🛡️ CVE Intelligence Center
Common Vulnerabilities & Exposures — Security Intelligence Database
| CVE ID | Severity | CVSS | Description | Status | Published |
|---|---|---|---|---|---|
| CVE-2026-32948 | High | 7.8 |
sbt is a build tool for Scala, Java, and others. From version 0.9.5 to before version 1.12.7, on Windows, sbt uses Proce…
|
⚡ Exploit ✅ Patch | Mar 24, 2026 |
| CVE-2026-33509 | High | 7.5 |
pyLoad is a free and open-source download manager written in Python. From version 0.4.0 to before version 0.5.0b3.dev97,…
|
⚡ Exploit | Mar 24, 2026 |
| CVE-2026-33497 | High | 7.5 |
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.1, in the download_p…
|
⚡ Exploit | Mar 24, 2026 |
| CVE-2026-33241 | High | 7.5 |
Salvo is a Rust web framework. Prior to version 0.89.3, Salvo's form data parsing implementations (`form_data()` method …
|
⚡ Exploit ✅ Patch | Mar 24, 2026 |
| CVE-2026-30653 | High | 7.5 |
An issue in Free5GC v.4.2.0 and before allows a remote attacker to cause a denial of service via the function HandleAuth…
|
⚡ Exploit | Mar 24, 2026 |
| CVE-2026-32854 | High | 7.5 |
LibVNCServer versions 0.9.15 and prior (fixed in commit dc78dee) contain null pointer dereference vulnerabilities in the…
|
⚡ Exploit ✅ Patch | Mar 24, 2026 |
| CVE-2026-33157 | High | 7.2 |
Craft CMS is a content management system (CMS). From version 5.6.0 to before version 5.9.13, a Remote Code Execution (RC…
|
⚡ Exploit ✅ Patch | Mar 24, 2026 |
| CVE-2026-33634 | High | 8.8 |
Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy…
|
⚡ Exploit | Mar 23, 2026 |
| CVE-2026-33513 | High | 8.6 |
WWBN AVideo is an open source video platform. In versions up to and including 26.0, an unauthenticated API endpoint (`AP…
|
⚡ Exploit | Mar 23, 2026 |
| CVE-2026-33480 | High | 8.6 |
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `isSSRFSafeURL()` function in AV…
|
⚡ Exploit ✅ Patch | Mar 23, 2026 |
| CVE-2026-33651 | High | 8.1 |
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `remindMe.json.php` endpoint pas…
|
⚡ Exploit ✅ Patch | Mar 23, 2026 |
| CVE-2026-33649 | High | 8.1 |
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `plugin/Permissions/setPermissio…
|
⚡ Exploit | Mar 23, 2026 |
| CVE-2026-33488 | High | 7.4 |
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `createKeys()` function in the L…
|
⚡ Exploit ✅ Patch | Mar 23, 2026 |
| CVE-2026-33493 | High | 7.1 |
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `objects/import.json.php` endpoi…
|
⚡ Exploit ✅ Patch | Mar 23, 2026 |
| CVE-2019-25578 | High | 8.2 |
phpTransformer 2016.9 contains an SQL injection vulnerability that allows remote attackers to execute arbitrary SQL quer…
|
⚡ Exploit | Mar 21, 2026 |
| CVE-2019-25581 | High | 8.2 |
i-doit CMDB 1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL …
|
⚡ Exploit | Mar 21, 2026 |
| CVE-2019-25579 | High | 7.5 |
phpTransformer 2016.9 contains a directory traversal vulnerability that allows unauthenticated attackers to access arbit…
|
⚡ Exploit | Mar 21, 2026 |
| CVE-2019-25573 | High | 7.1 |
Green CMS 2.x contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queri…
|
⚡ Exploit | Mar 21, 2026 |
| CVE-2026-28513 | High | 8.5 |
Pocket ID is an OIDC provider that allows users to authenticate with their passkeys to your services. Prior to 2.4.0, th…
|
⚡ Exploit ✅ Patch | Mar 10, 2026 |
| CVE-2026-26308 | High | 7.5 |
Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, the Envoy RBAC (Rol…
|
⚡ Exploit ✅ Patch | Mar 10, 2026 |