5 7SJ86 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7SK82 (CP100) (All versions >= V7.80), SIPROTEC 5 7SK82 (CP150) (All versions < V11.0), SIPROTEC 5 7SK85 (CP200) (All versions), SIPROTEC 5 7SK85 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7SL82 (CP100) (All versions >= V7.80), SIPROTEC 5 7SL82 (CP150) (All versions < V11.0), SIPROTEC 5 7SL86 (CP200) (All versions), SIPROTEC 5 7SL86 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7SL87 (CP200) (All versions), SIPROTEC 5 7SL87 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7SS85 (CP200) (All versions), SIPROTEC 5 7SS85 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7ST85 (CP200) (All versions), SIPROTEC 5 7ST85 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7ST86 (CP300) (All versions < V11.0), SIPROTEC 5 7SX82 (CP150) (All versions < V11.0), SIPROTEC 5 7SX85 (CP300) (All versions < V11.0), SIPROTEC 5 7SY82 (CP150) (All versions < V11.0), SIPROTEC 5 7UM85 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7UT82 (CP100) (All versions >= V7.80), SIPROTEC 5 7UT82 (CP150) (All versions < V11.0), SIPROTEC 5 7UT85 (CP200) (All versions), SIPROTEC 5 7UT85 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7UT86 (CP200) (All versions), SIPROTEC 5 7UT86 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7UT87 (CP200) (All versions), SIPROTEC 5 7UT87 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7VE85 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7VK87 (CP200) (All versions), SIPROTEC 5 7VK87 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7VU85 (CP300) (All versions < V11.0), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V11.0). Affected devices do not use sufficiently random values to create session identifiers. This could allow an unauthenticated remote attacker to brute force a session identifier and gain read access to limited information from the web server without authorization. | 2026-05-12 | 5.3 | CVE-2024-54017 |
https://cert-portal.siemens.com/productcert/html/ssa-786884.html |
| GitLab--GitLab | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.11 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to inject HTML and JavaScript into email notifications sent to other users due to improper input sanitization. | 2026-05-14 | 5.4 | CVE-2025-12669 |
HackerOne Bug Bounty Report #3368096 https://gitlab.com/gitlab-org/gitlab/-/work_items/579385 https://about.gitlab.com/releases/2026/05/13/patch-release-gitlab-18-11-3-released/ |
| ghera74--ilGhera Support System for WooCommerce | The ilGhera Support System for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_ticket_content_callback' function in all versions up to, and including, 1.3.0. This makes it possible for unauthenticated attackers to view any support ticket content, including sensitive customer information and private communications, by providing a ticket ID. | 2026-05-13 | 5.3 | CVE-2025-14033 |
https://www.wordfence.com/threat-intel/vulnerabilities/id/40ceea17-ec60-4775-8495-e2f7643d1b7c?source=cve https://plugins.trac.wordpress.org/browser/wc-support-system/trunk/includes/class-wc-support-system.php#L68 https://plugins.trac.wordpress.org/browser/wc-support-system/tags/1.2.6/includes/class-wc-support-system.php#L68 https://plugins.trac.wordpress.org/browser/wc-support-system/trunk/includes/class-wc-support-system.php#L643 https://plugins.trac.wordpress.org/browser/wc-support-system/tags/1.2.6/includes/class-wc-support-system.php#L643 https://plugins.trac.wordpress.org/browser/wc-support-system/tags/1.3.1/includes/class-wc-support-system.php#L780 |
| stylemix--Cost Calculator Builder | The Cost Calculator Builder plugin for WordPress is vulnerable to Unauthenticated Price Manipulation and Insecure Direct Object Reference (IDOR) in all versions up to, and including, 4.0.1 only when used in combination with Cost Calculator Builder PRO. This is due to the ccb_woocommerce_payment AJAX action being registered via wp_ajax_nopriv, making it accessible to unauthenticated users, and the renderWooCommercePayment() function passing user-controlled data directly to CCBWooCheckout::init() without authorization checks. This makes it possible for unauthenticated attackers to add WooCommerce products to their cart with attacker-controlled prices. | 2026-05-13 | 5.3 | CVE-2025-14755 |
