🛡️ CVE Intelligence Center
Common Vulnerabilities & Exposures — Security Intelligence Database
| CVE ID | Severity | CVSS | Description | Status | Published |
|---|---|---|---|---|---|
| CVE-2025-11953 | Critical | 9.0 |
React Native Community CLI OS Command Injection Vulnerability — React Native Community CLI contains an OS command inject…
|
⚡ Exploit ✅ Patch | Feb 5, 2026 |
| CVE-2026-25160 | Critical | 9.1 |
Alist is a file list program that supports multiple storages, powered by Gin and Solidjs. Prior to version 3.57.0, the a…
|
⚡ Exploit ✅ Patch | Feb 4, 2026 |
| CVE-2026-25539 | Critical | 9.1 |
SiYuan is a personal knowledge management system. Prior to version 3.5.5, the /api/file/copyFile endpoint does not valid…
|
⚡ Exploit ✅ Patch | Feb 4, 2026 |
| CVE-2025-70841 | Critical | 10.0 |
Dokans Multi-Tenancy Based eCommerce Platform SaaS 3.9.2 allows unauthenticated remote attackers to obtain sensitive app…
|
⚡ Exploit ✅ Patch | Feb 3, 2026 |
| CVE-2026-25510 | Critical | 9.9 |
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorizati…
|
⚡ Exploit ✅ Patch | Feb 3, 2026 |
| CVE-2020-37082 | Critical | 9.8 |
webERP 4.15.1 contains an unauthenticated file access vulnerability that allows remote attackers to download database ba…
|
⚡ Exploit ✅ Patch | Feb 3, 2026 |
| CVE-2019-19006 | Critical | 9.0 |
Sangoma FreePBX Improper Authentication Vulnerability — Sangoma FreePBX contains an improper authentication vulnerabili…
|
⚡ Exploit ✅ Patch | Feb 3, 2026 |
| CVE-2021-39935 | Critical | 9.0 |
GitLab Community and Enterprise Editions Server-Side Request Forgery (SSRF) Vulnerability — GitLab Community and Enterpr…
|
⚡ Exploit ✅ Patch | Feb 3, 2026 |
| CVE-2025-40551 | Critical | 9.0 |
SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability — SolarWinds Web Help Desk contains a deseriali…
|
⚡ Exploit ✅ Patch | Feb 3, 2026 |
| CVE-2025-64328 | Critical | 9.0 |
Sangoma FreePBX OS Command Injection Vulnerability — Sangoma FreePBX Endpoint Manager contains an OS command injection v…
|
⚡ Exploit ✅ Patch | Feb 3, 2026 |
| CVE-2026-23515 | Critical | 9.9 |
Signal K Server is a server application that runs on a central hub in a boat. Prior to 1.5.0, a command injection vulner…
|
⚡ Exploit ✅ Patch | Feb 2, 2026 |
| CVE-2026-1281 | Critical | 9.0 |
Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability — Ivanti Endpoint Manager Mobile (EPMM) contains a co…
|
⚡ Exploit ✅ Patch | Jan 29, 2026 |
| CVE-2026-24897 | Critical | 10.0 |
Erugo is a self-hosted file-sharing platform. In versions up to and including 0.2.14, an authenticated low-privileged us…
|
⚡ Exploit ✅ Patch | Jan 28, 2026 |
| CVE-2026-24736 | Critical | 9.1 |
Squidex is an open source headless content management system and content management hub. Versions of the application up …
|
⚡ Exploit ✅ Patch | Jan 27, 2026 |
| CVE-2026-24858 | Critical | 9.0 |
Fortinet Multiple Products Authentication Bypass Using an Alternate Path or Channel Vulnerability — Fortinet FortiAnalyz…
|
⚡ Exploit ✅ Patch | Jan 27, 2026 |
| CVE-2026-24061 | Critical | 9.0 |
GNU InetUtils Argument Injection Vulnerability — GNU InetUtils contains an argument injection vulnerability in telnetd t…
|
⚡ Exploit ✅ Patch | Jan 26, 2026 |
| CVE-2025-52691 | Critical | 9.0 |
SmarterTools SmarterMail Unrestricted Upload of File with Dangerous Type Vulnerability — SmarterTools SmarterMail contai…
|
⚡ Exploit ✅ Patch | Jan 26, 2026 |
| CVE-2018-14634 | Critical | 9.0 |
Linux Kernel Integer Overflow Vulnerability — Linux Kernel contains an integer overflow vulnerability in the create_elf_…
|
⚡ Exploit ✅ Patch | Jan 26, 2026 |
| CVE-2026-21509 | Critical | 9.0 |
Microsoft Office Security Feature Bypass Vulnerability — Microsoft Office contains a security feature bypass vulnerabili…
|
⚡ Exploit ✅ Patch | Jan 26, 2026 |
| CVE-2026-23760 | Critical | 9.0 |
SmarterTools SmarterMail Authentication Bypass Using an Alternate Path or Channel Vulnerability — SmarterTools SmarterMa…
|
⚡ Exploit ✅ Patch | Jan 26, 2026 |