Vulnerability Summary for the Week of May 11, 2026

Cybersecurity and Infrastructure Security Agency sent this bulletin at 05/18/2026 05:01 PM EDT

Cybersecurity and Infrastructure Security Agency (CISA)

You are subscribed to Vulnerability Bulletins for Cybersecurity and Infrastructure Security Agency. This information has recently been updated and is now available.

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.

 

Vulnerability Summary for the Week of May 11, 2026
05/18/2026 05:00 PM EDT

High Vulnerabilities

Primary
Vendor -- Product		 Description Published CVSS Score Source Info Patch Info
acl--ACL Analytics ACL Analytics versions 11.x through 13.0.0.579 contain an arbitrary code execution vulnerability that allows attackers to execute arbitrary commands by leveraging the EXECUTE function. Attackers can use bitsadmin to download malicious PowerShell scripts and execute them with system privileges to establish reverse shells and gain complete system control. 2026-05-17 9.8 CVE-2018-25320 ExploitDB-44281
Official Product Homepage
Product Reference
VulnCheck Advisory: ACL Analytics 11.x - 13.0.0.579 Arbitrary Code Execution
 
gitbucket--GitBucket GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands by exploiting weak secret token generation and insecure file upload functionality. Attackers can brute-force the Blowfish encryption key, upload a malicious JAR plugin via the git-lfs endpoint, and execute system commands through an exposed exploit endpoint. 2026-05-17 9.8 CVE-2018-25332 ExploitDB-44668
Official Product Homepage
Product Reference
VulnCheck Advisory: GitBucket 4.23.1 Unauthenticated Remote Code Execution
 
peugeot-music-plugin--Peugeot Music WordPress Plugin Peugeot Music 1.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the upload.php endpoint. Attackers can upload files with arbitrary extensions by manipulating the 'name' parameter to execute code from the uploads directory. 2026-05-17 9.8 CVE-2018-25335 ExploitDB-44737
VulnCheck Advisory: WordPress Plugin Peugeot Music 1.0 Arbitrary File Upload
 
Paiement--Ecommerce Systempay Ecommerce Systempay 1.0 contains a weak cryptographic implementation vulnerability that allows attackers to brute force the 16-character production secret key used for payment signature generation. Attackers can extract payment form data and signatures from POST requests to the payment endpoint, then use SHA1 hash comparison to iteratively test key candidates until discovering the correct production key, enabling them to forge valid payment signatures and manipulate transaction amounts. 2026-05-13 9.8 CVE-2020-37168 ExploitDB-48017
Official Product Homepage
Product Reference
VulnCheck Advisory: Ecommerce Systempay 1.0 Production Key Brute Force
 
Yerootech--iDS6 DSSPro Digital Signage System iDS6 DSSPro Digital Signage System 6.2 contains a CAPTCHA security bypass vulnerability that allows attackers to bypass authentication by requesting the autoLoginVerifyCode object. Attackers can retrieve valid CAPTCHA codes via the login endpoint and use them to perform brute-force attacks against user accounts. 2026-05-16 9.8 CVE-2020-37228 ExploitDB-48991
Vulnerability Advisory
Official Product Homepage
VulnCheck Advisory: iDS6 DSSPro Digital Signage System 6.2 CAPTCHA Security Bypass
 
Gegl--libbabl libbabl 0.1.62 contains a broken double free detection vulnerability that allows attackers to bypass memory safety checks by exploiting signature overwriting in freed chunks. Attackers can call babl_free() twice on the same pointer without triggering detection, as libc's malloc metadata overwrites babl's signature field upon freeing, enabling potential memory corruption and code execution. 2026-05-16 9.8 CVE-2020-37239 ExploitDB-49259
Official Product Homepage
Product Reference
VulnCheck Advisory: libbabl 0.1.62 Broken Double Free Detection Memory Safety
 
Jsonpickle--python jsonpickle python jsonpickle 2.0.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary Python commands by deserializing malicious JSON payloads containing py/repr objects. Attackers can craft JSON strings with py/repr directives that invoke the eval function during deserialization to execute system commands and arbitrary code. 2026-05-16 9.8 CVE-2021-47952 ExploitDB-49585
Official Product Homepage
Product Reference
VulnCheck Advisory: python jsonpickle 2.0.0 Remote Code Execution via py/repr
 
wp-super-edit--WP Super Edit WordPress Plugin WP Super Edit 2.5.4 and earlier contains an unrestricted file upload vulnerability in the FCKeditor component that allows attackers to upload dangerous file types without validation. Attackers can upload arbitrary files through the filemanager upload endpoint to achieve remote code execution and complete system compromise. 2026-05-15 9.8 CVE-2021-47965 ExploitDB-49839
Official Product Homepage
Product Reference
VulnCheck Advisory: WordPress Plugin WP Super Edit 2.5.4 Unrestricted File Upload
 
Akilli Commerce Software Technologies Ltd. Co.--E-Commerce Website Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows Blind SQL Injection. This issue affects E-Commerce Website: before 4.5.001. 2026-05-14 9.8 CVE-2025-11024 https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0222
 
Hitachi Vantara--Pentaho Data Integration and Analytics Hitachi Vantara Pentaho Data Integration & Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to external script execution when a new connection is created by a data source administrator. 2026-05-13 9.1 CVE-2025-11159 https://support.pentaho.com/hc/en-us/articles/39954640408077--Resolved-Hitachi-Vantara-Pentaho-Data-Integration-Analytics-Dependency-on-Vulnerable-Third-Party-Component-Versions-before-10-2-0-7-and-11-0-0-0-Impacted-CVE-2025-11159
 
alloksoft--Fast AVI MPEG Splitter Allok Fast AVI MPEG Splitter 1.2 contains a stack based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious license name string. Attackers can craft a payload with 780 bytes of junk data followed by structured shellcode and place it in the License Name field to trigger the overflow and execute code with application privileges. 2026-05-17 8.4 CVE-2018-25322 ExploitDB-44341
Official Product Homepage
Product Reference
VulnCheck Advisory: Allok Fast AVI MPEG Splitter 1.2 Stack Based Buffer Overflow
 
Alloksoft--Allok AVI DivX MPEG to DVD Converter Allok AVI DivX MPEG to DVD Converter 2.6.1217 contains a structured exception handler buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload. Attackers can craft a text file with a specially crafted buffer containing shellcode and SEH chain overwrite values, then paste the contents into the License Name field to trigger code execution. 2026-05-17 8.4 CVE-2018-25323 ExploitDB-44363
VulnCheck Advisory: Allok AVI DivX MPEG to DVD Converter 2.6.1217 Buffer Overflow SEH
 
vxsearch--VX Search VX Search 10.6.18 contains a local buffer overflow vulnerability that allows attackers to overwrite the instruction pointer by supplying an oversized string in the directory field. Attackers can craft a malicious input file containing 271 bytes of junk data followed by a return address to execute arbitrary code with application privileges. 2026-05-17 8.4 CVE-2018-25328 ExploitDB-44494
Official Product Homepage
Official Product Homepage
VulnCheck Advisory: VX Search 10.6.18 Local Buffer Overflow via Directory Field
 
Joomlaextensions--Joomla! extension EkRishta Joomla! extension EkRishta 2.10 contains persistent cross-site scripting and SQL injection vulnerabilities that allow attackers to inject malicious code through profile fields and POST parameters. Attackers can inject script payloads in profile information fields like Address that execute when users visit the profile, or submit SQL injection payloads via the phone_no parameter to the user_setting endpoint to manipulate database queries. 2026-05-17 8.2 CVE-2018-25330 ExploitDB-44660
Official Product Homepage
Product Reference
VulnCheck Advisory: Joomla! EkRishta 2.10 Persistent XSS and SQL Injection
 
nordex-online--N149 Wind Turbine Web Server Nordex N149/4.0-4.5 Wind Turbine Web Server 4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the login parameter in login.php. Attackers can submit crafted POST requests with SQL injection payloads in the login field to extract sensitive database information and bypass authentication mechanisms. 2026-05-17 8.2 CVE-2018-25333 ExploitDB-44684
Official Product Homepage
VulnCheck Advisory: Nordex N149/4.0-4.5 Wind Turbine Web Server SQL Injection
 
Bylancer--Zechat Zechat 1.5 contains a SQL injection vulnerability in the hashtag parameter that allows unauthenticated attackers to extract database information using union-based techniques. Attackers can exploit the hashtag parameter with union-based payloads to retrieve table and column names. 2026-05-17 8.2 CVE-2018-25338 ExploitDB-44685
Official Product Homepage
VulnCheck Advisory: Zechat 1.5 SQL Injection via hashtag parameter
 
Bylancer--Zechat Zechat 1.5 contains a SQL injection vulnerability in the v parameter that allows unauthenticated attackers to extract database information using time-based blind techniques. Attackers can exploit the v parameter with sleep-based blind injection to confirm vulnerability and extract data. 2026-05-17 8.2 CVE-2018-25339 ExploitDB-44685
Official Product Homepage
VulnCheck Advisory: Zechat 1.5 SQL Injection via v parameter (time-based blind)
 
