🛡️ CVE Intelligence Center
Common Vulnerabilities & Exposures — Security Intelligence Database
| CVE ID | Severity | CVSS | Description | Status | Published |
|---|---|---|---|---|---|
| CVE-2026-22243 | High | 8.8 |
EGroupware is a Web based groupware server written in PHP. A SQL Injection vulnerability exists in the core components o…
|
⚡ Exploit ✅ Patch | Jan 28, 2026 |
| CVE-2026-24685 | High | 8.8 |
OpenProject is an open-source, web-based project management software. Versions prior to 16.6.6 and 17.0.2 have an arbitr…
|
✅ Patch | Jan 28, 2026 |
| CVE-2025-14386 | High | 8.8 |
The Search Atlas SEO – Premier SEO Plugin for One-Click WP Publishing & Integrated AI Optimization plugin for WordPress …
|
✅ Patch | Jan 28, 2026 |
| CVE-2020-36970 | High | 8.4 |
PMB 5.6 contains a local file disclosure vulnerability in getgif.php that allows attackers to read arbitrary system file…
|
✅ Patch | Jan 28, 2026 |
| CVE-2020-36972 | High | 8.2 |
SmartBlog 2.0.1 contains a blind SQL injection vulnerability in the 'id_post' parameter of the details controller that a…
|
⚡ Exploit ✅ Patch | Jan 28, 2026 |
| CVE-2025-59891 | High | 8.0 |
Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.…
|
✅ Patch | Jan 28, 2026 |
| CVE-2025-59892 | High | 8.0 |
Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.…
|
✅ Patch | Jan 28, 2026 |
| CVE-2025-59893 | High | 8.0 |
Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.…
|
✅ Patch | Jan 28, 2026 |
| CVE-2025-59894 | High | 8.0 |
Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.…
|
✅ Patch | Jan 28, 2026 |
| CVE-2026-24840 | High | 8.0 |
Dokploy is a free, self-hostable Platform as a Service (PaaS). In versions prior to 0.26.6, a hardcoded credential in th…
|
⚡ Exploit ✅ Patch | Jan 28, 2026 |
| CVE-2020-36984 | High | 7.8 |
EPSON 1.124 contains an unquoted service path vulnerability in the SENADB service that allows local attackers to execute…
|
✅ Patch | Jan 28, 2026 |
| CVE-2020-36985 | High | 7.8 |
IP Watcher 3.0.0.30 contains an unquoted service path vulnerability in its Windows service configuration that allows loc…
|
✅ Patch | Jan 28, 2026 |
| CVE-2020-36986 | High | 7.8 |
Prey 1.9.6 contains an unquoted service path vulnerability that allows local users to potentially execute code with elev…
|
✅ Patch | Jan 28, 2026 |
| CVE-2020-36987 | High | 7.8 |
Program Access Controller 1.2.0.0 contains an unquoted service path vulnerability in PACService.exe that allows local at…
|
✅ Patch | Jan 28, 2026 |
| CVE-2020-36989 | High | 7.8 |
ForensiT AppX Management Service 2.2.0.4 contains an unquoted service path vulnerability that allows local users to pote…
|
✅ Patch | Jan 28, 2026 |
| CVE-2020-36990 | High | 7.8 |
Input Director 1.4.3 contains an unquoted service path vulnerability in its Windows service configuration that allows lo…
|
✅ Patch | Jan 28, 2026 |
| CVE-2020-36991 | High | 7.8 |
ShareMouse 5.0.43 contains an unquoted service path vulnerability that allows local users to potentially execute arbitra…
|
✅ Patch | Jan 28, 2026 |
| CVE-2020-36992 | High | 7.8 |
Nord VPN 6.31.13.0 contains an unquoted service path vulnerability in its nordvpn-service that allows local attackers to…
|
✅ Patch | Jan 28, 2026 |
| CVE-2025-59895 | High | 7.5 |
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a remote denial-of-service (DoS) vulne…
|
✅ Patch | Jan 28, 2026 |
| CVE-2026-0702 | High | 7.5 |
The VidShop – Shoppable Videos for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the 'f…
|
✅ Patch | Jan 28, 2026 |