https://www.wordfence.com/threat-intel/vulnerabilities/id/fe684f43-8442-4b29-84a8-da8c6863e62b?source=cve https://plugins.trac.wordpress.org/browser/cost-calculator-builder/tags/3.6.7/includes/classes/CCBOrderController.php#L484 https://plugins.trac.wordpress.org/browser/cost-calculator-builder/tags/3.6.7/includes/classes/CCBAjaxAction.php#L99 |
| wpclever--WPC Badge Management for WooCommerce | The WPC Badge Management for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' attribute of the `wpcbm_best_seller` shortcode in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2026-05-13 | 5.5 | CVE-2025-14767 |
https://www.wordfence.com/threat-intel/vulnerabilities/id/bf02edc9-2bb6-4ceb-b2a1-63f95c8becb3?source=cve https://wordpress.org/plugins/wpc-badge-management https://plugins.trac.wordpress.org/browser/wpc-badge-management/trunk/includes/class-shortcode.php#L98 https://plugins.trac.wordpress.org/changeset/3519100/ |
| Tp-link--TL-WR720NMbps Wireless N Router | TP-Link TL-WR720N wireless router contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious web requests. Attackers can modify port forwarding rules via VirtualServerRpm.htm or change WiFi security settings via WlanSecurityRpm.htm by tricking authenticated users into visiting attacker-controlled pages. | 2026-05-17 | 4.3 | CVE-2018-25321 |
ExploitDB-44335 Official Product Homepage Product Reference VulnCheck Advisory: TP-Link TL-WR720N All Versions CSRF via Administrative Interfaces |
| Joomlaextensions--Joomla! extension JoomOCShop | Joomla JoomOCShop 1.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of authenticated users. Attackers can craft malicious HTML forms targeting account endpoints like /joomoc2/?route=account/edit and to modify user information or reset passwords without user consent. | 2026-05-17 | 4.3 | CVE-2018-25337 |
ExploitDB-44789 Official Product Homepage Product Reference VulnCheck Advisory: Joomla JoomOCShop 1.0 Cross-Site Request Forgery |
| Easy2pilot-v7--Easy2Pilot | Easy2Pilot 7 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized user accounts by tricking authenticated administrators into visiting malicious pages. Attackers can craft HTML forms targeting the admin.php?action=add_user endpoint with POST requests containing username and password parameters to create new administrative accounts without explicit user consent. | 2026-05-13 | 4.3 | CVE-2020-37217 |
ExploitDB-48099 Official Product Homepage VulnCheck Advisory: Easy2Pilot 7 Cross-Site Request Forgery via admin.php |
| CouchCMS--CouchCMS | CouchCMS 2.2.1 contains a server-side request forgery vulnerability that allows authenticated attackers to make arbitrary HTTP requests by uploading malicious SVG files. Attackers can upload SVG files containing external entity references through the browse.php endpoint to access internal services and resources. | 2026-05-15 | 4.3 | CVE-2021-47958 |
ExploitDB-49675 Official Product Homepage VulnCheck Advisory: CouchCMS 2.2.1 Server-Side Request Forgery via SVG upload |
| GitLab--GitLab | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with Guest permissions to view issues in projects they were not authorized to access. | 2026-05-14 | 4.3 | CVE-2025-13874 |
HackerOne Bug Bounty Report #3445398 https://gitlab.com/gitlab-org/gitlab/-/work_items/582634 https://about.gitlab.com/releases/2026/05/13/patch-release-gitlab-18-11-3-released/ |
Low Vulnerabilities
|
Primary Vendor -- Product |
Description | Published | CVSS Score | Source Info | Patch Info |
|---|---|---|---|---|---|
| There were no low vulnerabilities recorded this week. | |||||
Severity Not Yet Assigned
|
Primary Vendor -- Product |
Description | Published | CVSS Score | Source Info | Patch Info |
|---|---|---|---|---|---|
| AMD--AMD Ryzen 5000 Series Desktop Processors with Radeon Graphics | A compromised Trusted OS (TOS) driver could issue a malformed call that could potentially allow memory access outside the intended range resulting in loss of integrity. | 2026-05-15 | not yet calculated | CVE-2021-26380 |
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4017.html https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html |
