🛡️ CVE Intelligence Center
Common Vulnerabilities & Exposures — Security Intelligence Database
| CVE ID | Severity | CVSS | Description | Status | Published |
|---|---|---|---|---|---|
| CVE-2026-39355 | Critical | 9.9 |
Genealogy is a family tree PHP application. Prior to 5.9.1, a critical broken access control vulnerability in the geneal…
|
⚡ Exploit | Apr 7, 2026 |
| CVE-2026-21861 | Critical | 9.1 |
baserCMS is a website development framework. Prior to version 5.2.3, baserCMS contains an OS command injection vulnerabi…
|
⚡ Exploit | Mar 31, 2026 |
| CVE-2026-33669 | Critical | 9.8 |
SiYuan is a personal knowledge management system. Prior to version 3.6.2, document IDs were retrieved via the /api/file/…
|
⚡ Exploit | Mar 26, 2026 |
| CVE-2026-33670 | Critical | 9.8 |
SiYuan is a personal knowledge management system. Prior to version 3.6.2, the /api/file/readDir interface was used to tr…
|
⚡ Exploit | Mar 26, 2026 |
| CVE-2026-33152 | Critical | 9.1 |
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior t…
|
⚡ Exploit | Mar 26, 2026 |
| CVE-2026-33502 | Critical | 9.3 |
WWBN AVideo is an open source video platform. In versions up to and including 26.0, an unauthenticated server-side reque…
|
⚡ Exploit ✅ Patch | Mar 23, 2026 |
| CVE-2026-33136 | Critical | 9.3 |
WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below have a Reflected Cross-Site Scripting (XSS)…
|
⚡ Exploit ✅ Patch | Mar 20, 2026 |
| CVE-2026-33135 | Critical | 9.3 |
WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below have a Reflected Cross-Site Scripting (XSS)…
|
⚡ Exploit ✅ Patch | Mar 20, 2026 |
| CVE-2026-28495 | Critical | 9.6 |
GetSimple CMS is a content management system. The massiveAdmin plugin (v6.0.3) bundled with GetSimpleCMS-CE v3.3.22 allo…
|
⚡ Exploit ✅ Patch | Mar 10, 2026 |
| CVE-2023-43000 | Critical | 9.0 |
Apple Multiple products Use-After-Free Vulnerability — Apple macOS, iOS, iPadOS, and Safari 16.6 contain a use-after-fre…
|
⚡ Exploit ✅ Patch | Mar 5, 2026 |
| CVE-2017-7921 | Critical | 9.0 |
Hikvision Multiple Products Improper Authentication Vulnerability — Multiple Hikvision products contain an improper auth…
|
⚡ Exploit ✅ Patch | Mar 5, 2026 |
| CVE-2021-22681 | Critical | 9.0 |
Rockwell Multiple Products Insufficient Protected Credentials Vulnerability — Multiple Rockwell products contain an insu…
|
⚡ Exploit ✅ Patch | Mar 5, 2026 |
| CVE-2021-30952 | Critical | 9.0 |
Apple Multiple Products Integer Overflow or Wraparound Vulnerability — Apple tvOS, macOS, Safari, iPadOS and watchOS con…
|
⚡ Exploit ✅ Patch | Mar 5, 2026 |
| CVE-2023-41974 | Critical | 9.0 |
Apple iOS and iPadOS Use-After-Free Vulnerability — Apple iOS and iPadOS contain a use-after-free vulnerability. An app …
|
⚡ Exploit ✅ Patch | Mar 5, 2026 |
| CVE-2026-3301 | Critical | 9.8 |
A security flaw has been discovered in Totolink N300RH 6.1c.1353_B20190305. Affected by this vulnerability is the functi…
|
⚡ Exploit ✅ Patch | Feb 27, 2026 |
| CVE-2026-28370 | Critical | 9.1 |
In the query parser in OpenStack Vitrage before 12.0.1, 13.0.0, 14.0.0, and 15.0.0, a user allowed to access the Vitrage…
|
⚡ Exploit ✅ Patch | Feb 27, 2026 |
| CVE-2026-28215 | Critical | 9.1 |
hoppscotch is an open source API development ecosystem. Prior to version 2026.2.0, an unauthenticated attacker can overw…
|
⚡ Exploit ✅ Patch | Feb 26, 2026 |
| CVE-2026-20127 | Critical | 9.0 |
Cisco Catalyst SD-WAN Controller and Manager Authentication Bypass Vulnerability — Cisco Catalyst SD-WAN Controller, for…
|
⚡ Exploit ✅ Patch | Feb 25, 2026 |
| CVE-2022-20775 | Critical | 9.0 |
Cisco SD-WAN Path Traversal Vulnerability — Cisco SD-WAN CLI contains a path traversal vulnerability that could allow an…
|
⚡ Exploit ✅ Patch | Feb 25, 2026 |
| CVE-2026-25108 | Critical | 9.0 |
Soliton Systems K.K FileZen OS Command Injection Vulnerability — Soliton Systems K.K FileZen contains an OS command inje…
|
⚡ Exploit ✅ Patch | Feb 24, 2026 |