🛡️ CVE Intelligence Center
Common Vulnerabilities & Exposures — Security Intelligence Database
| CVE ID | Severity | CVSS | Description | Status | Published |
|---|---|---|---|---|---|
| CVE-2025-14657 | High | 7.2 |
The Eventin – Event Manager, Events Calendar, Event Tickets and Registrations plugin for WordPress is vulnerable to unau…
|
✅ Patch | Jan 9, 2026 |
| CVE-2025-14937 | High | 7.2 |
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'acff' parame…
|
✅ Patch | Jan 9, 2026 |
| CVE-2025-15055 | High | 7.2 |
The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'notes' and 'resource' …
|
✅ Patch | Jan 9, 2026 |
| CVE-2025-15057 | High | 7.2 |
The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `fh` (fingerprint) para…
|
✅ Patch | Jan 9, 2026 |
| CVE-2025-66052 | High | 7.2 |
Vivotek IP7137 camera with firmware version 0200a is vulnerable to command injection. Parameter "system_ntpIt" used by "…
|
✅ Patch | Jan 9, 2026 |
| CVE-2019-25289 | High | 8.8 |
SmartLiving SmartLAN <=6.x contains an authenticated remote command injection vulnerability in the web.cgi binary throug…
|
✅ Patch | Jan 8, 2026 |
| CVE-2026-22042 | High | 8.8 |
RustFS is a distributed object storage system built in Rust. Prior to version 1.0.0-alpha.79, he `ImportIam` admin API v…
|
⚡ Exploit ✅ Patch | Jan 8, 2026 |
| CVE-2019-25231 | High | 8.4 |
devolo dLAN Cockpit 4.3.1 contains an unquoted service path vulnerability in the 'DevoloNetworkService' that allows loca…
|
✅ Patch | Jan 8, 2026 |
| CVE-2026-22035 | High | 7.7 |
Greenshot is an open source Windows screenshot utility. Versions 1.3.310 and below arvulnerable to OS Command Injection …
|
⚡ Exploit ✅ Patch | Jan 8, 2026 |
| CVE-2026-22245 | High | 7.5 |
Mastodon is a free, open-source social network server based on ActivityPub. By nature, Mastodon performs a lot of outbou…
|
✅ Patch | Jan 8, 2026 |
| CVE-2019-25279 | High | 7.5 |
FaceSentry Access Control System 6.4.8 contains a cleartext password storage vulnerability that allows attackers to acce…
|
⚡ Exploit ✅ Patch | Jan 8, 2026 |
| CVE-2019-25291 | High | 7.5 |
INIM Electronics Smartliving SmartLAN/G/SI <=6.x contains hard-coded credentials in its Linux distribution image that ca…
|
✅ Patch | Jan 8, 2026 |
| CVE-2025-68151 | High | 7.5 |
CoreDNS is a DNS server that chains plugins. Prior to version 1.14.0, multiple CoreDNS server implementations (gRPC, HTT…
|
✅ Patch | Jan 8, 2026 |
| CVE-2025-14436 | High | 7.2 |
The Brevo for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘user_connection_id’…
|
✅ Patch | Jan 8, 2026 |
| CVE-2026-22241 | High | 7.2 |
The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, …
|
⚡ Exploit ✅ Patch | Jan 8, 2026 |
| CVE-2026-22244 | High | 7.2 |
OpenMetadata is a unified metadata platform. Versions prior to 1.11.4 are vulnerable to remote code execution via Server…
|
⚡ Exploit ✅ Patch | Jan 8, 2026 |
| CVE-2025-69222 | Critical | 9.1 |
LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 is prone to a server-side request forgery (SSRF…
|
⚡ Exploit ✅ Patch | Jan 7, 2026 |
| CVE-2009-0556 | Critical | 9.0 |
Microsoft Office PowerPoint Code Injection Vulnerability — Microsoft Office PowerPoint contains a code injection vulnera…
|
⚡ Exploit ✅ Patch | Jan 7, 2026 |
| CVE-2025-37164 | Critical | 9.0 |
Hewlett Packard Enterprise (HPE) OneView Code Injection Vulnerability — Hewlett Packard Enterprise (HPE) OneView contain…
|
⚡ Exploit ✅ Patch | Jan 7, 2026 |
| CVE-2025-15158 | High | 8.8 |
The WP Enable WebP plugin for WordPress is vulnerable to arbitrary file uploads due to improper file type validation in …
|
✅ Patch | Jan 7, 2026 |