| AMD--AMD Ryzen 3000 Series Mobile Processors with Radeon Graphics | A TOCTOU (Time-Of-Check to Time-Of-Use) in the graphics interface may allow an attacker to load registers repeatedly creating a race condition potentially leading to a loss of integrity. | 2026-05-15 | not yet calculated | CVE-2022-23826 |
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4017.html https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html |
| KMX--Alien::FreeImage | Alien::FreeImage versions through 1.001 for Perl contains several vulnerable libraries. Alien::FreeImage contains version 3.17.0 of the FreeImage library from 2017, which has known vulnerabilities such as CVE-2015-0852 and CVE-2025-65803. The library embeds other images libraries that also have known vulnerabilities. | 2026-05-11 | not yet calculated | CVE-2022-4988 |
https://freeimage.sourceforge.io/ https://metacpan.org/release/KMX/Alien-FreeImage-1.001/source/src/Source https://nvd.nist.gov/vuln/detail/CVE-2015-0852 https://nvd.nist.gov/vuln/detail/CVE-2025-65803 https://github.com/kmx/alien-freeimage/issues/4 https://github.com/kmx/alien-freeimage/issues/5 |
| n/a--MK-Auth 23.01K4.9 | An arbitrary file upload vulnerability in MK-Auth 23.01K4.9 allows attackers to execute arbitrary code via uploading a crafted PHP file. | 2026-05-12 | not yet calculated | CVE-2023-27753 |
https://github.com/yueslly/MKAUTH-RCE/blob/main/README.md https://github.com/yueslly/MKAUTH-RCE |
| n/a--MK-Auth 23.01K4.9 | An insecure direct object reference in MK-Auth 23.01K4.9 allows attackers to access and send support calls for other users via manipulation of the chamado parameter through a crafted GET request. | 2026-05-12 | not yet calculated | CVE-2023-30059 |
https://github.com/yueslly/MKAUTH-IDOR |
| AMD[.]com--AMD Radeon RX 6000 Series Graphics Products | Improper validation in Power Management Firmware (PMFW) may allow an attacker with privileges to pass malformed workload arguments when exporting table data from SMU to DRAM potentially resulting in a loss of confidentiality and/or availability. | 2026-05-15 | not yet calculated | CVE-2023-31309 |
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html |
| AMD[.]com--AMD Ryzen 5000 Series Mobile Processors with Radeon Graphics | Improperly preserved integrity of hardware configuration state during a power save/restore operation in the AMD Secure Processor (ASP) could allow an attacker with the ability to write outside the trusted memory range (TMR) to change the execution flow of the Video Core Next (VCN) firmware potentially impacting confidentiality, integrity, or availability. | 2026-05-15 | not yet calculated | CVE-2023-31316 |
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4017.html https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html |
| AMD[.]com--AMD Radeon RX 6000 Series Graphics Products | Improper restriction of operations within the bounds of a memory buffer in the AMD secure processer (ASP) could allow an attacker to read or write to protected memory potentially resulting in arbitrary code execution. | 2026-05-15 | not yet calculated | CVE-2023-31317 |
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html |
| AMD[.]com--AMD Instinct MI300X | An out of bounds read in the remote management firmware could allow a privileged attacker read a limited section of memory outside of established bounds potentially resulting in loss of confidentiality or availability. | 2026-05-15 | not yet calculated | CVE-2024-21950 |
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html |
| AMD[.]com--AMD EPYC 4005 Series Processors | Improper Input Validation in the AMD RAID driver could allow an attacker to point to an arbitrary memory location potentially resulting in privilege escalation and arbitrary code execution. | 2026-05-15 | not yet calculated | CVE-2024-21962 |
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4016.html |
| AMD[.]com--AMD EPYC Series 9004 Processors | Improper enforcement of the LFENCE serialization property may allow an attacker to bypass speculation barriers and potentially disclose sensitive information, potentially resulting in loss of confidentiality. | 2026-05-13 | not yet calculated | CVE-2024-36315 |