Hdwplayer--com_hdwplayer Joomla com_hdwplayer 4.2 contains an SQL injection vulnerability in the search.php file that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the hdwplayersearch parameter. Attackers can submit POST requests with crafted SQL payloads in the hdwplayersearch parameter to extract sensitive database information from the hdwplayer_videos table. 2026-05-13 8.2 CVE-2020-37218 ExploitDB-48242
Official Product Homepage
Product Reference
VulnCheck Advisory: Joomla com_hdwplayer 4.2 SQL Injection via search.php
 
Drive-software--Atomic Alarm Clock Atomic Alarm Clock 6.3 contains a stack overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string to the display name textbox in the Time Zones Clock configuration. Attackers can craft a buffer with structured exception handling overwrite and encoded shellcode to bypass SafeSEH protections and execute arbitrary commands with application privileges. 2026-05-13 8.4 CVE-2020-37221 ExploitDB-48346
VulnCheck Advisory: Atomic Alarm Clock 6.3 Stack Overflow via SEH Unicode
 
Heliossolutions--HS Brand Logo Slider HS Brand Logo Slider 2.1 contains an unrestricted file upload vulnerability that allows authenticated users to bypass client-side file extension validation by uploading arbitrary files. Attackers can intercept upload requests to the logoupload parameter in the admin interface and rename files to executable extensions .php to achieve remote code execution. 2026-05-16 8.8 CVE-2020-37227 ExploitDB-48913
Official Product Homepage
Product Reference
VulnCheck Advisory: WordPress Plugin HS Brand Logo Slider 2.1 Unrestricted File Upload
 
Supsystic--Ultimate Maps Supsystic Ultimate Maps 1.1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'sidx' GET parameter. Attackers can send crafted requests to the getListForTbl action with boolean-based blind or time-based blind SQL injection payloads to extract sensitive database information. 2026-05-16 8.2 CVE-2020-37242 ExploitDB-49532
Official Product Homepage
Product Reference
VulnCheck Advisory: WordPress Plugin Supsystic Ultimate Maps 1.1.12 SQL Injection via sidx
 
Supsystic--Pricing Table Supsystic Pricing Table 1.8.7 contains an SQL injection vulnerability in the 'sidx' GET parameter that allows unauthenticated attackers to execute arbitrary SQL queries through the getListForTbl action. The plugin also contains stored cross-site scripting vulnerabilities in the 'Edit name' and 'Edit HTML' fields that execute malicious scripts when viewing pricing tables. 2026-05-16 8.2 CVE-2020-37243 ExploitDB-49533
Official Product Homepage
Product Reference
VulnCheck Advisory: WordPress Plugin Supsystic Pricing Table 1.8.7 SQL Injection XSS
 
Supsystic--Membership Supsystic Membership 1.4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'search' and 'sidx' parameters. Attackers can send GET requests to the badges module with crafted payloads to extract sensitive database information using time-based blind or UNION-based SQL injection techniques. 2026-05-16 8.2 CVE-2020-37244 ExploitDB-49540
Official Product Homepage
Product Reference
VulnCheck Advisory: WordPress Plugin Supsystic Membership 1.4.7 SQL Injection via sidx
 
LayerBB--LayerBB LayerBB 1.1.4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the search_query parameter. Attackers can send POST requests to /search.php with malicious search_query values using CASE WHEN statements to extract sensitive database information. 2026-05-16 8.2 CVE-2021-47954 ExploitDB-49593
VulnCheck Advisory: LayerBB 1.1.4 SQL Injection via search_query Parameter
 
Egavilanmedia--EgavilanMedia PHPCRUD EgavilanMedia PHPCRUD 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the firstname parameter. Attackers can send POST requests to insert.php with malicious firstname values to extract sensitive database information. 2026-05-16 8.2 CVE-2021-47956 ExploitDB-49878
Official Product Homepage
Product Reference
VulnCheck Advisory: EgavilanMedia PHPCRUD 1.0 SQL Injection via firstname
 
Schlix--Schlix CMS Schlix CMS 2.2.6-6 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious extension packages through the block manager. Attackers can upload a crafted ZIP file containing PHP code in the packageinfo.inc file and trigger execution by accessing the About tab of the installed extension. 2026-05-15 8.8 CVE-2021-47964 ExploitDB-49838
Official Product Homepage
Product Reference
VulnCheck Advisory: Schlix CMS 2.2.6-6 Remote Code Execution via core.blockmanager
 
Timeclock--PHP Timeclock PHP Timeclock 1.04 contains time-based and boolean-based blind SQL injection vulnerabilities in the login_userid parameter of login.php that allows unauthenticated attackers to extract database contents. Attackers can submit crafted POST requests with SQL payloads using SLEEP functions or RLIKE conditional statements to dump sensitive database information including employee names and credentials. 2026-05-15 8.2 CVE-2021-47966 ExploitDB-49849
Official Product Homepage
Product Reference
VulnCheck Advisory: PHP Timeclock 1.04 SQL Injection via login.php
 
Textpattern--TextPattern CMS TextPattern CMS 4.9.0-dev contains a remote code execution vulnerability that allows authenticated attackers to upload arbitrary PHP files by exploiting the plugin upload functionality. Attackers can authenticate, retrieve a CSRF token from the plugin event page, and upload malicious PHP files to the textpattern/tmp/ directory for code execution. 2026-05-16 8.8 CVE-2021-47976 ExploitDB-50095
Official Product Homepage
Product Reference
VulnCheck Advisory: TextPattern CMS 4.9.0-dev Authenticated Remote Code Execution via Plugin Upload
 
Miniorange--Backup and Restore WordPress Plugin Backup and Restore 1.0.3 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating parameters in AJAX requests. Attackers can send POST requests to admin-ajax.php with crafted file_name and folder_name parameters to delete arbitrary files from the WordPress installation directory. 2026-05-16 8.8 CVE-2021-47979 ExploitDB-50503
Official Product Homepage
Product Reference
VulnCheck Advisory: WordPress Plugin Backup and Restore 1.0.3 Arbitrary File Deletion
 
WSO2--WSO2 Identity Server The Magic Link authentication flow accepts multiple invalid authentication requests without adequate rate limiting or resource control, leading to uncontrolled memory usage growth. This vulnerability can result in a denial-of-service condition, causing service unavailability for deployments that utilize the Magic Link authenticator. The impact is limited to these specific deployments and requires repeated invalid authentication attempts to trigger. 2026-05-11 8.6 CVE-2025-10470 https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4469/
 
APPYAP Technology and Information Inc.--Yaay Social Media App Authorization bypass through User-Controlled key vulnerability in APPYAP Technology and Information Inc. Yaay Social Media App allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Yaay Social Media App: from 3.8.0 through 24102025. 2026-05-14 8.8 CVE-2025-12008 https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0238
 
Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc.--Library Automation System Incorrect Authorization vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Library Automation System: from v.19.5 before v.22.1. 2026-05-14 8.8 CVE-2025-15023 https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0240
 
Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc.--Library Automation System Improper Control of Generation of Code ('Code Injection') vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Remote Code Inclusion. This issue affects Library Automation System: from v.19.5 before v.22.1. 2026-05-14 8.8 CVE-2025-15024 https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0240
 
Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc.--Library Automation System Authorization bypass through User-Controlled key vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Exploitation of Trusted Identifiers. This issue affects Library Automation System: from v.21.6 before v.22.1. 2026-05-14 8.8 CVE-2025-15025 https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0240
 
wende60--Redaxo CMS Addon MyEvents Redaxo CMS Addon MyEvents 2.2.1 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the myevents_id parameter. Attackers can send GET requests to the event_add.php page with malicious myevents_id values to extract or modify sensitive database information. 2026-05-17 7.1 CVE-2018-25319 ExploitDB-44261
Official Product Homepage
VulnCheck Advisory: Redaxo CMS Addon MyEvents 2.2.1 SQL Injection via event_add.php
 
woocommerce-csvimport--WooCommerce CSV-Importer Woocommerce CSV Importer 3.3.6 contains a path traversal vulnerability that allows any registered user to delete arbitrary files by submitting unescaped filenames through the delete_export_file AJAX action. Attackers can craft POST requests with directory traversal sequences in the filename parameter to delete sensitive files like wp-config.php outside the intended export directory. 2026-05-17 7.5 CVE-2018-25325 ExploitDB-44433
Official Product Homepage
VulnCheck Advisory: Woocommerce CSV Importer 3.3.6 Path Traversal File Deletion
 
wp-google-drive--Google Drive Google Drive for WordPress 2.2 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by injecting directory traversal sequences in the file_name parameter. Attackers can send POST requests to gdrive-ajaxs.php with the ajaxstype parameter set to del_fl_bkp and file_name containing traversal sequences ../../wp-config.php to access sensitive configuration files. 2026-05-17 7.5 CVE-2018-25326 ExploitDB-44435
Official Product Homepage
VulnCheck Advisory: Google Drive for WordPress 2.2 Path Traversal RCE via gdrive-ajaxs.php
 
wp-with-spritz--WP with Spritz WordPress Plugin WP with Spritz 1.0 contains a remote file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by injecting file paths into the url parameter. Attackers can send GET requests to wp.spritz.content.filter.php with malicious url values to access sensitive files like system configuration and credentials. 2026-05-17 7.5 CVE-2018-25329 ExploitDB-44544
Product Reference
VulnCheck Advisory: WordPress Plugin WP with Spritz 1.0 Remote File Inclusion
 
