🛡️ CVE Intelligence Center
Common Vulnerabilities & Exposures — Security Intelligence Database
| CVE ID | Severity | CVSS | Description | Status | Published |
|---|---|---|---|---|---|
| CVE-2026-6117 | Medium | 6.3 |
A vulnerability was found in AstrBotDevs AstrBot up to 4.22.1. This issue affects the function install_plugin_upload of …
|
— | Apr 12, 2026 |
| CVE-2019-25711 | Medium | 6.2 |
SpotFTP Password Recover 2.4.2 contains a denial of service vulnerability that allows local attackers to crash the appli…
|
— | Apr 12, 2026 |
| CVE-2019-25712 | Medium | 6.2 |
BlueAuditor 1.7.2.0 contains a buffer overflow vulnerability in the registration key field that allows local attackers t…
|
— | Apr 12, 2026 |
| CVE-2017-20239 | Medium | 6.1 |
MDwiki contains a cross-site scripting vulnerability that allows remote attackers to execute arbitrary JavaScript by inj…
|
— | Apr 12, 2026 |
| CVE-2026-5207 | Medium | 6.5 |
The LifterLMS plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and i…
|
— | Apr 11, 2026 |
| CVE-2026-4895 | Medium | 6.4 |
The GreenShift - Animation and Page Builder Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting in …
|
— | Apr 11, 2026 |
| CVE-2026-3498 | Medium | 6.4 |
The BlockArt Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'clientId' block attribute…
|
— | Apr 11, 2026 |
| CVE-2026-5226 | Medium | 6.1 |
The Optimole – Optimize Images in Real Time plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL…
|
— | Apr 11, 2026 |
| CVE-2026-3358 | Medium | 5.4 |
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized private course e…
|
— | Apr 11, 2026 |
| CVE-2026-4979 | Medium | 5.0 |
The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP plugin for WordPre…
|
— | Apr 11, 2026 |
| CVE-2026-35658 | Medium | 6.5 |
OpenClaw before 2026.3.2 contains a filesystem boundary bypass vulnerability in the image tool that fails to honor tools…
|
— | Apr 10, 2026 |
| CVE-2026-35656 | Medium | 6.5 |
OpenClaw before 2026.3.22 contains an authentication bypass vulnerability in the X-Forwarded-For header processing when …
|
— | Apr 10, 2026 |
| CVE-2026-35652 | Medium | 6.5 |
OpenClaw before 2026.3.22 contains an authorization bypass vulnerability in interactive callback dispatch that allows no…
|
— | Apr 10, 2026 |
| CVE-2021-47960 | Medium | 6.5 |
A files or directories accessible to external parties vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows …
|
— | Apr 10, 2026 |
| CVE-2026-35621 | Medium | 6.5 |
OpenClaw before 2026.3.24 contains a privilege escalation vulnerability where the /allowlist command fails to re-validat…
|
— | Apr 10, 2026 |
| CVE-2026-35657 | Medium | 6.5 |
OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in the HTTP /sessions/:sessionKey/history route…
|
— | Apr 10, 2026 |
| CVE-2026-35649 | Medium | 6.5 |
OpenClaw before 2026.3.22 contains a settings reconciliation vulnerability that allows attackers to bypass intended deny…
|
— | Apr 10, 2026 |
| CVE-2026-2305 | Medium | 6.4 |
The AddFunc Head & Footer Code plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `aFhfc_head_cod…
|
— | Apr 10, 2026 |
| CVE-2026-1263 | Medium | 6.4 |
The Webling plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.9.…
|
— | Apr 10, 2026 |
| CVE-2026-5999 | Medium | 6.3 |
A vulnerability has been found in JeecgBoot up to 3.9.1. This impacts an unknown function of the component SysAnnounceme…
|
— | Apr 10, 2026 |