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3030.html https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4017.html |
| AMD[.]com--AMD Radeon RX 7000 Series Graphics Products | Improper isolation of VCN-JPEG HW register space could allow a malicious Guest Virtual Machine (VM) or a process to perform unauthorized access to the register space of the JPEG cores assigned a victim VM/process, potentially gaining arbitrary read/write access to the victim VM/process data. | 2026-05-15 | not yet calculated | CVE-2024-36323 |
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html |
| AMD[.]com--AMD Radeon PRO V710 | Improper isolation of GPU HW register space could allow a privileged attacker in malicious Guest Virtual Machine (VM) to perform unauthorized access to specific victim range of GPU MMIO register space, potentially causing the host OS to reboot and creating a Denial of Service (DOS) condition. | 2026-05-15 | not yet calculated | CVE-2024-36332 |
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html |
| AMD[.]com--AMD Radeon RX 5000 Series Graphics Products | A DLL hijacking vulnerability in the AMD Cleanup Utility could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. | 2026-05-15 | not yet calculated | CVE-2024-36333 |
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html |
| AMD[.]com--AMD Radeon RX 7000 Series Graphics Products | Improper verification of cryptographic signature in the Radeon RGB tool could allow a malicious file placed in the installation directory to be run with elevated privileges potentially leading to arbitrary code execution. | 2026-05-15 | not yet calculated | CVE-2024-36334 |
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html |
| AMD[.]com--AMD EPYC 4004 | Improper input validation in the AMD OverDrive (AOD) System Management Mode (SMM) module could allow a privileged attacker to perform an out-of-bounds read, potentially resulting in loss of confidentiality. | 2026-05-15 | not yet calculated | CVE-2024-36345 |
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3030.html https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4017.html |
| Checkmk GmbH--Checkmk | Privilege escalation in the mk_mysql agent plugin on Windows in Checkmk <2.4.0p29, <2.3.0p47, and 2.2.0 (EOL) allows a local unprivileged user able to create a Windows service whose name matches 'MySQL' or 'MariaDB' (or with write access to a binary referenced by such a service) to execute arbitrary code in the context of the Checkmk agent service, which typically runs as SYSTEM. | 2026-05-13 | not yet calculated | CVE-2024-47091 |
https://checkmk.com/werk/19198 |
| n/a--Ardupilot | Buffer Overflow vulnerability in Ardupilot rover commit v.c56439b045162058df0ff136afea3081fcd06d38 allows a local attacker to cause a denial of service via the AP_InertialSensor_ADIS1647x.cpp, ArduRover, ADIS1647x Sensor component. | 2026-05-13 | not yet calculated | CVE-2024-48519 |
https://github.com/ArduPilot/ardupilot/issues/27937 |
| n/a--Ardupilot | Buffer Overflow vulnerability in Ardupiot Copter Latest commit 92693e023793133e49a035daf37c14433e484778 allows a local attacker to cause a denial of service via the AP_MSP::loop, AP_MSP, AP_MSP.cpp components. | 2026-05-13 | not yet calculated | CVE-2024-51394 |
https://github.com/ArduPilot/ardupilot/issues/28458 |
| n/a--Ardupilot | Buffer Overflow vulnerability in Ardupiot Copter Latest commit 92693e023793133e49a035daf37c14433e484778 allows a local attacker to cause a denial of service via the AP_SmartAudio::loop, AP_SmartAudio, AP_SmartAudio.cpp components. | 2026-05-13 | not yet calculated | CVE-2024-51395 |
https://github.com/ArduPilot/ardupilot/issues/28374 |
| n/a--FMT-Firmware | Firmament-Autopilot FMT-Firmware commit de5aec was discovered to contain a buffer overflow via the task_mavobc_entry function at /comm/task_comm.c. | 2026-05-13 | not yet calculated | CVE-2024-55045 |
https://github.com/Firmament-Autopilot/FMT-Firmware/issues/133 |
| AMD[.]com--AMD Ryzen 7035 Series Processors with Radeon Graphics (formerly codenamed "Rembrandt R") | An unchecked return value within the AMD Platform Management Framework (PMF) could allow an attacker to read or modify an arbitrary address potentially resulting in loss of confidentiality, integrity, or availability. | 2026-05-15 | not yet calculated | CVE-2025-0028 |