Fabrikar--com_fabrik Joomla com_fabrik 3.9.11 contains a directory traversal vulnerability that allows unauthenticated attackers to list arbitrary files by manipulating the folder parameter. Attackers can send GET requests to the onAjax_files method with path traversal sequences to enumerate files in system directories outside the intended web root. 2026-05-13 7.5 CVE-2020-37219 ExploitDB-48263
Official Product Homepage
Product Reference
VulnCheck Advisory: Joomla com_fabrik 3.9.11 Directory Traversal via image.php
 
www.huawei.com--Huawei HG630 Router Huawei HG630 V2 router contains an authentication bypass vulnerability that allows unauthenticated attackers to obtain administrative access by retrieving the device serial number. Attackers can query the /api/system/deviceinfo endpoint without authentication to extract the SerialNumber field, then use the last 8 characters as the default password to login to the router. 2026-05-13 7.5 CVE-2020-37220 ExploitDB-48310
Reference
VulnCheck Advisory: Huawei HG630 V2 Router Authentication Bypass via Serial Number
 
Kuicms--Kuicms Php EE Kuicms Php EE 2.0 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted content through the bbs reply endpoint. Attackers can send POST requests to /web/?c=bbs&a=reply with HTML and JavaScript payloads in the content parameter to execute arbitrary scripts in users' browsers. 2026-05-13 7.2 CVE-2020-37222 ExploitDB-48526
Official Product Homepage
Product Reference
VulnCheck Advisory: Kuicms Php EE 2.0 Persistent Cross-Site Scripting via bbs reply
 
Iobit--IObit Uninstaller IObit Uninstaller 9.5.0.15 contains an unquoted service path vulnerability in the IObitUnSvr service that allows local attackers to escalate privileges to SYSTEM level. Attackers can place a malicious executable named IObit.exe in the C:\Program Files (x86)\IObit directory and restart the service to execute code with SYSTEM privileges. 2026-05-13 7.8 CVE-2020-37223 ExploitDB-48543
Official Product Homepage
Product Reference
VulnCheck Advisory: IObit Uninstaller 9.5.0.15 Unquoted Service Path Privilege Escalation
 
Joomsky--J2 JOBS Joomla J2 JOBS 1.3.0 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'sortby' parameter. Attackers can send POST requests to the administrator index with malicious 'sortby' values to extract sensitive database information. 2026-05-13 7.1 CVE-2020-37224 ExploitDB-48648
Official Product Homepage
Product Reference
VulnCheck Advisory: Joomla J2 JOBS 1.3.0 Authenticated SQL Injection via sortby
 
Joomsky--J2 JOBS Joomla J2 JOBS 1.3.0 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'sortby' parameter. Attackers can send POST requests to the administrator index with malicious 'sortby' values to extract sensitive database information using automated tools. 2026-05-13 7.1 CVE-2020-37226 ExploitDB-48670
Official Product Homepage
Product Reference
VulnCheck Advisory: Joomla J2 JOBS 1.3.0 Authenticated SQL Injection via sortby
 
Oki--OKI sPSV Port Manager OKI sPSV Port Manager 1.0.41 contains an unquoted service path vulnerability in the sPSVOpLclSrv service that allows local attackers to escalate privileges by inserting executable files into the unquoted path. Attackers can place a malicious executable in a directory within the service path that will execute with LocalSystem privileges when the service restarts or the system reboots. 2026-05-16 7.8 CVE-2020-37229 ExploitDB-49005
Official Product Homepage
Product Reference
VulnCheck Advisory: OKI sPSV Port Manager 1.0.41 Unquoted Service Path Privilege Escalation
 
Syncplify--Syncplify.me Server! Syncplify.me Server! 5.0.37 contains an unquoted service path vulnerability in the SMWebRestServicev5 service that allows local attackers to escalate privileges by exploiting the unquoted binary path. Attackers can insert a malicious executable into the service path and execute it with LocalSystem privileges when the service restarts or the system reboots. 2026-05-16 7.8 CVE-2020-37230 ExploitDB-49009
Official Product Homepage
Product Reference
VulnCheck Advisory: Syncplify.me Server! 5.0.37 Unquoted Service Path Privilege Escalation
 
Cybertronsoft--Privacy Drive Privacy Drive 3.17.0 contains an unquoted service path vulnerability in the pdsvc.exe service binary that allows local attackers to escalate privileges by exploiting the service startup process. Attackers can place malicious executables in the unquoted path directories to execute arbitrary code with LocalSystem privileges during service startup or system reboot. 2026-05-16 7.8 CVE-2020-37231 ExploitDB-49023
Official Product Homepage
Product Reference
VulnCheck Advisory: Privacy Drive 3.17.0 Unquoted Service Path Privilege Escalation
 
Iobit--Advanced System Care Service Advanced System Care Service 13.0.0.157 contains an unquoted service path vulnerability in the AdvancedSystemCareService13 service binary path that allows local attackers to escalate privileges. Attackers can place malicious executables in the system root path that will be executed with LocalSystem privileges during service startup or system reboot. 2026-05-16 7.8 CVE-2020-37232 ExploitDB-49049
Official Product Homepage
Product Reference
VulnCheck Advisory: Advanced System Care Service 13.0.0.157 Unquoted Service Path Privilege Escalation
 
Supsystic--Digital Publications Supsystic Digital Publications 1.6.9 contains a path traversal vulnerability in the Folder input field that allows attackers to access files outside the web root by injecting directory traversal sequences. Additionally, the plugin fails to sanitize input fields in publication settings, allowing stored cross-site scripting attacks through script injection in parameters like Area Width and Publication Width that execute when publications are viewed or edited. 2026-05-16 7.5 CVE-2020-37245 ExploitDB-49542
Official Product Homepage
Product Reference
VulnCheck Advisory: WordPress Plugin Supsystic Digital Publications 1.6.9 Path Traversal XSS
 
Kite--Kite Kite 4.2.0.1 U1 contains an unquoted service path vulnerability in the KiteService Windows service that allows local attackers to escalate privileges by exploiting the service binary path. Attackers can place a malicious executable in the Program Files directory to be executed with LocalSystem privileges when the service starts. 2026-05-16 7.8 CVE-2020-37247 ExploitDB-50975
Official Product Homepage
VulnCheck Advisory: Kite 4.2.0.1 U1 Unquoted Service Path Privilege Escalation
 
Home-Assistant--Home Assistant Community Store (HACS) Home Assistant Community Store (HACS) 1.10.0 contains a path traversal vulnerability that allows unauthenticated attackers to read sensitive files by traversing directories via the /hacsfiles/ endpoint. Attackers can retrieve the .storage/auth file containing user credentials and refresh tokens, then craft valid JWT tokens to gain administrative access to Home Assistant instances. 2026-05-16 7.5 CVE-2021-47942 ExploitDB-49495
Official Product Homepage
Product Reference
VulnCheck Advisory: Home Assistant Community Store 1.10.0 Path Traversal Account Takeover
 
Wpgraphql--WPGraphQL WordPress Plugin WPGraphQL 1.3.5 contains a denial of service vulnerability that allows unauthenticated attackers to exhaust server resources by sending batched GraphQL queries with duplicated fields. Attackers can send POST requests to the GraphQL endpoint with amplified field duplication payloads to trigger server out-of-memory conditions and MySQL connection errors. 2026-05-15 7.5 CVE-2021-47959 ExploitDB-49807
Official Product Homepage
VulnCheck Advisory: WordPress Plugin WPGraphQL 1.3.5 Denial of Service
 
AnotherNote--Anote Anote 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to execute arbitrary code by injecting malicious payloads into markdown files stored within the application. Attackers can craft malicious markdown files with embedded JavaScript that executes system commands when opened, enabling remote code execution on the victim's computer. 2026-05-15 7.2 CVE-2021-47963 ExploitDB-49836
Official Product Homepage
VulnCheck Advisory: Anote 1.0 Persistent Cross-Site Scripting Remote Code Execution
 
color-notes--Color Notes Color Notes 1.4 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note fields. Attackers can generate a payload containing 350,000 repeated characters and paste it twice into a new note to cause the application to stop responding. 2026-05-16 7.5 CVE-2021-47969 ExploitDB-49952
VulnCheck Advisory: Color Notes 1.4 Denial of Service via Long Character String
 
macaron-notes-great-notebook--Macaron Notes Gear Notebook Macaron Notes 5.5 contains a denial of service vulnerability that allows attackers to crash the application by creating notes with excessively long character strings. Attackers can generate a payload containing 350000 repeated characters and paste it into a note field to trigger application crash and stop functionality. 2026-05-16 7.5 CVE-2021-47970 ExploitDB-49953
VulnCheck Advisory: Macaron Notes 5.5 Denial of Service via Buffer Overflow
 
my-notes-safe--My Notes Safe My Notes Safe 5.3 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note fields. Attackers can generate a payload containing 350000 repeated characters and paste it twice into a new note to trigger an application crash. 2026-05-16 7.5 CVE-2021-47971 ExploitDB-49954
VulnCheck Advisory: My Notes Safe 5.3 Denial of Service via Buffer Overflow
 
sticky-notes-color-widgets--Sticky Notes Color Widgets Sticky Notes & Color Widgets 1.4.2 contains a denial of service vulnerability that allows attackers to crash the application by creating notes with excessively long character strings. Attackers can paste large payloads of repeated characters into note fields to trigger application crashes and make the application stop responding. 2026-05-16 7.5 CVE-2021-47972 ExploitDB-49957
VulnCheck Advisory: Sticky Notes & Color Widgets 1.4.2 Denial of Service
 
sticky-notes--Sticky Notes Widget Sticky Notes Widget 3.0.6 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note fields. Attackers can generate a payload containing 350000 repeated characters and paste it twice into a new note to trigger an application crash on iOS devices. 2026-05-16 7.5 CVE-2021-47973 ExploitDB-49978
VulnCheck Advisory: Sticky Notes Widget 3.0.6 Denial of Service via Buffer Overflow
 
