🛡️ CVE Intelligence Center
Common Vulnerabilities & Exposures — Security Intelligence Database
| CVE ID | Severity | CVSS | Description | Status | Published |
|---|---|---|---|---|---|
| CVE-2026-1138 | High | 8.8 |
A flaw has been found in UTT 进取 520W 1.7.7-180627. This affects the function strcpy of the file /goform/ConfigExceptQQ. …
|
⚡ Exploit ✅ Patch | Jan 19, 2026 |
| CVE-2026-1139 | High | 8.8 |
A vulnerability has been found in UTT 进取 520W 1.7.7-180627. This vulnerability affects the function strcpy of the file /…
|
⚡ Exploit ✅ Patch | Jan 19, 2026 |
| CVE-2026-1140 | High | 8.8 |
A vulnerability was found in UTT 进取 520W 1.7.7-180627. This issue affects the function strcpy of the file /goform/Config…
|
⚡ Exploit ✅ Patch | Jan 19, 2026 |
| CVE-2026-23732 | High | 7.5 |
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, FastGlyph parsing trusts `cbDa…
|
⚡ Exploit ✅ Patch | Jan 19, 2026 |
| CVE-2026-23850 | High | 7.5 |
SiYuan is a personal knowledge management system. In versions prior to 3.5.4, the markdown feature allows unrestricted s…
|
⚡ Exploit ✅ Patch | Jan 19, 2026 |
| CVE-2025-68616 | High | 7.5 |
WeasyPrint helps web developers to create PDF documents. Prior to version 68.0, a server-side request forgery (SSRF) pro…
|
⚡ Exploit ✅ Patch | Jan 19, 2026 |
| CVE-2026-1192 | High | 7.3 |
A vulnerability was determined in Tosei Online Store Management System ネット店舗管理システム 1.01. The affected element is an unkn…
|
⚡ Exploit ✅ Patch | Jan 19, 2026 |
| CVE-2026-23644 | High | 7.5 |
esm.sh is a no-build content delivery network (CDN) for web development. Prior to Go pseeudoversion 0.0.0-20260116051925…
|
⚡ Exploit ✅ Patch | Jan 18, 2026 |
| CVE-2025-14478 | High | 7.5 |
The Demo Importer Plus plugin for WordPress is vulnerable to XML External Entity Injection (XXE) in all versions up to, …
|
✅ Patch | Jan 17, 2026 |
| CVE-2026-0517 | High | 7.5 |
CVE-2026-0517 is a denial-of-service vulnerability in versions of Secure
Access Server prior to 14.20. An attacker can …
|
✅ Patch | Jan 17, 2026 |
| CVE-2026-23523 | Critical | 9.6 |
Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. Prior to 0.13.0…
|
⚡ Exploit ✅ Patch | Jan 16, 2026 |
| CVE-2026-21625 | High | 8.8 |
User provided uploads to the Easy Discuss component for Joomla aren't properly validated. Uploads are purely checked by …
|
✅ Patch | Jan 16, 2026 |
| CVE-2021-47794 | High | 8.8 |
ZesleCP 3.1.9 contains an authenticated remote code execution vulnerability that allows attackers to create malicious FT…
|
⚡ Exploit ✅ Patch | Jan 16, 2026 |
| CVE-2021-47816 | High | 8.8 |
Thecus N4800Eco NAS Server Control Panel contains a command injection vulnerability that allows authenticated attackers …
|
✅ Patch | Jan 16, 2026 |
| CVE-2025-12957 | High | 8.8 |
The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and incl…
|
✅ Patch | Jan 16, 2026 |
| CVE-2021-47756 | High | 8.4 |
Laravel Valet versions 1.1.4 to 2.0.3 contain a local privilege escalation vulnerability that allows users to modify the…
|
✅ Patch | Jan 16, 2026 |
| CVE-2025-61943 | High | 8.4 |
The vulnerability, if exploited, could allow an authenticated miscreant
(Process Optimization Standard User) to tamper …
|
✅ Patch | Jan 16, 2026 |
| CVE-2021-47782 | High | 8.2 |
Odine Solutions GateKeeper 1.0 contains a SQL injection vulnerability in the trafficCycle API endpoint that allows remot…
|
✅ Patch | Jan 16, 2026 |
| CVE-2021-47801 | High | 8.2 |
Vianeos OctoPUS 5 contains a time-based blind SQL injection vulnerability in the 'login_user' parameter during authentic…
|
✅ Patch | Jan 16, 2026 |
| CVE-2025-14844 | High | 8.2 |
The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Missing Authentication in all versions up…
|
✅ Patch | Jan 16, 2026 |