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4015.html |
| AMD[.]com--AMD Ryzen 7040 Series Mobile Processors with Radeon Graphics | Improper access control between the Joint Test Action Group (JTAG) and Advanced Extensible Interface (AXI) could allow an attacker with physical access to read or overwrite the contents of cross-chip debug (XCD) registers potentially resulting in loss of data integrity or confidentiality. | 2026-05-15 | not yet calculated | CVE-2025-0040 |
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4017.html https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html |
| AMD[.]com--AMD Ryzen Al Max+ | An out-of-bounds read in power management firmware by a malicious local attacker with low privileges could potentially lead to a partial loss of confidentiality and availability. | 2026-05-15 | not yet calculated | CVE-2025-0044 |
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html |
| AMD[.]com--Athlon 3000 Series Mobile Processors with Radeon Graphics | Improper Input validation in the AMD Secure Processor (ASP) PCI driver may allow a local attacker to create a buffer overflow condition, potentially resulting in a crash or denial of service | 2026-05-15 | not yet calculated | CVE-2025-0045 |
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4015.html https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3047.html |
| WSO2--WSO2 Identity Server | Due to a lack of user account state validation during authentication, locked user accounts can be successfully authenticated using Magic Link or Pass Key methods. This bypasses the intended security control that should prevent access to accounts that have been locked. This vulnerability may allow unauthorized access to applications and sensitive data associated with accounts that should have been restricted via the account lock mechanism. It also undermines the effectiveness of the account lock mechanism intended to prevent further login attempts. | 2026-05-11 | not yet calculated | CVE-2025-10908 |
https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4388/ |
| Siemens--Simcenter Femap | The affected applications contains a memory corruption vulnerability while parsing specially crafted IPT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-27349, ZDI-CAN-27389) | 2026-05-12 | not yet calculated | CVE-2025-12659 |
https://cert-portal.siemens.com/productcert/html/ssa-870926.html |
| silabs.com--Simplicity SDK | * Countermeasures for DPA within SYMCRYPTO engine on SixG301xxx devices are not sufficiently random and will eventually repeat. * KSU keys using SYMCRYPTO will be impacted by this vulnerability. | 2026-05-15 | not yet calculated | CVE-2025-14972 |
https://community.silabs.com/068Vm00000M3cAX |
| n/a--Intel(R) Ethernet 800 series | Use after free for some Linux kernel driver for the Intel(R) Ethernet 800 series before version 2.3.14 within Ring 0: Kernel may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (high) impacts. | 2026-05-12 | not yet calculated | CVE-2025-27723 |
https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01426.html |
| Garmin[.]com--Garmin WDU | The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows a symlink attack. If a malicious graphics package containing symlinks is uploaded, the web server follows the supplied links when serving content. No mechanisms to restrict those link targets to a specific area of the filesystem is enabled. This allows an attacker to retrieve arbitrary files from the device. | 2026-05-13 | not yet calculated | CVE-2025-27850 |
https://garmin.com https://www8.garmin.com/support/ch.jsp?product=010-02642-00 |
| Garmin[.]com--Garmin WDU | The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows a cross-site origin WebSocket hijacking attack. Among other uses, the WDU utilizes WebSockets to control settings, including administrative settings. This allows a network attacker to take full control of a WDU. To initiate an exploit of this vulnerability, the victim must (1) be utilizing a web browser on a multihomed host that has local interfaces on the Garmin Marine Network as well as another network, and (2) access a malicious third party website created by the attacker. | 2026-05-13 | not yet calculated | CVE-2025-27851 |
