🛡️ CVE Intelligence Center
Common Vulnerabilities & Exposures — Security Intelligence Database
| CVE ID | Severity | CVSS | Description | Status | Published |
|---|---|---|---|---|---|
| CVE-2026-25510 | Critical | 9.9 |
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorizati…
|
⚡ Exploit ✅ Patch | Feb 3, 2026 |
| CVE-2020-37082 | Critical | 9.8 |
webERP 4.15.1 contains an unauthenticated file access vulnerability that allows remote attackers to download database ba…
|
⚡ Exploit ✅ Patch | Feb 3, 2026 |
| CVE-2025-40551 | Critical | 9.0 |
SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability — SolarWinds Web Help Desk contains a deseriali…
|
⚡ Exploit ✅ Patch | Feb 3, 2026 |
| CVE-2021-39935 | Critical | 9.0 |
GitLab Community and Enterprise Editions Server-Side Request Forgery (SSRF) Vulnerability — GitLab Community and Enterpr…
|
⚡ Exploit ✅ Patch | Feb 3, 2026 |
| CVE-2025-64328 | Critical | 9.0 |
Sangoma FreePBX OS Command Injection Vulnerability — Sangoma FreePBX Endpoint Manager contains an OS command injection v…
|
⚡ Exploit ✅ Patch | Feb 3, 2026 |
| CVE-2019-19006 | Critical | 9.0 |
Sangoma FreePBX Improper Authentication Vulnerability — Sangoma FreePBX contains an improper authentication vulnerabili…
|
⚡ Exploit ✅ Patch | Feb 3, 2026 |
| CVE-2020-37073 | High | 8.8 |
Victor CMS 1.0 contains an authenticated file upload vulnerability that allows administrators to upload PHP files with a…
|
⚡ Exploit ✅ Patch | Feb 3, 2026 |
| CVE-2020-37116 | High | 8.8 |
GUnet OpenEclass 1.7.3 includes phpMyAdmin 2.10.0.2 by default, which allows remote logins. Attackers with access to the…
|
⚡ Exploit ✅ Patch | Feb 3, 2026 |
| CVE-2020-37113 | High | 8.8 |
GUnet OpenEclass 1.7.3 allows authenticated users to bypass file extension restrictions when uploading files. By renamin…
|
⚡ Exploit ✅ Patch | Feb 3, 2026 |
| CVE-2020-37076 | High | 8.2 |
Victor CMS version 1.0 contains a SQL injection vulnerability in the 'post' parameter on post.php that allows remote att…
|
⚡ Exploit ✅ Patch | Feb 3, 2026 |
| CVE-2020-37100 | High | 7.8 |
Sync Breeze Enterprise 12.4.18 contains an unquoted service path vulnerability that allows local attackers to execute ar…
|
⚡ Exploit ✅ Patch | Feb 3, 2026 |
| CVE-2019-25261 | High | 7.8 |
AnyDesk 5.4.0 contains an unquoted service path vulnerability in its Windows service configuration that allows local att…
|
⚡ Exploit ✅ Patch | Feb 3, 2026 |
| CVE-2026-25502 | High | 7.8 |
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color …
|
⚡ Exploit ✅ Patch | Feb 3, 2026 |
| CVE-2020-37097 | High | 7.5 |
Edimax EW-7438RPn 1.13 contains an information disclosure vulnerability that exposes WiFi network configuration details …
|
⚡ Exploit ✅ Patch | Feb 3, 2026 |
| CVE-2020-37088 | High | 7.5 |
School ERP Pro 1.0 contains a file disclosure vulnerability that allows unauthenticated attackers to read arbitrary file…
|
⚡ Exploit ✅ Patch | Feb 3, 2026 |
| CVE-2025-15556 | High | 7.5 |
Notepad++ versions prior to 8.8.9, when using the WinGUp updater, contain an update integrity verification vulnerability…
|
⚡ Exploit ✅ Patch | Feb 3, 2026 |
| CVE-2020-37084 | High | 7.2 |
School ERP Pro 1.0 contains a remote code execution vulnerability that allows authenticated admin users to upload arbitr…
|
⚡ Exploit ✅ Patch | Feb 3, 2026 |
| CVE-2026-23515 | Critical | 9.9 |
Signal K Server is a server application that runs on a central hub in a boat. Prior to 1.5.0, a command injection vulner…
|
⚡ Exploit ✅ Patch | Feb 2, 2026 |
| CVE-2026-25134 | High | 8.8 |
Group-Office is an enterprise customer relationship management and groupware tool. Prior to 6.8.150, 25.0.82, and 26.0.5…
|
⚡ Exploit ✅ Patch | Feb 2, 2026 |
| CVE-2024-5386 | High | 8.8 |
In lunary-ai/lunary version 1.2.2, an account hijacking vulnerability exists due to a password reset token leak. A user …
|
⚡ Exploit ✅ Patch | Feb 2, 2026 |