Vxsearch--VX Search VX Search 13.5.28 contains an unquoted service path vulnerability in both VX Search Server and VX Search Enterprise services that allows local attackers to escalate privileges. Attackers can place malicious executables in unquoted path directories like C:\Program Files\VX Search to execute arbitrary code with LocalSystem privileges when services restart. 2026-05-16 7.8 CVE-2021-47974 ExploitDB-50026
Official Product Homepage
VulnCheck Advisory: VX Search 13.5.28 Unquoted Service Path Privilege Escalation
 
Wplearnmanager--WP Learn Manager WP Learn Manager 1.1.2 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the fieldtitle parameter. Attackers can submit POST requests to the jslm_fieldordering page with XSS payloads in the fieldtitle field to execute arbitrary JavaScript when administrators view the field ordering interface. 2026-05-16 7.2 CVE-2021-47975 ExploitDB-50086
Official Product Homepage
Product Reference
VulnCheck Advisory: WordPress Plugin WP Learn Manager 1.1.2 Stored XSS
 
Gotmls--Malware Security and Bruteforce Firewall WordPress Plugin Anti-Malware Security and Bruteforce Firewall 4.20.59 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the file parameter. Attackers can send requests to the duplicator_download action via admin-ajax.php with path traversal sequences to access sensitive system files outside the intended directory. 2026-05-16 7.5 CVE-2021-47977 ExploitDB-50107
Official Product Homepage
Product Reference
VulnCheck Advisory: WordPress Anti-Malware Security Bruteforce Firewall 4.20.59 Directory Traversal
 
Getfuelcms--Fuel CMS Fuel CMS 1.4.13 contains a blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'col' parameter in the Activity Log interface. Attackers can send requests to the logs endpoint with malicious SQL payloads in the 'col' parameter to extract database information based on response time delays. 2026-05-16 7.1 CVE-2021-47980 ExploitDB-50523
Official Product Homepage
Product Reference
VulnCheck Advisory: Fuel CMS 1.4.13 Blind SQL Injection via col Parameter
 
GitLab--GitLab GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to cause denial of service by sending specially crafted payloads on certain API endpoints. 2026-05-14 7.5 CVE-2025-14869 HackerOne Bug Bounty Report #3447146
https://gitlab.com/gitlab-org/gitlab/-/work_items/584489
https://about.gitlab.com/releases/2026/05/13/patch-release-gitlab-18-11-3-released/
 
GitLab--GitLab GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to cause denial of service by sending specially crafted JSON payloads due to insufficient input validation. 2026-05-14 7.5 CVE-2025-14870 HackerOne Bug Bounty Report #3446641
https://gitlab.com/gitlab-org/gitlab/-/work_items/584490
https://about.gitlab.com/releases/2026/05/13/patch-release-gitlab-18-11-3-released/
 

Back to top

Medium Vulnerabilities

Primary
Vendor -- Product		 Description Published CVSS Score Source Info Patch Info
Simple-Fields--Simple Fields Simple Fields 0.2 through 0.3.5 WordPress Plugin contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by injecting null bytes into the wp_abspath parameter on PHP versions before 5.3.4. Attackers can supply malicious wp_abspath values to simple_fields.php to include files like /etc/passwd or inject PHP code into Apache logs for remote code execution when allow_url_include is enabled. 2026-05-17 6.2 CVE-2018-25324 ExploitDB-44425
Official Product Homepage
Product Reference
VulnCheck Advisory: Simple Fields 0.2-0.3.5 Local File Inclusion via wp_abspath
 
zenar--Zenar Content Management System Zenar Content Management System contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating form parameters in POST requests. Attackers can inject script tags through the current_page parameter sent to the ajax.php endpoint, which reflects unsanitized user input in the response HTML to execute arbitrary JavaScript in victim browsers. 2026-05-17 6.1 CVE-2018-25331 ExploitDB-44664
Official Product Homepage
Product Reference
VulnCheck Advisory: Zenar Content Management System Cross-Site Scripting via ajax.php
 
Powie--WHOIS Domain Check Powie's WHOIS Domain Check 0.9.31 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary JavaScript by exploiting unsanitized input fields in plugin settings. Attackers can submit malicious payloads through textarea and input elements in the pwhois_settings.php configuration page to execute JavaScript in the admin context and escalate privileges. 2026-05-13 6.4 CVE-2020-37225 ExploitDB-48656
Official Product Homepage
Official Product Homepage
Product Reference
VulnCheck Advisory: Powie's WHOIS Domain Check 0.9.31 Persistent Cross-Site Scripting
 
Wordpress--Buddypress WordPress Plugin Buddypress 6.2.0 contains a persistent cross-site scripting vulnerability that allows authenticated attackers with moderator privileges to inject malicious script code through the figure parameter in wp:html blocks. Attackers can inject iframe elements with event handlers like onload that execute when administrators or privileged users preview or view the affected page content, enabling session hijacking and persistent phishing attacks. 2026-05-16 6.4 CVE-2020-37233 ExploitDB-49061
Official Product Homepage
VulnCheck Advisory: WordPress Plugin Buddypress 6.2.0 Persistent Cross-Site Scripting
 
Internetdownloadmanager--Internet Download Manager Internet Download Manager 6.38.12 contains a buffer overflow vulnerability in the Scheduler component that allows local attackers to crash the application by supplying oversized input. Attackers can paste malicious data exceeding 5000 bytes into the 'Open the following file when done' field to trigger a denial of service condition. 2026-05-16 6.2 CVE-2020-37234 ExploitDB-49083
Official Product Homepage
Product Reference
VulnCheck Advisory: Internet Download Manager 6.38.12 Scheduler Buffer Overflow
 
themeftc--Theme Wibar WordPress Theme Wibar 1.1.8 contains a stored cross-site scripting vulnerability in the Brand component that allows authenticated users to inject malicious scripts by manipulating the Logo URL parameter. Attackers with editor, administrator, contributor, or author privileges can inject base64-encoded script payloads through the ftc_brand_url input field to execute arbitrary JavaScript when users visit the brand page. 2026-05-16 6.4 CVE-2020-37235 ExploitDB-49107
Official Product Homepage
Product Reference
VulnCheck Advisory: WordPress Theme Wibar 1.1.8 Stored Cross-Site Scripting via Brand Component
 
Netartmedia--NewsLister NewsLister contains an authenticated persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the title parameter in the news addition interface. Attackers can inject JavaScript payloads via the title field in the admin panel that execute when news items are viewed by other users. 2026-05-16 6.4 CVE-2020-37236 ExploitDB-49160
Official Product Homepage
VulnCheck Advisory: NewsLister Authenticated Persistent Cross-Site Scripting via Admin Panel
 
Compo--Composr CMS Composr CMS 10.0.34 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the banner management interface. Attackers with admin credentials can inject XSS payloads in the Description field of the Add banner functionality, which execute for all website visitors when they access the home page. 2026-05-16 6.4 CVE-2020-37237 ExploitDB-49190
Official Product Homepage
Product Reference
VulnCheck Advisory: Composr CMS 10.0.34 Persistent Cross-Site Scripting via banners
 
Cmsmadesimple--CMS Made Simple CMS Made Simple 2.2.15 contains a stored cross-site scripting vulnerability that allows authenticated users with Content Manager access to inject malicious scripts through SVG file uploads. Attackers can upload SVG files containing embedded JavaScript to the file manager, which executes when other authenticated users access the uploaded file, enabling cookie theft and session hijacking. 2026-05-16 6.4 CVE-2020-37238 ExploitDB-49199
Official Product Homepage
Product Reference
VulnCheck Advisory: CMS Made Simple 2.2.15 Stored XSS via SVG File Upload
 
Codekernel--Queue Management System Queue Management System 4.0.0 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through user creation fields. Attackers can insert JavaScript payloads in the First Name, Last Name, and Email fields during user creation, which execute when viewing the User List page. 2026-05-16 6.4 CVE-2020-37240 ExploitDB-49296
Official Product Homepage
Product Reference
VulnCheck Advisory: Queue Management System 4.0.0 Stored XSS via Add User
 