https://garmin.com https://www8.garmin.com/support/ch.jsp?product=010-02642-00 |
| Garmin[.]com--Garmin WDU | The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows a reflected cross site scripting (XSS) attack. This allows an attacker on the local network segment to execute arbitrary JavaScript code within the context of the WDU webpage. Full administrator level access to the device is possible. To initiate an exploit of this vulnerability, the victim must execute two actions: (1) view a specific URL served by the WDU, and (2) click an element on the rendered page. | 2026-05-13 | not yet calculated | CVE-2025-27852 |
https://garmin.com https://www8.garmin.com/support/ch.jsp?product=010-02642-00 |
| Garmin[.]com--Garmin WDU | The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows its authentication to be bypassed. The WDU web site only performs authentication with the client within the client's browser. The WebSockets used to communicate with the WDU server do not enforce any authentication. An attacker may bypass all authentication mechanisms by directly utilizing the remote APIs available on the websocket. | 2026-05-13 | not yet calculated | CVE-2025-27853 |
https://garmin.com https://www8.garmin.com/support/ch.jsp?product=010-02642-00 |
| ThreadReadButtons--ThreadReadButtons | striso-control-firmware 54c9722 is vulnerable to Buffer Overflow in function ThreadReadButtons. | 2026-05-13 | not yet calculated | CVE-2025-28343 |
https://github.com/striso/striso-control-firmware/issues/5 |
| AuxJack--AuxJack | striso-control-firmware 54c9722 is vulnerable to Buffer Overflow in function AuxJack. | 2026-05-13 | not yet calculated | CVE-2025-28344 |
https://github.com/striso/striso-control-firmware/issues/6 |
| NXP[.]com--NXP | NXP moal.ko Wi-Fi driver 5.1.7.10 FW version from v17.92.1.p149.43 To v17.92.1.p149.157 was discovered to contain a buffer overflow via the mod_para parameter in the woal_init_module_param function. | 2026-05-13 | not yet calculated | CVE-2025-29338 |
https://www.nxp.com/docs/en/release-note/RN00104.pdf https://github.com/masjadaan/CVE-2025-29338 |
| AMD[.]com--AMD Ryzen 7035 Series Processors with Radeon Graphics (formerly codenamed "Rembrandt R") | An out of bounds write within the AMD Platform Management Framework (PMF) could allow an attacker to execute arbitrary code at an elevated privilege level potentially leading to loss of confidentiality integrity, or availability. | 2026-05-15 | not yet calculated | CVE-2025-29935 |
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4015.html |
| AMD[.]com--AMD Ryzen 7035 Series Processors with Radeon Graphics (formerly codenamed "Rembrandt R") | Improper input validation within the AMD Platform Management Framework (PMF) could allow an attacker to unmap arbitrary memory pages potentially impacting integrity and availability, or allowing privilege escalation resulting in loss of confidentiality. | 2026-05-15 | not yet calculated | CVE-2025-29936 |
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4015.html |
| AMD[.]com--AMD Ryzen 7035 Series Processors with Radeon Graphics (formerly codenamed "Rembrandt R") | An out of bounds read within the AMD Platform Management Framework (PMF) could allow an attacker to trigger a read of an arbitrary memory location potentially resulting in loss of availability or confidentiality. | 2026-05-15 | not yet calculated | CVE-2025-29937 |
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4015.html |
| AMD[.]com--AMD Ryzen 7035 Series Processors with Radeon Graphics (formerly codenamed "Rembrandt R") | An unchecked return value within the AMD Platform Management Framework (PMF) could allow an attacker to write to an arbitrary memory address resulting in denial of service or arbitrary code execution. | 2026-05-15 | not yet calculated | CVE-2025-29938 |
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4015.html |
