🛡️ CVE Intelligence Center
Common Vulnerabilities & Exposures — Security Intelligence Database
| CVE ID | Severity | CVSS | Description | Status | Published |
|---|---|---|---|---|---|
| CVE-2025-13371 | High | 8.6 |
The MoneySpace plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including…
|
✅ Patch | Jan 7, 2026 |
| CVE-2026-0656 | High | 8.2 |
The iPaymu Payment Gateway for WooCommerce plugin for WordPress is vulnerable to Missing Authentication in all versions …
|
✅ Patch | Jan 7, 2026 |
| CVE-2025-66620 | High | 8.0 |
An unused webshell in MicroServer allows unlimited login attempts, with sudo rights on certain files and directories. An…
|
✅ Patch | Jan 7, 2026 |
| CVE-2025-47380 | High | 7.8 |
Memory corruption while preprocessing IOCTLs in sensors.
|
✅ Patch | Jan 7, 2026 |
| CVE-2025-47393 | High | 7.8 |
Memory corruption when accessing resources in kernel driver.
|
✅ Patch | Jan 7, 2026 |
| CVE-2026-21678 | High | 7.8 |
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color …
|
⚡ Exploit ✅ Patch | Jan 7, 2026 |
| CVE-2026-22187 | High | 7.8 |
Bio-Formats versions up to and including 8.3.0 perform unsafe Java deserialization of attacker-controlled memoization ca…
|
✅ Patch | Jan 7, 2026 |
| CVE-2026-21441 | High | 7.5 |
urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HT…
|
✅ Patch | Jan 7, 2026 |
| CVE-2026-22190 | High | 7.5 |
Panda3D versions up to and including 1.10.16 egg-mkfont contains an uncontrolled format string vulnerability. The -gp (g…
|
⚡ Exploit ✅ Patch | Jan 7, 2026 |
| CVE-2025-11877 | High | 7.5 |
The User Activity Log plugin is vulnerable to a limited options update in versions up to, and including, 2.2. The failed…
|
✅ Patch | Jan 7, 2026 |
| CVE-2025-13493 | High | 7.5 |
The Latest Registered Users plugin for WordPress is vulnerable to unauthorized user data export in all versions up to, a…
|
✅ Patch | Jan 7, 2026 |
| CVE-2025-13801 | High | 7.5 |
The Yoco Payments plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 3.8.8 via t…
|
✅ Patch | Jan 7, 2026 |
| CVE-2025-14070 | High | 7.5 |
The Reviewify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check …
|
✅ Patch | Jan 7, 2026 |
| CVE-2025-69262 | High | 7.5 |
pnpm is a package manager. Versions 6.25.0 through 10.26.2 have a Command Injection vulnerability when using environment…
|
⚡ Exploit ✅ Patch | Jan 7, 2026 |
| CVE-2025-69263 | High | 7.5 |
pnpm is a package manager. Versions 10.26.2 and below store HTTP tarball dependencies (and git-hosted tarballs) in the l…
|
⚡ Exploit ✅ Patch | Jan 7, 2026 |
| CVE-2026-21856 | High | 7.2 |
The Tarkov Data Manager is a tool to manage the Tarkov item data. Prior to commit 9bdb3a75a98a7047b6d70144eb1da1655d6992…
|
⚡ Exploit ✅ Patch | Jan 7, 2026 |
| CVE-2026-22186 | High | 7.1 |
Bio-Formats versions up to and including 8.3.0 contain an XML External Entity (XXE) vulnerability in the Leica Microsyst…
|
✅ Patch | Jan 7, 2026 |
| CVE-2025-14835 | High | 7.1 |
The WP Photo Album Plus plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘shortcode’ paramet…
|
✅ Patch | Jan 7, 2026 |
| CVE-2020-36910 | High | 8.8 |
Cayin Signage Media Player 3.0 contains an authenticated remote command injection vulnerability in system.cgi and wizard…
|
✅ Patch | Jan 6, 2026 |
| CVE-2025-15382 | High | 8.1 |
A heap buffer over-read vulnerability exists in the wolfSSH_CleanPath() function in wolfSSH. An authenticated remote att…
|
✅ Patch | Jan 6, 2026 |