Supsystic--Backup Supsystic Backup 2.3.9 contains a local file inclusion vulnerability that allows unauthenticated attackers to read and delete arbitrary files by manipulating the download path parameter. Attackers can modify the download parameter in admin.php requests with directory traversal sequences to access sensitive files like /etc/passwd or delete files via the removeAction parameter. 2026-05-16 6.2 CVE-2020-37246 ExploitDB-49545
Official Product Homepage
Product Reference
VulnCheck Advisory: WordPress Plugin Supsystic Backup 2.3.9 Local File Inclusion
 
Cookielawinfo--Cookie Law Bar Cookie Law Bar 1.2.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting unsanitized input to the Bar Message field. Attackers can inject script payloads through the plugin settings page that execute in the browsers of all WordPress users viewing the site, enabling cookie theft and sensitive data exfiltration. 2026-05-16 6.4 CVE-2021-47957 ExploitDB-49905
Official Product Homepage
Product Reference
VulnCheck Advisory: WordPress Plugin Cookie Law Bar 1.2.1 Stored XSS via clb_bar_msg
 
savsofts--Savsoft Quiz Savsoft Quiz 5.0 contains a persistent cross-site scripting vulnerability in the user account settings page that allows authenticated attackers to inject malicious HTML and JavaScript code. Attackers can inject script payloads into user profile fields at the edit_user endpoint, which execute in the browsers of users viewing the affected profile after submission. 2026-05-15 6.4 CVE-2021-47962 ExploitDB-49825
Official Product Homepage
Product Reference
VulnCheck Advisory: Savsoft Quiz 5.0 Persistent Cross-Site Scripting via User Settings
 
Timeclock--PHP Timeclock PHP Timeclock 1.04 contains multiple cross-site scripting vulnerabilities that allow unauthenticated attackers to inject arbitrary JavaScript by manipulating URL paths and POST parameters. Attackers can append malicious payloads to login.php, timeclock.php, audit.php, and timerpt.php endpoints, or inject code through from_date and to_date parameters in report requests to execute scripts in user browsers. 2026-05-15 6.1 CVE-2021-47967 ExploitDB-49853
Official Product Homepage
Product Reference
VulnCheck Advisory: PHP Timeclock 1.04 Multiple Cross-Site Scripting via Parameters
 
Podcastgenerator--Podcast Generator Podcast Generator 3.1 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting unfiltered JavaScript code in the long_description parameter. Attackers can inject script tags through episode creation or editing requests to execute arbitrary JavaScript when other users view the episode details. 2026-05-15 6.4 CVE-2021-47968 ExploitDB-49866
Official Product Homepage
Product Reference
VulnCheck Advisory: Podcast Generator 3.1 Persistent Cross-Site Scripting via long_description
 
Processmaker--ProcessMaker ProcessMaker 3.5.4 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting improper path traversal validation. Attackers can send requests with directory traversal sequences to access sensitive system files like /etc/passwd without authentication. 2026-05-16 6.2 CVE-2021-47978 ExploitDB-50229
Official Product Homepage
VulnCheck Advisory: ProcessMaker 3.5.4 Local File Inclusion via Path Traversal
 
interactivegeomaps--MapGeo Interactive Geo Maps The MapGeo - Interactive Geo Maps plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'map' parameter in the display-map shortcode in all versions up to, and including, 1.6.27 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2026-05-14 6.1 CVE-2025-15345 https://www.wordfence.com/threat-intel/vulnerabilities/id/bfccbf41-c861-4bf1-b400-7858cb255b9a?source=cve
https://research.cleantalk.org/cve-2025-15345
https://plugins.trac.wordpress.org/changeset?old_path=/interactive-geo-maps/tags/1.6.27/src/Plugin/Map.php&new_path=/interactive-geo-maps/tags/1.6.28/src/Plugin/Map.php
 
hwk-fr--Advanced Custom Fields: Extended The The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 0.9.2.3. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. 2026-05-12 6.5 CVE-2025-15463 https://www.wordfence.com/threat-intel/vulnerabilities/id/f8544784-1994-47e2-be39-568d0ab9ee00?source=cve
https://plugins.trac.wordpress.org/browser/acf-extended/tags/0.9.2.2/includes/modules/form/module-form-action-email.php#L111
https://plugins.trac.wordpress.org/browser/acf-extended/tags/0.9.2.2/includes/modules/form/module-form-front-render.php#L35
 
Joomsky--JS Jobs Joomla! Component Js Jobs 1.2.0 contains a cross-site request forgery vulnerability that allows attackers to perform state-changing actions without token validation. Attackers can craft malicious HTML forms targeting administrative endpoints like job.jobenforcedelete to delete job entries or modify component settings when administrators visit attacker-controlled pages. 2026-05-17 5.3 CVE-2018-25327 ExploitDB-44492
Official Product Homepage
Product Reference
VulnCheck Advisory: Joomla! Component Js Jobs 1.2.0 Cross-Site Request Forgery
 
Bylancer--Zechat Zechat 1.5 contains a Cross-Site Request Forgery (CSRF) vulnerability that allows an attacker to change a user's information by bypassing anti-CSRF protections. The application uses a CSRF token, but an attacker can use the hashtag parameter to inject an encoded payload and bypass the CSRF protection, allowing for unauthorized changes to user data. This can be exploited by tricking a user into submitting a crafted form or by using a script to obtain and set the CSRF token. 2026-05-17 5.4 CVE-2018-25334 ExploitDB-44685
Official Product Homepage
VulnCheck Advisory: Zechat 1.5 Cross-Site Request Forgery (CSRF) via hashtag parameter
 
Joomlaextensions--Joomla! extension jCart for OpenCart Joomla jCart for OpenCart 2.3.0.2 contains a cross-site request forgery vulnerability that allows attackers to modify user account information without authentication. Attackers can craft malicious HTML forms targeting endpoints , and to change user credentials, passwords, and affiliate account details when victims visit the attacker-controlled page. 2026-05-17 5.3 CVE-2018-25336 ExploitDB-44788
Official Product Homepage
Product Reference
VulnCheck Advisory: Joomla jCart for OpenCart 2.3.0.2 Cross-Site Request Forgery
 
Ultimate Member--ultimate-member WordPress Plugin ultimate-member 2.1.3 contains a local file inclusion vulnerability that allows authenticated attackers to include arbitrary files by manipulating the pack parameter in class-admin-upgrade.php. Attackers can send POST requests with malicious pack values to include unintended PHP files from the packages directory and execute arbitrary code. 2026-05-13 5.5 CVE-2020-37169 ExploitDB-48065
VulnCheck Advisory: WordPress Plugin ultimate-member 2.1.3 Local File Inclusion
 
HUSKY--Products Filter Professional for WooCommerce WOOF Products Filter for WooCommerce 1.2.3 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by entering XSS payloads in design tab textfields. Attackers can inject JavaScript code through fields like 'Text for block toggle' and 'Custom front css styles' that executes on frontend pages when saved, affecting all site visitors. 2026-05-13 5.5 CVE-2020-37174 ExploitDB-48088
Official Product Homepage
Product Reference
VulnCheck Advisory: WOOF Products Filter for WooCommerce 1.2.3 Persistent XSS
 
Bloofox--bloofoxCMS bloofoxCMS 0.5.2.1 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious pages. Attackers can craft hidden forms targeting the admin user creation endpoint to add new administrative accounts with arbitrary credentials without requiring explicit user consent. 2026-05-16 5.3 CVE-2020-37241 ExploitDB-49507
Official Product Homepage
Product Reference
VulnCheck Advisory: bloofoxCMS 0.5.2.1 Cross-Site Request Forgery via user add
 
MyBB--MyBB Timeline Plugin MyBB Timeline Plugin 1.0 contains cross-site scripting vulnerabilities that allow attackers to inject malicious scripts through thread titles, post content, and user profile fields like Location and Bio. Attackers can also exploit a cross-site request forgery vulnerability in the timeline.php profile action to change a user's cover picture by crafting malicious forms that execute when victims visit affected profiles. 2026-05-16 5.3 CVE-2021-47934 ExploitDB-49467
Product Reference
VulnCheck Advisory: MyBB Timeline Plugin 1.0 Cross-Site Scripting and CSRF
 
CouchCMS--CouchCMS CouchCMS 2.2.1 contains a cross-site scripting vulnerability that allows authenticated attackers to execute arbitrary JavaScript by uploading malicious SVG files through the file upload functionality. Attackers can upload SVG files containing embedded script tags to the browse.php endpoint, which are then executed in users' browsers when the files are accessed or previewed. 2026-05-16 5.4 CVE-2021-47955 ExploitDB-49636
Official Product Homepage
VulnCheck Advisory: CouchCMS 2.2.1 Cross-Site Scripting via SVG File Upload
 
Opensolution--Quick.CMS Quick.CMS 6.7 contains a cross-site scripting vulnerability in the sliders form that allows authenticated attackers to inject malicious scripts by submitting XSS payloads through the sDescription parameter. Attackers can craft CSRF forms targeting the admin.php?p=sliders-form endpoint to execute arbitrary JavaScript in victim browsers when the form is submitted. 2026-05-16 5.4 CVE-2021-47981 ExploitDB-50530
Official Product Homepage
Product Reference
VulnCheck Advisory: Quick.CMS 6.7 Cross-Site Scripting via CSRF to Sliders Form
 