| AMD[.]com--AMD Ryzen 4000 Series Mobile Processors with Radeon Graphics (formerly codenamed "Renoir") | A buffer overflow vulnerability within AMD Sensor Fusion Hub Driver can allow a local attacker to write out of bounds, potentially resulting in denial of service or crash | 2026-05-15 | not yet calculated | CVE-2025-29944 |
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4015.html |
| Significant-Gravitas--AutoGPT | AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. In AutoGPT, the execution process is recorded to the console (stdout/stderr), and deployed in container mode, which is automatically captured by Docker and stored as "container logs". However, prior to 0.6.32, there is no limit on the log size when the container is deployed. When the number of user accesses is too large, the log on the server disk will be too large, causing disk resource exhaustion and eventually causing DoS. autogpt-platform-beta-v0.6.32 fixes the issue. | 2026-05-13 | not yet calculated | CVE-2025-32425 |
https://github.com/Significant-Gravitas/AutoGPT/security/advisories/GHSA-vw3v-whvp-33v5 https://github.com/Significant-Gravitas/AutoGPT/commit/57a06f70883ce6be18738c6ae8bb41085c71e266 https://github.com/Significant-Gravitas/AutoGPT/blob/62361ccc48327b3124549543b45d933d16f622d2/autogpt_platform/autogpt_libs/autogpt_libs/logging/config.py#L83-L102 https://github.com/Significant-Gravitas/AutoGPT/blob/62361ccc48327b3124549543b45d933d16f622d2/autogpt_platform/docker-compose.platform.yml#L102-L142 |
| Intel[.]com--Intel(R) Server Firmware Update Utility Software | Uncontrolled search path for some Intel(R) Server Firmware Update Utility Software before version 16.0.12. within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | 2026-05-12 | not yet calculated | CVE-2025-35969 |
https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01410.html |
| Intel[.]com--Intel(R) Processors | Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel(R) Processors within VMX non-root (guest) operation may allow an information disclosure. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable data exposure. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (none) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (high), integrity (none) and availability (none) impacts. | 2026-05-12 | not yet calculated | CVE-2025-35979 |
https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01420.html |
| Intel[.]com--Intel Endpoint Management Assistant (EMA) software | Improper input validation for some Intel Endpoint Management Assistant (EMA) software before version 1.14.5 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an unauthenticated user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via adjacent access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | 2026-05-12 | not yet calculated | CVE-2025-35990 |
https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01434.html |
| Intel[.]com--Intel platforms | Improper initialization in the UEFI firmware for some Intel platforms within Ring 0: Bare Metal OS may allow an information disclosure. System software adversary with a privileged user combined with a high complexity attack may enable data exposure. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (none) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | 2026-05-12 | not yet calculated | CVE-2025-35991 |
https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01413.html |
| Intel[.]com--Display Virtualization for Windows OS driver software | Improper buffer restrictions for some Display Virtualization for Windows OS driver software within Ring 2: Device Drivers may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | 2026-05-12 | not yet calculated | CVE-2025-36510 |
https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01430.html |
| Intel[.]com--AI Playground software | Uncontrolled search path for some AI Playground software before version 3.0.0 alpha within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | 2026-05-12 | not yet calculated | CVE-2025-36515 |
https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01438.html |
| This email was sent to nzaowh59yejdvcx52y6d@kill-the-newsletter.com using GovDelivery Communications Cloud, on behalf of: Cybersecurity and Infrastructure Security Agency · 707 17th St, Suite 4000 · Denver, CO 80202 |  |