🛡️ CVE Intelligence Center
Common Vulnerabilities & Exposures — Security Intelligence Database
| CVE ID | Severity | CVSS | Description | Status | Published |
|---|---|---|---|---|---|
| CVE-2026-27963 | Medium | 4.8 |
Audiobookshelf is a self-hosted audiobook and podcast server. A stored cross-site scripting (XSS) vulnerability exists i…
|
⚡ Exploit ✅ Patch | Feb 26, 2026 |
| CVE-2026-27974 | Medium | 4.8 |
Audiobookshelf is a self-hosted audiobook and podcast server. A cross-site scripting (XSS) vulnerability exists in versi…
|
— | Feb 26, 2026 |
| CVE-2026-26973 | Medium | 4.3 |
Discourse is an open source discussion platform. Versions prior to 2025.12.2, 2026.1.1, and 2026.2.0 have an IDOR (Insec…
|
— | Feb 26, 2026 |
| CVE-2026-27457 | Medium | 4.3 |
Weblate is a web based localization tool. Prior to version 5.16.1, the REST API's `AddonViewSet` (`weblate/api/views.py`…
|
✅ Patch | Feb 26, 2026 |
| CVE-2026-27835 | Medium | 4.3 |
wger is a free, open-source workout and fitness manager. In versions up to and including 2.4, `RepetitionsConfigViewSet`…
|
⚡ Exploit ✅ Patch | Feb 26, 2026 |
| CVE-2026-27839 | Medium | 4.3 |
wger is a free, open-source workout and fitness manager. In versions up to and including 2.4, three `nutritional_values`…
|
⚡ Exploit ✅ Patch | Feb 26, 2026 |
| CVE-2026-28219 | Medium | 4.3 |
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, an improper author…
|
— | Feb 26, 2026 |
| CVE-2026-28295 | Medium | 4.3 |
A flaw was found in the FTP GVfs backend. A malicious FTP server can exploit this vulnerability by providing an arbitrar…
|
— | Feb 26, 2026 |
| CVE-2026-28296 | Medium | 4.3 |
A flaw was found in the FTP GVfs backend. A remote attacker could exploit this input validation vulnerability by supplyi…
|
— | Feb 26, 2026 |
| CVE-2026-27150 | Low | 3.8 |
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, missing `validate_…
|
— | Feb 26, 2026 |
| CVE-2026-27152 | Low | 3.8 |
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, DM communication-p…
|
— | Feb 26, 2026 |
| CVE-2026-23747 | Low | 3.7 |
Golioth Firmware SDK version 0.10.0 prior to 0.22.0, fixed in commit 48f521b, contain a stack-based buffer overflow in P…
|
— | Feb 26, 2026 |
| CVE-2026-23748 | Low | 3.7 |
Golioth Firmware SDK version 0.10.0 prior to 0.22.0, fixed in commit d7f55b38, contain an out-of-bounds read in LightDB …
|
— | Feb 26, 2026 |
| CVE-2026-26227 | Low | 3.7 |
VideoLAN VLC for Android prior to version 3.7.0 contains an authentication bypass in the Remote Access Server feature du…
|
— | Feb 26, 2026 |
| CVE-2026-27838 | Low | 3.1 |
wger is a free, open-source workout and fitness manager. Five routine detail action endpoints check a cache before calli…
|
⚡ Exploit ✅ Patch | Feb 26, 2026 |
| CVE-2026-23749 | Low | 2.9 |
Golioth Firmware SDK version 0.19.1 prior to 0.22.0, fixed in commit 0e788217, contain an out-of-bounds read due to impr…
|
— | Feb 26, 2026 |
| CVE-2026-26979 | Low | 2.7 |
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, TL4 users are able…
|
— | Feb 26, 2026 |
| CVE-2026-27151 | Low | 2.7 |
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, the `move_posts` a…
|
— | Feb 26, 2026 |
| CVE-2026-27153 | Low | 2.7 |
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, moderators could e…
|
— | Feb 26, 2026 |
| CVE-2026-28227 | Low | 2.7 |
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, TL4 users can publ…
|
— | Feb 26, 2026 |