WSO2--WSO2 Identity Server The check user account lock states feature within the email OTP flow fails to validate user input, allowing an attacker to infer the existence of registered user accounts. The discovery of valid usernames can increase the risk of brute-force and social engineering attacks. Attackers can leverage this information to craft targeted phishing campaigns or other malicious activities aimed at tricking users into divulging sensitive data, potentially damaging the organization's reputation and leading to regulatory non-compliance and financial consequences. 2026-05-11 5.3 CVE-2024-0391 https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2024-3115/
 
Siemens--SIPROTEC 5 6MD84 (CP300) A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V11.0), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 6MD89 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 6MU85 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7KE85 (CP200) (All versions), SIPROTEC 5 7KE85 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7SA82 (CP100) (All versions >= V7.80), SIPROTEC 5 7SA82 (CP150) (All versions < V11.0), SIPROTEC 5 7SA84 (CP200) (All versions), SIPROTEC 5 7SA86 (CP200) (All versions), SIPROTEC 5 7SA86 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7SA87 (CP200) (All versions), SIPROTEC 5 7SA87 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7SD82 (CP100) (All versions >= V7.80), SIPROTEC 5 7SD82 (CP150) (All versions < V11.0), SIPROTEC 5 7SD84 (CP200) (All versions), SIPROTEC 5 7SD86 (CP200) (All versions), SIPROTEC 5 7SD86 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7SD87 (CP200) (All versions), SIPROTEC 5 7SD87 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7SJ81 (CP100) (All versions >= V7.80), SIPROTEC 5 7SJ81 (CP150) (All versions < V11.0), SIPROTEC 5 7SJ82 (CP100) (All versions >= V7.80), SIPROTEC 5 7SJ82 (CP150) (All versions < V11.0), SIPROTEC 5 7SJ85 (CP200) (All versions), SIPROTEC 5 7SJ85 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7SJ86 (CP200) (All versions), SIPROTEC 5 7SJ86 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7SK82 (CP100) (All versions >= V7.80), SIPROTEC 5 7SK82 (CP150) (All versions < V11.0), SIPROTEC 5 7SK85 (CP200) (All versions), SIPROTEC 5 7SK85 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7SL82 (CP100) (All versions >= V7.80), SIPROTEC 5 7SL82 (CP150) (All versions < V11.0), SIPROTEC 5 7SL86 (CP200) (All versions), SIPROTEC 5 7SL86 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7SL87 (CP200) (All versions), SIPROTEC 5 7SL87 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7SS85 (CP200) (All versions), SIPROTEC 5 7SS85 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7ST85 (CP200) (All versions), SIPROTEC 5 7ST85 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7ST86 (CP300) (All versions < V11.0), SIPROTEC 5 7SX82 (CP150) (All versions < V11.0), SIPROTEC 5 7SX85 (CP300) (All versions < V11.0), SIPROTEC 5 7SY82 (CP150) (All versions < V11.0), SIPROTEC 5 7UM85 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7UT82 (CP100) (All versions >= V7.80), SIPROTEC 5 7UT82 (CP150) (All versions < V11.0), SIPROTEC 5 7UT85 (CP200) (All versions), SIPROTEC 5 7UT85 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7UT86 (CP200) (All versions), SIPROTEC 5 7UT86 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7UT87 (CP200) (All versions), SIPROTEC 5 7UT87 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7VE85 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7VK87 (CP200) (All versions), SIPROTEC 5 7VK87 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7VU85 (CP300) (All versions < V11.0), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V11.0). Affected devices do not use sufficiently random values to create session identifiers. This could allow an unauthenticated remote attacker to brute force a session identifier and gain read access to limited information from the web server without authorization. 2026-05-12 5.3 CVE-2024-54017 https://cert-portal.siemens.com/productcert/html/ssa-786884.html
 
GitLab--GitLab GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.11 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to inject HTML and JavaScript into email notifications sent to other users due to improper input sanitization. 2026-05-14 5.4 CVE-2025-12669 HackerOne Bug Bounty Report #3368096
https://gitlab.com/gitlab-org/gitlab/-/work_items/579385
https://about.gitlab.com/releases/2026/05/13/patch-release-gitlab-18-11-3-released/
 
ghera74--ilGhera Support System for WooCommerce The ilGhera Support System for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_ticket_content_callback' function in all versions up to, and including, 1.3.0. This makes it possible for unauthenticated attackers to view any support ticket content, including sensitive customer information and private communications, by providing a ticket ID. 2026-05-13 5.3 CVE-2025-14033 https://www.wordfence.com/threat-intel/vulnerabilities/id/40ceea17-ec60-4775-8495-e2f7643d1b7c?source=cve
https://plugins.trac.wordpress.org/browser/wc-support-system/trunk/includes/class-wc-support-system.php#L68
https://plugins.trac.wordpress.org/browser/wc-support-system/tags/1.2.6/includes/class-wc-support-system.php#L68
https://plugins.trac.wordpress.org/browser/wc-support-system/trunk/includes/class-wc-support-system.php#L643
https://plugins.trac.wordpress.org/browser/wc-support-system/tags/1.2.6/includes/class-wc-support-system.php#L643
https://plugins.trac.wordpress.org/browser/wc-support-system/tags/1.3.1/includes/class-wc-support-system.php#L780
 
stylemix--Cost Calculator Builder The Cost Calculator Builder plugin for WordPress is vulnerable to Unauthenticated Price Manipulation and Insecure Direct Object Reference (IDOR) in all versions up to, and including, 4.0.1 only when used in combination with Cost Calculator Builder PRO. This is due to the ccb_woocommerce_payment AJAX action being registered via wp_ajax_nopriv, making it accessible to unauthenticated users, and the renderWooCommercePayment() function passing user-controlled data directly to CCBWooCheckout::init() without authorization checks. This makes it possible for unauthenticated attackers to add WooCommerce products to their cart with attacker-controlled prices. 2026-05-13 5.3 CVE-2025-14755 https://www.wordfence.com/threat-intel/vulnerabilities/id/fe684f43-8442-4b29-84a8-da8c6863e62b?source=cve
https://plugins.trac.wordpress.org/browser/cost-calculator-builder/tags/3.6.7/includes/classes/CCBOrderController.php#L484
https://plugins.trac.wordpress.org/browser/cost-calculator-builder/tags/3.6.7/includes/classes/CCBAjaxAction.php#L99
 
wpclever--WPC Badge Management for WooCommerce The WPC Badge Management for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' attribute of the `wpcbm_best_seller` shortcode in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2026-05-13 5.5 CVE-2025-14767 https://www.wordfence.com/threat-intel/vulnerabilities/id/bf02edc9-2bb6-4ceb-b2a1-63f95c8becb3?source=cve
https://wordpress.org/plugins/wpc-badge-management
https://plugins.trac.wordpress.org/browser/wpc-badge-management/trunk/includes/class-shortcode.php#L98
https://plugins.trac.wordpress.org/changeset/3519100/
 
Tp-link--TL-WR720NMbps Wireless N Router TP-Link TL-WR720N wireless router contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious web requests. Attackers can modify port forwarding rules via VirtualServerRpm.htm or change WiFi security settings via WlanSecurityRpm.htm by tricking authenticated users into visiting attacker-controlled pages. 2026-05-17 4.3 CVE-2018-25321 ExploitDB-44335
Official Product Homepage
Product Reference
VulnCheck Advisory: TP-Link TL-WR720N All Versions CSRF via Administrative Interfaces
 
Joomlaextensions--Joomla! extension JoomOCShop Joomla JoomOCShop 1.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of authenticated users. Attackers can craft malicious HTML forms targeting account endpoints like /joomoc2/?route=account/edit and to modify user information or reset passwords without user consent. 2026-05-17 4.3 CVE-2018-25337 ExploitDB-44789
Official Product Homepage
Product Reference
VulnCheck Advisory: Joomla JoomOCShop 1.0 Cross-Site Request Forgery
 
Easy2pilot-v7--Easy2Pilot Easy2Pilot 7 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized user accounts by tricking authenticated administrators into visiting malicious pages. Attackers can craft HTML forms targeting the admin.php?action=add_user endpoint with POST requests containing username and password parameters to create new administrative accounts without explicit user consent. 2026-05-13 4.3 CVE-2020-37217 ExploitDB-48099
Official Product Homepage
VulnCheck Advisory: Easy2Pilot 7 Cross-Site Request Forgery via admin.php
 
CouchCMS--CouchCMS CouchCMS 2.2.1 contains a server-side request forgery vulnerability that allows authenticated attackers to make arbitrary HTTP requests by uploading malicious SVG files. Attackers can upload SVG files containing external entity references through the browse.php endpoint to access internal services and resources. 2026-05-15 4.3 CVE-2021-47958 ExploitDB-49675
Official Product Homepage
VulnCheck Advisory: CouchCMS 2.2.1 Server-Side Request Forgery via SVG upload
 
GitLab--GitLab GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with Guest permissions to view issues in projects they were not authorized to access. 2026-05-14 4.3 CVE-2025-13874 HackerOne Bug Bounty Report #3445398
https://gitlab.com/gitlab-org/gitlab/-/work_items/582634
https://about.gitlab.com/releases/2026/05/13/patch-release-gitlab-18-11-3-released/
 

Back to top

Low Vulnerabilities

Primary
Vendor -- Product		 Description Published CVSS Score Source Info Patch Info
There were no low vulnerabilities recorded this week.

