🛡️ CVE Intelligence Center
Common Vulnerabilities & Exposures — Security Intelligence Database
| CVE ID | Severity | CVSS | Description | Status | Published |
|---|---|---|---|---|---|
| CVE-2025-69227 | High | 7.5 |
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow for an i…
|
✅ Patch | Jan 6, 2026 |
| CVE-2025-69228 | High | 7.5 |
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a reques…
|
✅ Patch | Jan 6, 2026 |
| CVE-2025-15364 | High | 7.3 |
The Download Manager plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up …
|
✅ Patch | Jan 6, 2026 |
| CVE-2025-14997 | High | 7.2 |
The BuddyPress Xprofile Custom Field Types plugin for WordPress is vulnerable to arbitrary file deletion due to insuffic…
|
✅ Patch | Jan 6, 2026 |
| CVE-2025-59157 | Critical | 9.9 |
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0…
|
⚡ Exploit ✅ Patch | Jan 5, 2026 |
| CVE-2025-64420 | Critical | 9.9 |
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions …
|
⚡ Exploit ✅ Patch | Jan 5, 2026 |
| CVE-2025-64419 | Critical | 9.6 |
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0…
|
⚡ Exploit ✅ Patch | Jan 5, 2026 |
| CVE-2025-15240 | High | 8.8 |
QOCA aim AI Medical Cloud Platform developed by Quanta Computer has an Arbitrary File Upload vulnerability, allowing aut…
|
✅ Patch | Jan 5, 2026 |
| CVE-2025-15462 | High | 8.8 |
A vulnerability has been found in UTT 进取 520W 1.7.7-180627. This issue affects the function strcpy of the file /goform/C…
|
⚡ Exploit ✅ Patch | Jan 5, 2026 |
| CVE-2025-59156 | High | 8.8 |
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0…
|
⚡ Exploit ✅ Patch | Jan 5, 2026 |
| CVE-2025-64423 | High | 8.8 |
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions …
|
⚡ Exploit ✅ Patch | Jan 5, 2026 |
| CVE-2025-64424 | High | 8.8 |
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions …
|
⚡ Exploit ✅ Patch | Jan 5, 2026 |
| CVE-2025-66518 | High | 8.8 |
Any client who can access to Apache Kyuubi Server via Kyuubi frontend protocols can bypass server-side config kyuubi.ses…
|
✅ Patch | Jan 5, 2026 |
| CVE-2025-68454 | High | 8.8 |
Craft is a platform for creating digital experiences. Versions 5.0.0-RC1 through 5.8.20 and 4.0.0-RC1 through 4.16.16 ar…
|
⚡ Exploit ✅ Patch | Jan 5, 2026 |
| CVE-2025-64425 | High | 8.1 |
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions …
|
⚡ Exploit ✅ Patch | Jan 5, 2026 |
| CVE-2025-59158 | High | 8.0 |
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Coolify versions pri…
|
⚡ Exploit ✅ Patch | Jan 5, 2026 |
| CVE-2025-64421 | High | 8.0 |
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions …
|
⚡ Exploit ✅ Patch | Jan 5, 2026 |
| CVE-2025-68428 | High | 7.5 |
jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.0.0, user control of the first argument of the loa…
|
✅ Patch | Jan 5, 2026 |
| CVE-2025-68547 | High | 7.5 |
Missing Authorization vulnerability in WPweb Follow My Blog Post allows Exploiting Incorrectly Configured Access Control…
|
✅ Patch | Jan 5, 2026 |
| CVE-2026-0621 | High | 7.5 |
Anthropic's MCP TypeScript SDK versions up to and including 1.25.1 contain a regular expression denial of service (ReDoS…
|
⚡ Exploit ✅ Patch | Jan 5, 2026 |