🛡️ CVE Intelligence Center
Common Vulnerabilities & Exposures — Security Intelligence Database
| CVE ID | Severity | CVSS | Description | Status | Published |
|---|---|---|---|---|---|
| CVE-2026-24350 | Medium | 5.4 |
PluXml CMS is vulnerable to Stored XSS in file uploading functionality. An authenticated attacker can upload an SVG file…
|
— | Feb 27, 2026 |
| CVE-2026-24351 | Medium | 5.4 |
PluXml CMS is vulnerable to Stored XSS in Static Pages editing functionality. Attacker with editing privileges can injec…
|
— | Feb 27, 2026 |
| CVE-2026-26997 | Medium | 5.4 |
ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 #59, a normal authenticated user can stor…
|
⚡ Exploit | Feb 27, 2026 |
| CVE-2026-27792 | Medium | 5.4 |
Seerr is an open-source media request and discovery manager for Jellyfin, Plex, and Emby. A missing authorization vulner…
|
— | Feb 27, 2026 |
| CVE-2026-1305 | Medium | 5.3 |
The Japanized for WooCommerce plugin for WordPress is vulnerable to Improper Authentication in versions up to, and inclu…
|
— | Feb 27, 2026 |
| CVE-2026-1558 | Medium | 5.3 |
The WP Recipe Maker plugin for WordPress is vulnerable to an Insecure Direct Object Reference (IDOR) in versions up to, …
|
— | Feb 27, 2026 |
| CVE-2026-27824 | Medium | 5.3 |
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.…
|
⚡ Exploit | Feb 27, 2026 |
| CVE-2026-28351 | Medium | 5.3 |
pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.4, an attacker who uses this vulnerability…
|
— | Feb 27, 2026 |
| CVE-2026-28407 | Medium | 5.3 |
malcontent is software for discovering supply-chain compromises through context, differential analysis, and YARA. Prior …
|
✅ Patch | Feb 27, 2026 |
| CVE-2026-28419 | Medium | 5.3 |
Vim is an open source, command line text editor. Prior to version 9.2.0075, a heap-based buffer underflow exists in Vim'…
|
✅ Patch | Feb 27, 2026 |
| CVE-2026-3281 | Medium | 5.3 |
A vulnerability was detected in libvips 8.19.0. This affects the function vips_bandrank_build of the file libvips/conver…
|
— | Feb 27, 2026 |
| CVE-2025-9572 | Medium | 5.0 |
n authorization flaw in Foreman's GraphQL API allows low-privileged users to access metadata beyond their assigned permi…
|
— | Feb 27, 2026 |
| CVE-2026-22716 | Medium | 5.0 |
Out-of-bound write vulnerability in VMware Workstation 25H1 and below on any platform allows an actor with non-administr…
|
— | Feb 27, 2026 |
| CVE-2026-0871 | Medium | 4.9 |
A flaw was found in Keycloak. An administrator with `manage-users` permission can bypass the "Only administrators can vi…
|
— | Feb 27, 2026 |
| CVE-2026-28270 | Medium | 4.9 |
Kiteworks is a private data network (PDN). Prior to version 9.2.0, a vulnerability in Kiteworks configuration allows upl…
|
— | Feb 27, 2026 |
| CVE-2026-2831 | Medium | 4.9 |
The MailArchiver plugin for WordPress is vulnerable to SQL Injection via the ‘logid’ parameter in all versions up to, an…
|
— | Feb 27, 2026 |
| CVE-2026-20797 | Medium | 4.3 |
A stack based buffer overflow exists in an API route of XWEB Pro version
1.12.1 and prior, enabling unauthenticated att…
|
— | Feb 27, 2026 |
| CVE-2026-27758 | Medium | 4.3 |
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a cross-site request forgery vulnerability in its man…
|
— | Feb 27, 2026 |
| CVE-2026-3302 | Medium | 4.3 |
A weakness has been identified in SourceCodester Doctor Appointment System 1.0. Affected by this issue is some unknown f…
|
⚡ Exploit | Feb 27, 2026 |
| CVE-2026-22877 | Low | 3.7 |
An arbitrary file-read vulnerability exists in XWEB Pro version 1.12.1
and prior, enabling unauthenticated attackers to…
|
— | Feb 27, 2026 |