Back to top

Severity Not Yet Assigned

Primary
Vendor -- Product		 Description Published CVSS Score Source Info Patch Info
AMD--AMD Ryzen 5000 Series Desktop Processors with Radeon Graphics A compromised Trusted OS (TOS) driver could issue a malformed call that could potentially allow memory access outside the intended range resulting in loss of integrity. 2026-05-15 not yet calculated CVE-2021-26380 https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4017.html
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html
 
AMD--AMD Ryzen 3000 Series Mobile Processors with Radeon Graphics A TOCTOU (Time-Of-Check to Time-Of-Use) in the graphics interface may allow an attacker to load registers repeatedly creating a race condition potentially leading to a loss of integrity. 2026-05-15 not yet calculated CVE-2022-23826 https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4017.html
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html
 
KMX--Alien::FreeImage Alien::FreeImage versions through 1.001 for Perl contains several vulnerable libraries. Alien::FreeImage contains version 3.17.0 of the FreeImage library from 2017, which has known vulnerabilities such as CVE-2015-0852 and CVE-2025-65803. The library embeds other images libraries that also have known vulnerabilities. 2026-05-11 not yet calculated CVE-2022-4988 https://freeimage.sourceforge.io/
https://metacpan.org/release/KMX/Alien-FreeImage-1.001/source/src/Source
https://nvd.nist.gov/vuln/detail/CVE-2015-0852
https://nvd.nist.gov/vuln/detail/CVE-2025-65803
https://github.com/kmx/alien-freeimage/issues/4
https://github.com/kmx/alien-freeimage/issues/5
 
n/a--MK-Auth 23.01K4.9 An arbitrary file upload vulnerability in MK-Auth 23.01K4.9 allows attackers to execute arbitrary code via uploading a crafted PHP file. 2026-05-12 not yet calculated CVE-2023-27753 https://github.com/yueslly/MKAUTH-RCE/blob/main/README.md
https://github.com/yueslly/MKAUTH-RCE
 
n/a--MK-Auth 23.01K4.9 An insecure direct object reference in MK-Auth 23.01K4.9 allows attackers to access and send support calls for other users via manipulation of the chamado parameter through a crafted GET request. 2026-05-12 not yet calculated CVE-2023-30059 https://github.com/yueslly/MKAUTH-IDOR
 
AMD[.]com--AMD Radeon RX 6000 Series Graphics Products Improper validation in Power Management Firmware (PMFW) may allow an attacker with privileges to pass malformed workload arguments when exporting table data from SMU to DRAM potentially resulting in a loss of confidentiality and/or availability. 2026-05-15 not yet calculated CVE-2023-31309 https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html
 
AMD[.]com--AMD Ryzen 5000 Series Mobile Processors with Radeon Graphics Improperly preserved integrity of hardware configuration state during a power save/restore operation in the AMD Secure Processor (ASP) could allow an attacker with the ability to write outside the trusted memory range (TMR) to change the execution flow of the Video Core Next (VCN) firmware potentially impacting confidentiality, integrity, or availability. 2026-05-15 not yet calculated CVE-2023-31316 https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4017.html
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html
 
AMD[.]com--AMD Radeon RX 6000 Series Graphics Products Improper restriction of operations within the bounds of a memory buffer in the AMD secure processer (ASP) could allow an attacker to read or write to protected memory potentially resulting in arbitrary code execution. 2026-05-15 not yet calculated CVE-2023-31317 https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html
 
AMD[.]com--AMD Instinct MI300X An out of bounds read in the remote management firmware could allow a privileged attacker read a limited section of memory outside of established bounds potentially resulting in loss of confidentiality or availability. 2026-05-15 not yet calculated CVE-2024-21950 https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html
 
AMD[.]com--AMD EPYC 4005 Series Processors Improper Input Validation in the AMD RAID driver could allow an attacker to point to an arbitrary memory location potentially resulting in privilege escalation and arbitrary code execution. 2026-05-15 not yet calculated CVE-2024-21962 https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4016.html
 
AMD[.]com--AMD EPYC Series 9004 Processors Improper enforcement of the LFENCE serialization property may allow an attacker to bypass speculation barriers and potentially disclose sensitive information, potentially resulting in loss of confidentiality. 2026-05-13 not yet calculated CVE-2024-36315 https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3030.html
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4017.html
 
AMD[.]com--AMD Radeon RX 7000 Series Graphics Products Improper isolation of VCN-JPEG HW register space could allow a malicious Guest Virtual Machine (VM) or a process to perform unauthorized access to the register space of the JPEG cores assigned a victim VM/process, potentially gaining arbitrary read/write access to the victim VM/process data. 2026-05-15 not yet calculated CVE-2024-36323 https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html
 
AMD[.]com--AMD Radeon PRO V710 Improper isolation of GPU HW register space could allow a privileged attacker in malicious Guest Virtual Machine (VM) to perform unauthorized access to specific victim range of GPU MMIO register space, potentially causing the host OS to reboot and creating a Denial of Service (DOS) condition. 2026-05-15 not yet calculated CVE-2024-36332 https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html
 
AMD[.]com--AMD Radeon RX 5000 Series Graphics Products A DLL hijacking vulnerability in the AMD Cleanup Utility could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. 2026-05-15 not yet calculated CVE-2024-36333 https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html
 
AMD[.]com--AMD Radeon RX 7000 Series Graphics Products Improper verification of cryptographic signature in the Radeon RGB tool could allow a malicious file placed in the installation directory to be run with elevated privileges potentially leading to arbitrary code execution. 2026-05-15 not yet calculated CVE-2024-36334 https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html
 
AMD[.]com--AMD EPYC 4004 Improper input validation in the AMD OverDrive (AOD) System Management Mode (SMM) module could allow a privileged attacker to perform an out-of-bounds read, potentially resulting in loss of confidentiality. 2026-05-15 not yet calculated CVE-2024-36345 https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3030.html
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4017.html
 
Checkmk GmbH--Checkmk Privilege escalation in the mk_mysql agent plugin on Windows in Checkmk <2.4.0p29, <2.3.0p47, and 2.2.0 (EOL) allows a local unprivileged user able to create a Windows service whose name matches 'MySQL' or 'MariaDB' (or with write access to a binary referenced by such a service) to execute arbitrary code in the context of the Checkmk agent service, which typically runs as SYSTEM. 2026-05-13 not yet calculated CVE-2024-47091 https://checkmk.com/werk/19198
 
n/a--Ardupilot Buffer Overflow vulnerability in Ardupilot rover commit v.c56439b045162058df0ff136afea3081fcd06d38 allows a local attacker to cause a denial of service via the AP_InertialSensor_ADIS1647x.cpp, ArduRover, ADIS1647x Sensor component. 2026-05-13 not yet calculated CVE-2024-48519 https://github.com/ArduPilot/ardupilot/issues/27937
 
n/a--Ardupilot Buffer Overflow vulnerability in Ardupiot Copter Latest commit 92693e023793133e49a035daf37c14433e484778 allows a local attacker to cause a denial of service via the AP_MSP::loop, AP_MSP, AP_MSP.cpp components. 2026-05-13 not yet calculated CVE-2024-51394 https://github.com/ArduPilot/ardupilot/issues/28458
 
n/a--Ardupilot Buffer Overflow vulnerability in Ardupiot Copter Latest commit 92693e023793133e49a035daf37c14433e484778 allows a local attacker to cause a denial of service via the AP_SmartAudio::loop, AP_SmartAudio, AP_SmartAudio.cpp components. 2026-05-13 not yet calculated CVE-2024-51395 https://github.com/ArduPilot/ardupilot/issues/28374
 
n/a--FMT-Firmware Firmament-Autopilot FMT-Firmware commit de5aec was discovered to contain a buffer overflow via the task_mavobc_entry function at /comm/task_comm.c. 2026-05-13 not yet calculated CVE-2024-55045 https://github.com/Firmament-Autopilot/FMT-Firmware/issues/133
 
AMD[.]com--AMD Ryzen 7035 Series Processors with Radeon Graphics (formerly codenamed "Rembrandt R") An unchecked return value within the AMD Platform Management Framework (PMF) could allow an attacker to read or modify an arbitrary address potentially resulting in loss of confidentiality, integrity, or availability. 2026-05-15 not yet calculated CVE-2025-0028 https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4015.html
 
AMD[.]com--AMD Ryzen 7040 Series Mobile Processors with Radeon Graphics Improper access control between the Joint Test Action Group (JTAG) and Advanced Extensible Interface (AXI) could allow an attacker with physical access to read or overwrite the contents of cross-chip debug (XCD) registers potentially resulting in loss of data integrity or confidentiality. 2026-05-15 not yet calculated CVE-2025-0040 https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4017.html
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html
 
AMD[.]com--AMD Ryzen Al Max+ An out-of-bounds read in power management firmware by a malicious local attacker with low privileges could potentially lead to a partial loss of confidentiality and availability. 2026-05-15 not yet calculated CVE-2025-0044 https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html
 
