🛡️ CVE Intelligence Center
Common Vulnerabilities & Exposures — Security Intelligence Database
| CVE ID | Severity | CVSS | Description | Status | Published |
|---|---|---|---|---|---|
| CVE-2026-39355 | Critical | 9.9 |
Genealogy is a family tree PHP application. Prior to 5.9.1, a critical broken access control vulnerability in the geneal…
|
⚡ Exploit | Apr 7, 2026 |
| CVE-2026-35616 | Critical | 9.8 |
Fortinet FortiClient EMS — CVE-2026-35616
Fortinet FortiClient EMS contains an improper access control vulnerability tha…
|
— | Apr 6, 2026 |
| CVE-2026-26026 | Critical | 9.1 |
GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, template injection by an administ…
|
— | Apr 6, 2026 |
| CVE-2026-26135 | Critical | 9.6 |
Server-side request forgery (ssrf) in Azure Custom Locations Resource Provider (RP) allows an authorized attacker to ele…
|
— | Apr 3, 2026 |
| CVE-2026-32211 | Critical | 9.1 |
Missing authentication for critical function in Azure MCP Server allows an unauthorized attacker to disclose information…
|
— | Apr 3, 2026 |
| CVE-2026-3502 | Critical | 9.8 |
TrueConf Client — CVE-2026-3502
TrueConf Client contains a download of code without integrity check vulnerability. An at…
|
— | Apr 2, 2026 |
| CVE-2026-5281 | Critical | 9.8 |
Google Dawn — CVE-2026-5281
Google Dawn contains an use-after-free vulnerability that could allow a remote attacker who …
|
— | Apr 1, 2026 |
| CVE-2026-30877 | Critical | 9.1 |
baserCMS is a website development framework. Prior to version 5.2.3, there is an OS command injection vulnerability in t…
|
— | Mar 31, 2026 |
| CVE-2026-21861 | Critical | 9.1 |
baserCMS is a website development framework. Prior to version 5.2.3, baserCMS contains an OS command injection vulnerabi…
|
⚡ Exploit | Mar 31, 2026 |
| CVE-2026-3055 | Critical | 9.8 |
Citrix NetScaler — CVE-2026-3055
Citrix NetScaler ADC (formerly Citrix ADC), NetScaler Gateway (formerly Citrix Gateway)…
|
— | Mar 30, 2026 |
| CVE-2026-34714 | Critical | 9.2 |
Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default configurat…
|
✅ Patch | Mar 30, 2026 |
| CVE-2025-53521 | Critical | 9.8 |
F5 BIG-IP — CVE-2025-53521
F5 BIG-IP APM contains a stack-based buffer overflow vulnerability that could allow a threat …
|
— | Mar 27, 2026 |
| CVE-2026-33757 | Critical | 9.6 |
OpenBao is an open source identity-based secrets management system. Prior to version 2.5.2, OpenBao does not prompt for …
|
✅ Patch | Mar 27, 2026 |
| CVE-2026-33669 | Critical | 9.8 |
SiYuan is a personal knowledge management system. Prior to version 3.6.2, document IDs were retrieved via the /api/file/…
|
⚡ Exploit | Mar 26, 2026 |
| CVE-2026-33670 | Critical | 9.8 |
SiYuan is a personal knowledge management system. Prior to version 3.6.2, the /api/file/readDir interface was used to tr…
|
⚡ Exploit | Mar 26, 2026 |
| CVE-2026-33152 | Critical | 9.1 |
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior t…
|
⚡ Exploit | Mar 26, 2026 |
| CVE-2026-33017 | Critical | 9.8 |
Langflow Langflow — CVE-2026-33017
Langflow contains a code injection vulnerability that could allow building public flo…
|
— | Mar 25, 2026 |
| CVE-2026-33502 | Critical | 9.3 |
WWBN AVideo is an open source video platform. In versions up to and including 26.0, an unauthenticated server-side reque…
|
⚡ Exploit ✅ Patch | Mar 23, 2026 |
| CVE-2025-60949 | Critical | 9.1 |
Census CSWeb 8.0.1 allows "app/config" to be reachable via HTTP in some deployments. A remote, unauthenticated attacker …
|
✅ Patch | Mar 23, 2026 |
| CVE-2025-32432 | Critical | 9.8 |
Craft CMS Craft CMS — CVE-2025-32432
Craft CMS contains a code injection vulnerability that allows a remote attacker to …
|
— | Mar 20, 2026 |