🛡️ CVE Intelligence Center
Common Vulnerabilities & Exposures — Security Intelligence Database
| CVE ID | Severity | CVSS | Description | Status | Published |
|---|---|---|---|---|---|
| CVE-2026-24452 | High | 8.0 |
An OS command injection
vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an
authenticated attacker…
|
✅ Patch | Feb 27, 2026 |
| CVE-2026-25721 | High | 8.0 |
An OS command injection
vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an
authenticated attacker …
|
✅ Patch | Feb 27, 2026 |
| CVE-2026-25196 | High | 8.0 |
An OS command injection
vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an
authenticated attacker …
|
✅ Patch | Feb 27, 2026 |
| CVE-2026-3037 | High | 8.0 |
An OS command injection vulnerability exists in XWEB Pro version 1.12.1
and prior, enabling an authenticated attacker t…
|
✅ Patch | Feb 27, 2026 |
| CVE-2026-28364 | High | 7.9 |
In OCaml before 4.14.3 and 5.x before 5.4.1, a buffer over-read in Marshal deserialization (runtime/intern.c) enables re…
|
✅ Patch | Feb 27, 2026 |
| CVE-2026-1442 | High | 7.8 |
Since the encryption algorithm used to protect firmware updates is itself encrypted using key material available to an a…
|
✅ Patch | Feb 27, 2026 |
| CVE-2026-2252 | High | 7.5 |
An XML External Entity (XXE) vulnerability allows malicious user to perform Server-Side Request Forgery (SSRF) via craft…
|
✅ Patch | Feb 27, 2026 |
| CVE-2026-27836 | High | 7.5 |
phpMyFAQ is an open source FAQ web application. Prior to version 4.0.18, the WebAuthn prepare endpoint (`/api/webauthn/p…
|
✅ Patch | Feb 27, 2026 |
| CVE-2026-2428 | High | 7.5 |
The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in…
|
✅ Patch | Feb 27, 2026 |
| CVE-2025-10990 | High | 7.5 |
A flaw was found in REXML. A remote attacker could exploit inefficient regular expression (regex) parsing when processin…
|
✅ Patch | Feb 27, 2026 |
| CVE-2026-28372 | High | 7.4 |
telnetd in GNU inetutils through 2.7 allows privilege escalation that can be exploited by abusing systemd service creden…
|
✅ Patch | Feb 27, 2026 |
| CVE-2026-27707 | High | 7.3 |
Seerr is an open-source media request and discovery manager for Jellyfin, Plex, and Emby. Starting in version 2.0.0 and …
|
✅ Patch | Feb 27, 2026 |
| CVE-2026-27776 | High | 7.2 |
IM-LogicDesigner module of intra-mart Accel Platform contains insecure deserialization issue. This can be exploited only…
|
✅ Patch | Feb 27, 2026 |
| CVE-2026-25147 | High | 7.1 |
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to versio…
|
✅ Patch | Feb 27, 2026 |
| CVE-2026-27757 | High | 7.1 |
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain an authentication vulnerability that allows authentic…
|
✅ Patch | Feb 27, 2026 |
| CVE-2026-28338 | Medium | 6.8 |
PMD is an extensible multilanguage static code analyzer. Prior to version 7.22.0, PMD's `vbhtml` and `yahtml` report for…
|
⚡ Exploit | Feb 27, 2026 |
| CVE-2025-9909 | Medium | 6.7 |
A flaw was found in the Red Hat Ansible Automation Platform Gateway route creation component. This vulnerability allows …
|
— | Feb 27, 2026 |
| CVE-2025-9908 | Medium | 6.7 |
A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible (EDA) Event Streams. This vulnerabilit…
|
— | Feb 27, 2026 |
| CVE-2025-9907 | Medium | 6.7 |
A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible (EDA) Event Stream API. This vulnerabi…
|
— | Feb 27, 2026 |
| CVE-2026-27653 | Medium | 6.7 |
The installers for multiple products provided by Soliton Systems K.K. contain an issue with incorrect default permission…
|
— | Feb 27, 2026 |