AMD[.]com--Athlon 3000 Series Mobile Processors with Radeon Graphics Improper Input validation in the AMD Secure Processor (ASP) PCI driver may allow a local attacker to create a buffer overflow condition, potentially resulting in a crash or denial of service 2026-05-15 not yet calculated CVE-2025-0045 https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4015.html
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3047.html
 
WSO2--WSO2 Identity Server Due to a lack of user account state validation during authentication, locked user accounts can be successfully authenticated using Magic Link or Pass Key methods. This bypasses the intended security control that should prevent access to accounts that have been locked. This vulnerability may allow unauthorized access to applications and sensitive data associated with accounts that should have been restricted via the account lock mechanism. It also undermines the effectiveness of the account lock mechanism intended to prevent further login attempts. 2026-05-11 not yet calculated CVE-2025-10908 https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4388/
 
Siemens--Simcenter Femap The affected applications contains a memory corruption vulnerability while parsing specially crafted IPT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-27349, ZDI-CAN-27389) 2026-05-12 not yet calculated CVE-2025-12659 https://cert-portal.siemens.com/productcert/html/ssa-870926.html
 
silabs.com--Simplicity SDK * Countermeasures for DPA within SYMCRYPTO engine on SixG301xxx devices are not sufficiently random and will eventually repeat. * KSU keys using SYMCRYPTO will be impacted by this vulnerability. 2026-05-15 not yet calculated CVE-2025-14972 https://community.silabs.com/068Vm00000M3cAX
 
n/a--Intel(R) Ethernet 800 series Use after free for some Linux kernel driver for the Intel(R) Ethernet 800 series before version 2.3.14 within Ring 0: Kernel may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (high) impacts. 2026-05-12 not yet calculated CVE-2025-27723 https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01426.html
 
Garmin[.]com--Garmin WDU The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows a symlink attack. If a malicious graphics package containing symlinks is uploaded, the web server follows the supplied links when serving content. No mechanisms to restrict those link targets to a specific area of the filesystem is enabled. This allows an attacker to retrieve arbitrary files from the device. 2026-05-13 not yet calculated CVE-2025-27850 https://garmin.com
https://www8.garmin.com/support/ch.jsp?product=010-02642-00
 
Garmin[.]com--Garmin WDU The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows a cross-site origin WebSocket hijacking attack. Among other uses, the WDU utilizes WebSockets to control settings, including administrative settings. This allows a network attacker to take full control of a WDU. To initiate an exploit of this vulnerability, the victim must (1) be utilizing a web browser on a multihomed host that has local interfaces on the Garmin Marine Network as well as another network, and (2) access a malicious third party website created by the attacker. 2026-05-13 not yet calculated CVE-2025-27851 https://garmin.com
https://www8.garmin.com/support/ch.jsp?product=010-02642-00
 
Garmin[.]com--Garmin WDU The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows a reflected cross site scripting (XSS) attack. This allows an attacker on the local network segment to execute arbitrary JavaScript code within the context of the WDU webpage. Full administrator level access to the device is possible. To initiate an exploit of this vulnerability, the victim must execute two actions: (1) view a specific URL served by the WDU, and (2) click an element on the rendered page. 2026-05-13 not yet calculated CVE-2025-27852 https://garmin.com
https://www8.garmin.com/support/ch.jsp?product=010-02642-00
 
Garmin[.]com--Garmin WDU The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows its authentication to be bypassed. The WDU web site only performs authentication with the client within the client's browser. The WebSockets used to communicate with the WDU server do not enforce any authentication. An attacker may bypass all authentication mechanisms by directly utilizing the remote APIs available on the websocket. 2026-05-13 not yet calculated CVE-2025-27853 https://garmin.com
https://www8.garmin.com/support/ch.jsp?product=010-02642-00
 
ThreadReadButtons--ThreadReadButtons striso-control-firmware 54c9722 is vulnerable to Buffer Overflow in function ThreadReadButtons. 2026-05-13 not yet calculated CVE-2025-28343 https://github.com/striso/striso-control-firmware/issues/5
 
AuxJack--AuxJack striso-control-firmware 54c9722 is vulnerable to Buffer Overflow in function AuxJack. 2026-05-13 not yet calculated CVE-2025-28344 https://github.com/striso/striso-control-firmware/issues/6
 
NXP[.]com--NXP NXP moal.ko Wi-Fi driver 5.1.7.10 FW version from v17.92.1.p149.43 To v17.92.1.p149.157 was discovered to contain a buffer overflow via the mod_para parameter in the woal_init_module_param function. 2026-05-13 not yet calculated CVE-2025-29338 https://www.nxp.com/docs/en/release-note/RN00104.pdf
https://github.com/masjadaan/CVE-2025-29338
 
AMD[.]com--AMD Ryzen 7035 Series Processors with Radeon Graphics (formerly codenamed "Rembrandt R") An out of bounds write within the AMD Platform Management Framework (PMF) could allow an attacker to execute arbitrary code at an elevated privilege level potentially leading to loss of confidentiality integrity, or availability. 2026-05-15 not yet calculated CVE-2025-29935 https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4015.html
 
AMD[.]com--AMD Ryzen 7035 Series Processors with Radeon Graphics (formerly codenamed "Rembrandt R") Improper input validation within the AMD Platform Management Framework (PMF) could allow an attacker to unmap arbitrary memory pages potentially impacting integrity and availability, or allowing privilege escalation resulting in loss of confidentiality. 2026-05-15 not yet calculated CVE-2025-29936 https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4015.html
 
AMD[.]com--AMD Ryzen 7035 Series Processors with Radeon Graphics (formerly codenamed "Rembrandt R") An out of bounds read within the AMD Platform Management Framework (PMF) could allow an attacker to trigger a read of an arbitrary memory location potentially resulting in loss of availability or confidentiality. 2026-05-15 not yet calculated CVE-2025-29937 https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4015.html
 
AMD[.]com--AMD Ryzen 7035 Series Processors with Radeon Graphics (formerly codenamed "Rembrandt R") An unchecked return value within the AMD Platform Management Framework (PMF) could allow an attacker to write to an arbitrary memory address resulting in denial of service or arbitrary code execution. 2026-05-15 not yet calculated CVE-2025-29938 https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4015.html
 
AMD[.]com--AMD Ryzen 4000 Series Mobile Processors with Radeon Graphics (formerly codenamed "Renoir") A buffer overflow vulnerability within AMD Sensor Fusion Hub Driver can allow a local attacker to write out of bounds, potentially resulting in denial of service or crash 2026-05-15 not yet calculated CVE-2025-29944 https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4015.html
 
Significant-Gravitas--AutoGPT AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. In AutoGPT, the execution process is recorded to the console (stdout/stderr), and deployed in container mode, which is automatically captured by Docker and stored as "container logs". However, prior to 0.6.32, there is no limit on the log size when the container is deployed. When the number of user accesses is too large, the log on the server disk will be too large, causing disk resource exhaustion and eventually causing DoS. autogpt-platform-beta-v0.6.32 fixes the issue. 2026-05-13 not yet calculated CVE-2025-32425 https://github.com/Significant-Gravitas/AutoGPT/security/advisories/GHSA-vw3v-whvp-33v5
https://github.com/Significant-Gravitas/AutoGPT/commit/57a06f70883ce6be18738c6ae8bb41085c71e266
https://github.com/Significant-Gravitas/AutoGPT/blob/62361ccc48327b3124549543b45d933d16f622d2/autogpt_platform/autogpt_libs/autogpt_libs/logging/config.py#L83-L102
https://github.com/Significant-Gravitas/AutoGPT/blob/62361ccc48327b3124549543b45d933d16f622d2/autogpt_platform/docker-compose.platform.yml#L102-L142
 
Intel[.]com--Intel(R) Server Firmware Update Utility Software Uncontrolled search path for some Intel(R) Server Firmware Update Utility Software before version 16.0.12. within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. 2026-05-12 not yet calculated CVE-2025-35969 https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01410.html
 
Intel[.]com--Intel(R) Processors Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel(R) Processors within VMX non-root (guest) operation may allow an information disclosure. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable data exposure. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (none) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (high), integrity (none) and availability (none) impacts. 2026-05-12 not yet calculated CVE-2025-35979 https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01420.html
 
Intel[.]com--Intel Endpoint Management Assistant (EMA) software Improper input validation for some Intel Endpoint Management Assistant (EMA) software before version 1.14.5 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an unauthenticated user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via adjacent access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. 2026-05-12 not yet calculated CVE-2025-35990 https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01434.html
 
Intel[.]com--Intel platforms Improper initialization in the UEFI firmware for some Intel platforms within Ring 0: Bare Metal OS may allow an information disclosure. System software adversary with a privileged user combined with a high complexity attack may enable data exposure. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (none) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. 2026-05-12 not yet calculated CVE-2025-35991 https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01413.html
 
Intel[.]com--Display Virtualization for Windows OS driver software Improper buffer restrictions for some Display Virtualization for Windows OS driver software within Ring 2: Device Drivers may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. 2026-05-12 not yet calculated CVE-2025-36510 https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01430.html
 
Intel[.]com--AI Playground software Uncontrolled search path for some AI Playground software before version 3.0.0 alpha within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. 2026-05-12 not yet calculated CVE-2025-36515 https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01438.html
 

Back to top