🛡️ CVE Intelligence Center
Common Vulnerabilities & Exposures — Security Intelligence Database
| CVE ID | Severity | CVSS | Description | Status | Published |
|---|---|---|---|---|---|
| CVE-2026-39355 | Critical | 9.9 |
Genealogy is a family tree PHP application. Prior to 5.9.1, a critical broken access control vulnerability in the geneal…
|
⚡ Exploit | Apr 7, 2026 |
| CVE-2026-39342 | High | 8.8 |
ChurchCRM is an open-source church management system. Prior to 7.1.0, the searchwhat parameter via QueryView.php with th…
|
⚡ Exploit | Apr 7, 2026 |
| CVE-2026-30460 | High | 8.8 |
Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability in t…
|
⚡ Exploit | Apr 7, 2026 |
| CVE-2026-33510 | High | 8.8 |
Homarr is an open-source dashboard. Prior to 1.57.0, a DOM-based Cross-Site Scripting (XSS) vulnerability has been disco…
|
⚡ Exploit | Apr 6, 2026 |
| CVE-2026-35394 | High | 8.3 |
Mobile Next is an MCP server for mobile development and automation. Prior to 0.0.50, the mobile_open_url tool in mobile-…
|
⚡ Exploit ✅ Patch | Apr 6, 2026 |
| CVE-2026-34588 | High | 7.8 |
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the …
|
⚡ Exploit | Apr 6, 2026 |
| CVE-2026-34217 | High | 7.2 |
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, a scope modification vulnerability exists in @nyariv/sand…
|
⚡ Exploit | Apr 6, 2026 |
| CVE-2026-31350 | Medium | 5.4 |
An authenticated stored cross-site scripting (XSS) vulnerability in Feehi CMS v2.1.1 allows attackers to execute arbitra…
|
⚡ Exploit | Apr 6, 2026 |
| CVE-2026-31353 | Medium | 5.4 |
An authenticated stored cross-site scripting (XSS) vulnerability in the Category module of Feehi CMS v2.1.1 allows attac…
|
⚡ Exploit | Apr 6, 2026 |
| CVE-2026-31354 | Medium | 5.4 |
Multiple authenticated stored cross-site scripting (XSS) vulnerabilities in the Permissions module of Feehi CMS v2.1.1 a…
|
⚡ Exploit | Apr 6, 2026 |
| CVE-2026-31313 | Medium | 5.4 |
An authenticated stored cross-site scripting (XSS) vulnerability in the creation/editing module of Feehi CMS v2.1.1 allo…
|
⚡ Exploit | Apr 6, 2026 |
| CVE-2026-31352 | Medium | 5.4 |
An authenticated stored cross-site scripting (XSS) vulnerability in the Role Management module of Feehi CMS v2.1.1 allow…
|
⚡ Exploit | Apr 6, 2026 |
| CVE-2026-34589 | Medium | 5.0 |
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the …
|
⚡ Exploit | Apr 6, 2026 |
| CVE-2019-25685 | High | 8.8 |
phpBB contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by e…
|
⚡ Exploit | Apr 5, 2026 |
| CVE-2019-25681 | High | 8.4 |
Xlight FTP Server 3.9.1 contains a structured exception handler (SEH) overwrite vulnerability that allows local attacker…
|
⚡ Exploit | Apr 5, 2026 |
| CVE-2019-25690 | High | 8.2 |
Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injec…
|
⚡ Exploit | Apr 5, 2026 |
| CVE-2019-25669 | High | 8.2 |
qdPM 9.1 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL c…
|
⚡ Exploit | Apr 5, 2026 |
| CVE-2019-25672 | High | 8.2 |
PilusCart 1.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database quer…
|
⚡ Exploit | Apr 5, 2026 |
| CVE-2019-25684 | High | 8.2 |
OpenDocMan 1.3.4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database qu…
|
⚡ Exploit | Apr 5, 2026 |
| CVE-2019-25686 | High | 7.5 |
Core FTP 2.0 build 653 contains a denial of service vulnerability in the PBSZ command that allows unauthenticated attack…
|
⚡ Exploit | Apr 5, 2026 |