🛡️ CVE Intelligence Center
Common Vulnerabilities & Exposures — Security Intelligence Database
| CVE ID | Severity | CVSS | Description | Status | Published |
|---|---|---|---|---|---|
| CVE-2026-31354 | Medium | 5.4 |
Multiple authenticated stored cross-site scripting (XSS) vulnerabilities in the Permissions module of Feehi CMS v2.1.1 a…
|
⚡ Exploit | Apr 6, 2026 |
| CVE-2026-31353 | Medium | 5.4 |
An authenticated stored cross-site scripting (XSS) vulnerability in the Category module of Feehi CMS v2.1.1 allows attac…
|
⚡ Exploit | Apr 6, 2026 |
| CVE-2026-31350 | Medium | 5.4 |
An authenticated stored cross-site scripting (XSS) vulnerability in Feehi CMS v2.1.1 allows attackers to execute arbitra…
|
⚡ Exploit | Apr 6, 2026 |
| CVE-2026-31352 | Medium | 5.4 |
An authenticated stored cross-site scripting (XSS) vulnerability in the Role Management module of Feehi CMS v2.1.1 allow…
|
⚡ Exploit | Apr 6, 2026 |
| CVE-2026-31313 | Medium | 5.4 |
An authenticated stored cross-site scripting (XSS) vulnerability in the creation/editing module of Feehi CMS v2.1.1 allo…
|
⚡ Exploit | Apr 6, 2026 |
| CVE-2026-34589 | Medium | 5.0 |
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the …
|
⚡ Exploit | Apr 6, 2026 |
| CVE-2026-30522 | Medium | 6.5 |
A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to improper server-side validati…
|
⚡ Exploit | Apr 1, 2026 |
| CVE-2026-35057 | Medium | 6.4 |
XenForo before 2.3.10 and before 2.2.19 is vulnerable to stored cross-site scripting (XSS) in structured text mentions, …
|
⚡ Exploit | Apr 1, 2026 |
| CVE-2026-3877 | Medium | 6.1 |
A reflected cross-site scripting (XSS) vulnerability in the dashboard search functionality of the VertiGIS FM solution a…
|
⚡ Exploit | Apr 1, 2026 |
| CVE-2026-30521 | Medium | 6.5 |
A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to improper server-side validati…
|
⚡ Exploit | Mar 31, 2026 |
| CVE-2026-34716 | Medium | 6.4 |
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo YPTSocket plugin's caller feature r…
|
⚡ Exploit | Mar 31, 2026 |
| CVE-2026-34605 | Medium | 6.1 |
SiYuan is a personal knowledge management system. From version 3.6.0 to before version 3.6.2, the SanitizeSVG function i…
|
⚡ Exploit | Mar 31, 2026 |
| CVE-2026-34396 | Medium | 6.1 |
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo admin panel renders plugin configur…
|
⚡ Exploit | Mar 31, 2026 |
| CVE-2026-34442 | Medium | 5.4 |
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.211, host header…
|
⚡ Exploit ✅ Patch | Mar 31, 2026 |
| CVE-2026-33027 | Medium | 6.5 |
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, the nginx-ui configuration improperly…
|
⚡ Exploit | Mar 30, 2026 |
| CVE-2026-33952 | Medium | 6.5 |
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, an unvalidated auth_length fie…
|
⚡ Exploit ✅ Patch | Mar 30, 2026 |
| CVE-2026-33977 | Medium | 6.5 |
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, a malicious RDP server can cra…
|
⚡ Exploit ✅ Patch | Mar 30, 2026 |
| CVE-2018-25226 | Medium | 6.2 |
FTPShell Server 6.83 contains a buffer overflow vulnerability that allows local attackers to crash the application by su…
|
⚡ Exploit | Mar 30, 2026 |
| CVE-2018-25216 | Medium | 6.2 |
AnyBurn 4.3 contains a local buffer overflow vulnerability that allows local attackers to crash the application by suppl…
|
⚡ Exploit | Mar 26, 2026 |
| CVE-2018-25214 | Medium | 6.2 |
MegaPing contains a local buffer overflow vulnerability that allows local attackers to crash the application by supplyin…
|
⚡ Exploit | Mar 26, 2026 |