🛡️ CVE Intelligence Center
Common Vulnerabilities & Exposures — Security Intelligence Database
| CVE ID | Severity | CVSS | Description | Status | Published |
|---|---|---|---|---|---|
| CVE-2026-3343 | Medium | 6.1 |
A reflected cross-site scripting (XSS) vulnerability in the Fireware OS Web UI enabled execution of malicious JavaScript…
|
— | Mar 3, 2026 |
| CVE-2026-1336 | Medium | 5.3 |
The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is vulnerable to unauthorized access and m…
|
— | Mar 3, 2026 |
| CVE-2025-52468 | High | 8.8 |
Chamilo is a learning management system. Prior to version 1.11.30, an input validation vulnerability exists when importi…
|
⚡ Exploit ✅ Patch | Mar 2, 2026 |
| CVE-2026-21385 | High | 7.8 |
Memory corruption while using alignments for memory allocation.
|
⚡ Exploit ✅ Patch | Mar 2, 2026 |
| CVE-2025-64427 | High | 7.1 |
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.0 and prio…
|
⚡ Exploit ✅ Patch | Mar 2, 2026 |
| CVE-2026-28396 | Medium | 6.5 |
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, the password reset flow did not rev…
|
— | Mar 2, 2026 |
| CVE-2025-47384 | Medium | 6.5 |
Transient DOS when MAC configures config id greater than supported maximum value.
|
— | Mar 2, 2026 |
| CVE-2025-47371 | Medium | 6.5 |
Transient DOS when an LTE RLC packet with invalid TB is received by UE.
|
— | Mar 2, 2026 |
| CVE-2026-2583 | Medium | 6.4 |
The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the `blocksy_meta` metadata fields in a…
|
— | Mar 2, 2026 |
| CVE-2026-28361 | Medium | 6.3 |
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, the MCP token service did not valid…
|
— | Mar 2, 2026 |
| CVE-2025-15597 | Medium | 6.3 |
A vulnerability has been found in Dataease SQLBot up to 1.4.0. This affects an unknown function of the file backend/apps…
|
⚡ Exploit ✅ Patch | Mar 2, 2026 |
| CVE-2026-0012 | Medium | 6.2 |
In setHideSensitive of ExpandableNotificationRow.java, there is a possible contact name leak due due to a logic error in…
|
— | Mar 2, 2026 |
| CVE-2026-0005 | Medium | 6.2 |
In onServiceDisconnected of KeyguardServiceDelegate.java, there is a possible partial bypass of app pinning allowing lim…
|
— | Mar 2, 2026 |
| CVE-2025-52564 | Medium | 6.1 |
Chamilo is a learning management system. Prior to version 1.11.30, the open parameter of help.php fails to properly sani…
|
✅ Patch | Mar 2, 2026 |
| CVE-2025-52563 | Medium | 6.1 |
Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting (XSS) vulne…
|
— | Mar 2, 2026 |
| CVE-2025-52476 | Medium | 6.1 |
Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting (XSS) vulne…
|
✅ Patch | Mar 2, 2026 |
| CVE-2025-52475 | Medium | 6.1 |
Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting (XSS) vulne…
|
✅ Patch | Mar 2, 2026 |
| CVE-2025-48644 | Medium | 5.5 |
In multiple locations, there is a possible persistent denial of service due to improper input validation. This could lea…
|
— | Mar 2, 2026 |
| CVE-2025-48642 | Medium | 5.5 |
In jump_to_payload of payload.rs, there is a possible information disclosure due to a logic error in the code. This coul…
|
— | Mar 2, 2026 |
| CVE-2026-28359 | Medium | 5.4 |
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, an authenticated user with Editor r…
|
— | Mar 2, 2026 |