🛡️ CVE Intelligence Center
Common Vulnerabilities & Exposures — Security Intelligence Database
| CVE ID | Severity | CVSS | Description | Status | Published |
|---|---|---|---|---|---|
| CVE-2018-25248 | High | 7.2 |
MyBB Downloads Plugin 2.0.3 contains a persistent cross-site scripting vulnerability that allows regular members to inje…
|
⚡ Exploit | Apr 4, 2026 |
| CVE-2026-5350 | High | 8.8 |
A security flaw has been discovered in Trendnet TEW-657BRM 1.00.1. The impacted element is the function update_pcdb of t…
|
⚡ Exploit | Apr 2, 2026 |
| CVE-2026-5349 | High | 8.8 |
A vulnerability was identified in Trendnet TEW-657BRM 1.00.1. The affected element is the function add_apcdb of the file…
|
⚡ Exploit | Apr 2, 2026 |
| CVE-2026-34728 | High | 8.7 |
phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the MediaBrowserController::index() method handl…
|
⚡ Exploit | Apr 2, 2026 |
| CVE-2026-34576 | High | 7.7 |
Postiz is an AI social media scheduling tool. Prior to version 2.21.3, the POST /public/v1/upload-from-url endpoint acce…
|
⚡ Exploit | Apr 2, 2026 |
| CVE-2026-34752 | High | 7.5 |
Haraka is a Node.js mail server. Prior to version 3.1.4, sending an email with __proto__: as a header name crashes the H…
|
⚡ Exploit | Apr 2, 2026 |
| CVE-2026-29782 | High | 7.2 |
OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to version 2.10.2, th…
|
⚡ Exploit ✅ Patch | Apr 2, 2026 |
| CVE-2026-0522 | High | 8.8 |
A local file inclusion vulnerability in the upload/download flow of the VertiGIS FM application allows authenticated att…
|
⚡ Exploit | Apr 1, 2026 |
| CVE-2026-34570 | High | 8.8 |
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorizati…
|
⚡ Exploit | Apr 1, 2026 |
| CVE-2026-35091 | High | 8.2 |
A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Co…
|
⚡ Exploit | Apr 1, 2026 |
| CVE-2026-5271 | High | 7.8 |
pymanager included the current working directory in sys.path meaning modules could be shadowed by modules in the current…
|
⚡ Exploit | Apr 1, 2026 |
| CVE-2026-27489 | High | 7.5 |
Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, …
|
⚡ Exploit ✅ Patch | Apr 1, 2026 |
| CVE-2026-35092 | High | 7.5 |
A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a re…
|
⚡ Exploit | Apr 1, 2026 |
| CVE-2026-34543 | High | 7.5 |
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the …
|
⚡ Exploit ✅ Patch | Apr 1, 2026 |
| CVE-2026-34545 | High | 7.3 |
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the …
|
⚡ Exploit ✅ Patch | Apr 1, 2026 |
| CVE-2026-34544 | High | 7.3 |
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the …
|
⚡ Exploit ✅ Patch | Apr 1, 2026 |
| CVE-2026-30522 | Medium | 6.5 |
A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to improper server-side validati…
|
⚡ Exploit | Apr 1, 2026 |
| CVE-2026-35057 | Medium | 6.4 |
XenForo before 2.3.10 and before 2.2.19 is vulnerable to stored cross-site scripting (XSS) in structured text mentions, …
|
⚡ Exploit | Apr 1, 2026 |
| CVE-2026-3877 | Medium | 6.1 |
A reflected cross-site scripting (XSS) vulnerability in the dashboard search functionality of the VertiGIS FM solution a…
|
⚡ Exploit | Apr 1, 2026 |
| CVE-2026-21861 | Critical | 9.1 |
baserCMS is a website development framework. Prior to version 5.2.3, baserCMS contains an OS command injection vulnerabi…
|
⚡ Exploit | Mar 31, 2026 |