🛡️ CVE Intelligence Center
Common Vulnerabilities & Exposures — Security Intelligence Database
| CVE ID | Severity | CVSS | Description | Status | Published |
|---|---|---|---|---|---|
| CVE-2026-25502 | High | 7.8 |
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color …
|
⚡ Exploit ✅ Patch | Feb 3, 2026 |
| CVE-2020-37088 | High | 7.5 |
School ERP Pro 1.0 contains a file disclosure vulnerability that allows unauthenticated attackers to read arbitrary file…
|
⚡ Exploit ✅ Patch | Feb 3, 2026 |
| CVE-2020-37097 | High | 7.5 |
Edimax EW-7438RPn 1.13 contains an information disclosure vulnerability that exposes WiFi network configuration details …
|
⚡ Exploit ✅ Patch | Feb 3, 2026 |
| CVE-2025-15556 | High | 7.5 |
Notepad++ versions prior to 8.8.9, when using the WinGUp updater, contain an update integrity verification vulnerability…
|
⚡ Exploit ✅ Patch | Feb 3, 2026 |
| CVE-2020-37084 | High | 7.2 |
School ERP Pro 1.0 contains a remote code execution vulnerability that allows authenticated admin users to upload arbitr…
|
⚡ Exploit ✅ Patch | Feb 3, 2026 |
| CVE-2024-5386 | High | 8.8 |
In lunary-ai/lunary version 1.2.2, an account hijacking vulnerability exists due to a password reset token leak. A user …
|
⚡ Exploit ✅ Patch | Feb 2, 2026 |
| CVE-2026-25134 | High | 8.8 |
Group-Office is an enterprise customer relationship management and groupware tool. Prior to 6.8.150, 25.0.82, and 26.0.5…
|
⚡ Exploit ✅ Patch | Feb 2, 2026 |
| CVE-2026-25221 | High | 8.1 |
PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, the OAuth 2.0 implementation for …
|
⚡ Exploit ✅ Patch | Feb 2, 2026 |
| CVE-2026-25222 | High | 7.5 |
PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, a timing attack vulnerability in …
|
⚡ Exploit ✅ Patch | Feb 2, 2026 |
| CVE-2021-47915 | High | 8.1 |
PHP Melody version 3.0 contains a remote SQL injection vulnerability in the video edit module that allows authenticated …
|
⚡ Exploit ✅ Patch | Feb 1, 2026 |
| CVE-2021-47918 | High | 8.1 |
Simple CMS 2.1 contains a remote SQL injection vulnerability that allows privileged attackers to inject unfiltered SQL c…
|
⚡ Exploit ✅ Patch | Feb 1, 2026 |
| CVE-2020-37032 | High | 8.8 |
Wing FTP Server 6.3.8 contains a remote code execution vulnerability in its Lua-based web console that allows authentica…
|
⚡ Exploit ✅ Patch | Jan 30, 2026 |
| CVE-2020-37041 | High | 7.5 |
OpenCTI 3.3.1 is vulnerable to a directory traversal attack via the static/css endpoint. An unauthenticated attacker can…
|
⚡ Exploit ✅ Patch | Jan 30, 2026 |
| CVE-2026-24780 | High | 8.8 |
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that aut…
|
⚡ Exploit ✅ Patch | Jan 29, 2026 |
| CVE-2026-25047 | High | 8.8 |
deepHas provides a test for the existence of a nested object key and optionally returns that key. A prototype pollution …
|
⚡ Exploit ✅ Patch | Jan 29, 2026 |
| CVE-2026-25116 | High | 7.6 |
Runtipi is a personal homeserver orchestrator. Starting in version 4.5.0 and prior to version 4.7.2, an unauthenticated …
|
⚡ Exploit ✅ Patch | Jan 29, 2026 |
| CVE-2026-25061 | High | 7.5 |
tcpflow is a TCP/IP packet demultiplexer. In versions up to and including 1.61, wifipcap parses 802.11 management frame …
|
⚡ Exploit ✅ Patch | Jan 29, 2026 |
| CVE-2026-22243 | High | 8.8 |
EGroupware is a Web based groupware server written in PHP. A SQL Injection vulnerability exists in the core components o…
|
⚡ Exploit ✅ Patch | Jan 28, 2026 |
| CVE-2020-36972 | High | 8.2 |
SmartBlog 2.0.1 contains a blind SQL injection vulnerability in the 'id_post' parameter of the details controller that a…
|
⚡ Exploit ✅ Patch | Jan 28, 2026 |
| CVE-2026-24840 | High | 8.0 |
Dokploy is a free, self-hostable Platform as a Service (PaaS). In versions prior to 0.26.6, a hardcoded credential in th…
|
⚡ Exploit ✅ Patch | Jan 28, 2026 |