🛡️ CVE Intelligence Center
Common Vulnerabilities & Exposures — Security Intelligence Database
| CVE ID | Severity | CVSS | Description | Status | Published |
|---|---|---|---|---|---|
| CVE-2026-21893 | High | 7.2 |
n8n is an open source workflow automation platform. From version 0.187.0 to before 1.120.3, a command injection vulnerab…
|
✅ Patch | Feb 4, 2026 |
| CVE-2025-70841 | Critical | 10.0 |
Dokans Multi-Tenancy Based eCommerce Platform SaaS 3.9.2 allows unauthenticated remote attackers to obtain sensitive app…
|
⚡ Exploit ✅ Patch | Feb 3, 2026 |
| CVE-2026-25510 | Critical | 9.9 |
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorizati…
|
⚡ Exploit ✅ Patch | Feb 3, 2026 |
| CVE-2020-37082 | Critical | 9.8 |
webERP 4.15.1 contains an unauthenticated file access vulnerability that allows remote attackers to download database ba…
|
⚡ Exploit ✅ Patch | Feb 3, 2026 |
| CVE-2019-19006 | Critical | 9.0 |
Sangoma FreePBX Improper Authentication Vulnerability — Sangoma FreePBX contains an improper authentication vulnerabili…
|
⚡ Exploit ✅ Patch | Feb 3, 2026 |
| CVE-2021-39935 | Critical | 9.0 |
GitLab Community and Enterprise Editions Server-Side Request Forgery (SSRF) Vulnerability — GitLab Community and Enterpr…
|
⚡ Exploit ✅ Patch | Feb 3, 2026 |
| CVE-2025-40551 | Critical | 9.0 |
SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability — SolarWinds Web Help Desk contains a deseriali…
|
⚡ Exploit ✅ Patch | Feb 3, 2026 |
| CVE-2025-64328 | Critical | 9.0 |
Sangoma FreePBX OS Command Injection Vulnerability — Sangoma FreePBX Endpoint Manager contains an OS command injection v…
|
⚡ Exploit ✅ Patch | Feb 3, 2026 |
| CVE-2020-37073 | High | 8.8 |
Victor CMS 1.0 contains an authenticated file upload vulnerability that allows administrators to upload PHP files with a…
|
⚡ Exploit ✅ Patch | Feb 3, 2026 |
| CVE-2020-37078 | High | 8.8 |
i-doit Open Source CMDB 1.14.1 contains a file deletion vulnerability in the import module that allows authenticated att…
|
✅ Patch | Feb 3, 2026 |
| CVE-2020-37113 | High | 8.8 |
GUnet OpenEclass 1.7.3 allows authenticated users to bypass file extension restrictions when uploading files. By renamin…
|
⚡ Exploit ✅ Patch | Feb 3, 2026 |
| CVE-2020-37116 | High | 8.8 |
GUnet OpenEclass 1.7.3 includes phpMyAdmin 2.10.0.2 by default, which allows remote logins. Attackers with access to the…
|
⚡ Exploit ✅ Patch | Feb 3, 2026 |
| CVE-2026-1730 | High | 8.8 |
The OS DataHub Maps plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation i…
|
✅ Patch | Feb 3, 2026 |
| CVE-2026-24887 | High | 8.8 |
Claude Code is an agentic coding tool. Prior to version 2.0.72, due to an error in command parsing, it was possible to b…
|
✅ Patch | Feb 3, 2026 |
| CVE-2025-6397 | High | 8.6 |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ankara Host…
|
✅ Patch | Feb 3, 2026 |
| CVE-2019-25260 | High | 8.2 |
OXID eShop versions 6.x prior to 6.3.4 contains a SQL injection vulnerability in the 'sorting' parameter that allows att…
|
✅ Patch | Feb 3, 2026 |
| CVE-2020-37076 | High | 8.2 |
Victor CMS version 1.0 contains a SQL injection vulnerability in the 'post' parameter on post.php that allows remote att…
|
⚡ Exploit ✅ Patch | Feb 3, 2026 |
| CVE-2020-37083 | High | 8.2 |
PHP AddressBook 9.0.0.1 contains a time-based blind SQL injection vulnerability that allows remote attackers to manipula…
|
✅ Patch | Feb 3, 2026 |
| CVE-2025-62501 | High | 8.1 |
SSH Hostkey misconfiguration vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows attackers to obtain de…
|
✅ Patch | Feb 3, 2026 |
| CVE-2026-1375 | High | 8.1 |
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Refere…
|
✅ Patch | Feb 3, 2026 |