|
671
|
5.4 |
MEDIUM
Network
|
langfuse
|
langfuse
|
Langfuse is an open source large language model engineering platform. From version 3.68.0 to before version 3.167.0, there is a role-based-access control flaw in the LLM connection update flow. An a…
Update
|
CWE-284
Improper Access Control
|
CVE-2026-41487
|
2026-05-14 02:12 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
672
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Ecommerce Systempay 1.0 contains a weak cryptographic implementation vulnerability that allows attackers to brute force the 16-character production secret key used for payment signature generation. A…
New
|
CWE-328
Use of Weak Hash
|
CVE-2020-37168
|
2026-05-14 02:07 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
673
|
5.5 |
MEDIUM
Local
|
-
|
-
|
WordPress Plugin ultimate-member 2.1.3 contains a local file inclusion vulnerability that allows authenticated attackers to include arbitrary files by manipulating the pack parameter in class-admin-u…
New
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2020-37169
|
2026-05-14 02:07 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
674
|
5.5 |
MEDIUM
Network
|
-
|
-
|
WOOF Products Filter for WooCommerce 1.2.3 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by entering XSS payloads in design …
New
|
CWE-79
Cross-site Scripting
|
CVE-2020-37174
|
2026-05-14 02:07 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
675
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Easy2Pilot 7 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized user accounts by tricking authenticated administrators into visiting malicious pages. Attack…
New
|
CWE-352
Origin Validation Error
|
CVE-2020-37217
|
2026-05-14 02:07 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
676
|
8.2 |
HIGH
Network
|
-
|
-
|
Joomla com_hdwplayer 4.2 contains an SQL injection vulnerability in the search.php file that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the …
New
|
CWE-89
SQL Injection
|
CVE-2020-37218
|
2026-05-14 02:07 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
677
|
7.5 |
HIGH
Network
|
-
|
-
|
Joomla com_fabrik 3.9.11 contains a directory traversal vulnerability that allows unauthenticated attackers to list arbitrary files by manipulating the folder parameter. Attackers can send GET reques…
New
|
CWE-22
Path Traversal
|
CVE-2020-37219
|
2026-05-14 02:07 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
678
|
7.5 |
HIGH
Network
|
-
|
-
|
Huawei HG630 V2 router contains an authentication bypass vulnerability that allows unauthenticated attackers to obtain administrative access by retrieving the device serial number. Attackers can quer…
New
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-37220
|
2026-05-14 02:07 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
679
|
7.2 |
HIGH
Network
|
-
|
-
|
Kuicms Php EE 2.0 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted content through the bbs reply endpoi…
New
|
CWE-79
Cross-site Scripting
|
CVE-2020-37222
|
2026-05-14 02:07 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
680
|
7.8 |
HIGH
Local
|
-
|
-
|
IObit Uninstaller 9.5.0.15 contains an unquoted service path vulnerability in the IObitUnSvr service that allows local attackers to escalate privileges to SYSTEM level. Attackers can place a maliciou…
New
|
CWE-428
Unquoted Search Path or Element
|
CVE-2020-37223
|
2026-05-14 02:07 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
