🛡️ CVE Intelligence Center
Common Vulnerabilities & Exposures — Security Intelligence Database
| CVE ID | Severity | CVSS | Description | Status | Published |
|---|---|---|---|---|---|
| CVE-2026-25221 | High | 8.1 |
PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, the OAuth 2.0 implementation for …
|
⚡ Exploit ✅ Patch | Feb 2, 2026 |
| CVE-2026-25222 | High | 7.5 |
PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, a timing attack vulnerability in …
|
⚡ Exploit ✅ Patch | Feb 2, 2026 |
| CVE-2021-47918 | High | 8.1 |
Simple CMS 2.1 contains a remote SQL injection vulnerability that allows privileged attackers to inject unfiltered SQL c…
|
⚡ Exploit ✅ Patch | Feb 1, 2026 |
| CVE-2021-47915 | High | 8.1 |
PHP Melody version 3.0 contains a remote SQL injection vulnerability in the video edit module that allows authenticated …
|
⚡ Exploit ✅ Patch | Feb 1, 2026 |
| CVE-2020-37032 | High | 8.8 |
Wing FTP Server 6.3.8 contains a remote code execution vulnerability in its Lua-based web console that allows authentica…
|
⚡ Exploit ✅ Patch | Jan 30, 2026 |
| CVE-2020-37041 | High | 7.5 |
OpenCTI 3.3.1 is vulnerable to a directory traversal attack via the static/css endpoint. An unauthenticated attacker can…
|
⚡ Exploit ✅ Patch | Jan 30, 2026 |
| CVE-2026-1281 | Critical | 9.0 |
Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability — Ivanti Endpoint Manager Mobile (EPMM) contains a co…
|
⚡ Exploit ✅ Patch | Jan 29, 2026 |
| CVE-2026-24780 | High | 8.8 |
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that aut…
|
⚡ Exploit ✅ Patch | Jan 29, 2026 |
| CVE-2026-25047 | High | 8.8 |
deepHas provides a test for the existence of a nested object key and optionally returns that key. A prototype pollution …
|
⚡ Exploit ✅ Patch | Jan 29, 2026 |
| CVE-2026-25116 | High | 7.6 |
Runtipi is a personal homeserver orchestrator. Starting in version 4.5.0 and prior to version 4.7.2, an unauthenticated …
|
⚡ Exploit ✅ Patch | Jan 29, 2026 |
| CVE-2026-25061 | High | 7.5 |
tcpflow is a TCP/IP packet demultiplexer. In versions up to and including 1.61, wifipcap parses 802.11 management frame …
|
⚡ Exploit ✅ Patch | Jan 29, 2026 |
| CVE-2026-24897 | Critical | 10.0 |
Erugo is a self-hosted file-sharing platform. In versions up to and including 0.2.14, an authenticated low-privileged us…
|
⚡ Exploit ✅ Patch | Jan 28, 2026 |
| CVE-2026-22243 | High | 8.8 |
EGroupware is a Web based groupware server written in PHP. A SQL Injection vulnerability exists in the core components o…
|
⚡ Exploit ✅ Patch | Jan 28, 2026 |
| CVE-2020-36972 | High | 8.2 |
SmartBlog 2.0.1 contains a blind SQL injection vulnerability in the 'id_post' parameter of the details controller that a…
|
⚡ Exploit ✅ Patch | Jan 28, 2026 |
| CVE-2026-24840 | High | 8.0 |
Dokploy is a free, self-hostable Platform as a Service (PaaS). In versions prior to 0.26.6, a hardcoded credential in th…
|
⚡ Exploit ✅ Patch | Jan 28, 2026 |
| CVE-2026-1506 | High | 7.2 |
A vulnerability was determined in D-Link DIR-615 4.10. Impacted is an unknown function of the file /adv_mac_filter.php o…
|
⚡ Exploit ✅ Patch | Jan 28, 2026 |
| CVE-2026-1505 | High | 7.2 |
A vulnerability was found in D-Link DIR-615 4.10. This issue affects some unknown processing of the file /set_temp_nodes…
|
⚡ Exploit ✅ Patch | Jan 28, 2026 |
| CVE-2026-24736 | Critical | 9.1 |
Squidex is an open source headless content management system and content management hub. Versions of the application up …
|
⚡ Exploit ✅ Patch | Jan 27, 2026 |
| CVE-2026-24858 | Critical | 9.0 |
Fortinet Multiple Products Authentication Bypass Using an Alternate Path or Channel Vulnerability — Fortinet FortiAnalyz…
|
⚡ Exploit ✅ Patch | Jan 27, 2026 |
| CVE-2020-36942 | High | 8.8 |
Victor CMS 1.0 contains a file upload vulnerability that allows authenticated users to upload malicious PHP files throug…
|
⚡ Exploit ✅ Patch | Jan 27, 2026 |