🛡️ CVE Intelligence Center
Common Vulnerabilities & Exposures — Security Intelligence Database
| CVE ID | Severity | CVSS | Description | Status | Published |
|---|---|---|---|---|---|
| CVE-2025-14142 | Medium | 6.4 |
The Electric Enquiries plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'button' parameter of t…
|
— | Feb 27, 2026 |
| CVE-2025-14149 | Medium | 6.4 |
The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the p…
|
— | Feb 27, 2026 |
| CVE-2026-3292 | Medium | 6.3 |
A security vulnerability has been detected in jizhiCMS up to 2.5.6. Affected is the function findAll in the library frph…
|
⚡ Exploit | Feb 27, 2026 |
| CVE-2025-11950 | Medium | 6.3 |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in KNOWHY Adva…
|
— | Feb 27, 2026 |
| CVE-2025-13327 | Medium | 6.3 |
A flaw was found in uv. This vulnerability allows an attacker to execute malicious code during package resolution or ins…
|
— | Feb 27, 2026 |
| CVE-2026-3289 | Medium | 6.3 |
A weakness has been identified in Sanluan PublicCMS 6.202506.d. This impacts the function saveMetadata of the file Templ…
|
— | Feb 27, 2026 |
| CVE-2026-3287 | Medium | 6.3 |
A security flaw has been discovered in youlaitech youlai-mall 2.0.0. This affects the function listPagedSpuForApp of the…
|
— | Feb 27, 2026 |
| CVE-2026-3286 | Medium | 6.3 |
A vulnerability was identified in itwanger paicoding 1.0.0/1.0.1/1.0.2/1.0.3. The impacted element is the function Save …
|
⚡ Exploit | Feb 27, 2026 |
| CVE-2026-1434 | Medium | 6.1 |
Omega-PSIR is vulnerable to Reflected XSS via the lang parameter. An attacker can craft a malicious URL that, when opene…
|
— | Feb 27, 2026 |
| CVE-2026-27756 | Medium | 6.1 |
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a reflected cross-site scripting vulnerability in the…
|
— | Feb 27, 2026 |
| CVE-2026-27752 | Medium | 5.9 |
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 transmit authentication credentials over unencrypted HTTP, al…
|
— | Feb 27, 2026 |
| CVE-2026-24351 | Medium | 5.4 |
PluXml CMS is vulnerable to Stored XSS in Static Pages editing functionality. Attacker with editing privileges can injec…
|
— | Feb 27, 2026 |
| CVE-2026-24350 | Medium | 5.4 |
PluXml CMS is vulnerable to Stored XSS in file uploading functionality. An authenticated attacker can upload an SVG file…
|
— | Feb 27, 2026 |
| CVE-2026-26997 | Medium | 5.4 |
ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 #59, a normal authenticated user can stor…
|
⚡ Exploit | Feb 27, 2026 |
| CVE-2026-27792 | Medium | 5.4 |
Seerr is an open-source media request and discovery manager for Jellyfin, Plex, and Emby. A missing authorization vulner…
|
— | Feb 27, 2026 |
| CVE-2026-1305 | Medium | 5.3 |
The Japanized for WooCommerce plugin for WordPress is vulnerable to Improper Authentication in versions up to, and inclu…
|
— | Feb 27, 2026 |
| CVE-2026-1558 | Medium | 5.3 |
The WP Recipe Maker plugin for WordPress is vulnerable to an Insecure Direct Object Reference (IDOR) in versions up to, …
|
— | Feb 27, 2026 |
| CVE-2026-27824 | Medium | 5.3 |
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.…
|
⚡ Exploit | Feb 27, 2026 |
| CVE-2026-28407 | Medium | 5.3 |
malcontent is software for discovering supply-chain compromises through context, differential analysis, and YARA. Prior …
|
✅ Patch | Feb 27, 2026 |
| CVE-2026-28351 | Medium | 5.3 |
pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.4, an attacker who uses this vulnerability…
|
— | Feb 27, 2026 |