🛡️ CVE Intelligence Center
Common Vulnerabilities & Exposures — Security Intelligence Database
| CVE ID | Severity | CVSS | Description | Status | Published |
|---|---|---|---|---|---|
| CVE-2026-39342 | High | 8.8 |
ChurchCRM is an open-source church management system. Prior to 7.1.0, the searchwhat parameter via QueryView.php with th…
|
⚡ Exploit | Apr 7, 2026 |
| CVE-2026-30460 | High | 8.8 |
Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability in t…
|
⚡ Exploit | Apr 7, 2026 |
| CVE-2026-33510 | High | 8.8 |
Homarr is an open-source dashboard. Prior to 1.57.0, a DOM-based Cross-Site Scripting (XSS) vulnerability has been disco…
|
⚡ Exploit | Apr 6, 2026 |
| CVE-2026-35394 | High | 8.3 |
Mobile Next is an MCP server for mobile development and automation. Prior to 0.0.50, the mobile_open_url tool in mobile-…
|
⚡ Exploit ✅ Patch | Apr 6, 2026 |
| CVE-2026-34588 | High | 7.8 |
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the …
|
⚡ Exploit | Apr 6, 2026 |
| CVE-2026-34217 | High | 7.2 |
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, a scope modification vulnerability exists in @nyariv/sand…
|
⚡ Exploit | Apr 6, 2026 |
| CVE-2019-25685 | High | 8.8 |
phpBB contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by e…
|
⚡ Exploit | Apr 5, 2026 |
| CVE-2019-25681 | High | 8.4 |
Xlight FTP Server 3.9.1 contains a structured exception handler (SEH) overwrite vulnerability that allows local attacker…
|
⚡ Exploit | Apr 5, 2026 |
| CVE-2019-25669 | High | 8.2 |
qdPM 9.1 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL c…
|
⚡ Exploit | Apr 5, 2026 |
| CVE-2019-25672 | High | 8.2 |
PilusCart 1.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database quer…
|
⚡ Exploit | Apr 5, 2026 |
| CVE-2019-25684 | High | 8.2 |
OpenDocMan 1.3.4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database qu…
|
⚡ Exploit | Apr 5, 2026 |
| CVE-2019-25690 | High | 8.2 |
Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injec…
|
⚡ Exploit | Apr 5, 2026 |
| CVE-2019-25686 | High | 7.5 |
Core FTP 2.0 build 653 contains a denial of service vulnerability in the PBSZ command that allows unauthenticated attack…
|
⚡ Exploit | Apr 5, 2026 |
| CVE-2018-25248 | High | 7.2 |
MyBB Downloads Plugin 2.0.3 contains a persistent cross-site scripting vulnerability that allows regular members to inje…
|
⚡ Exploit | Apr 4, 2026 |
| CVE-2026-5350 | High | 8.8 |
A security flaw has been discovered in Trendnet TEW-657BRM 1.00.1. The impacted element is the function update_pcdb of t…
|
⚡ Exploit | Apr 2, 2026 |
| CVE-2026-5349 | High | 8.8 |
A vulnerability was identified in Trendnet TEW-657BRM 1.00.1. The affected element is the function add_apcdb of the file…
|
⚡ Exploit | Apr 2, 2026 |
| CVE-2026-34728 | High | 8.7 |
phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the MediaBrowserController::index() method handl…
|
⚡ Exploit | Apr 2, 2026 |
| CVE-2026-34576 | High | 7.7 |
Postiz is an AI social media scheduling tool. Prior to version 2.21.3, the POST /public/v1/upload-from-url endpoint acce…
|
⚡ Exploit | Apr 2, 2026 |
| CVE-2026-34752 | High | 7.5 |
Haraka is a Node.js mail server. Prior to version 3.1.4, sending an email with __proto__: as a header name crashes the H…
|
⚡ Exploit | Apr 2, 2026 |
| CVE-2026-29782 | High | 7.2 |
OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to version 2.10.2, th…
|
⚡ Exploit ✅ Patch | Apr 2, 2026 |