🛡️ CVE Intelligence Center
Common Vulnerabilities & Exposures — Security Intelligence Database
| CVE ID | Severity | CVSS | Description | Status | Published |
|---|---|---|---|---|---|
| CVE-2026-6108 | Medium | 6.3 |
A vulnerability was found in 1Panel-dev MaxKB up to 2.6.1. The affected element is the function execute of the file apps…
|
— | Apr 12, 2026 |
| CVE-2026-6119 | Medium | 6.3 |
A vulnerability was identified in AstrBotDevs AstrBot up to 4.22.1. The affected element is the function post_data.get o…
|
— | Apr 12, 2026 |
| CVE-2026-6125 | Medium | 6.3 |
A security flaw has been discovered in Dromara warm-flow up to 1.8.4. Impacted is the function SpelHelper.parseExpressio…
|
— | Apr 12, 2026 |
| CVE-2026-6117 | Medium | 6.3 |
A vulnerability was found in AstrBotDevs AstrBot up to 4.22.1. This issue affects the function install_plugin_upload of …
|
— | Apr 12, 2026 |
| CVE-2026-6118 | Medium | 6.3 |
A vulnerability was determined in AstrBotDevs AstrBot up to 4.22.1. Impacted is the function add_mcp_server of the file …
|
— | Apr 12, 2026 |
| CVE-2019-25712 | Medium | 6.2 |
BlueAuditor 1.7.2.0 contains a buffer overflow vulnerability in the registration key field that allows local attackers t…
|
— | Apr 12, 2026 |
| CVE-2019-25711 | Medium | 6.2 |
SpotFTP Password Recover 2.4.2 contains a denial of service vulnerability that allows local attackers to crash the appli…
|
— | Apr 12, 2026 |
| CVE-2017-20239 | Medium | 6.1 |
MDwiki contains a cross-site scripting vulnerability that allows remote attackers to execute arbitrary JavaScript by inj…
|
— | Apr 12, 2026 |
| CVE-2026-5144 | High | 8.8 |
The BuddyPress Groupblog plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including…
|
— | Apr 11, 2026 |
| CVE-2026-6105 | High | 7.3 |
A security vulnerability has been detected in perfree go-fastdfs-web up to 1.3.7. This affects an unknown part of the fi…
|
— | Apr 11, 2026 |
| CVE-2026-5217 | High | 7.2 |
The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for WordPress is vuln…
|
— | Apr 11, 2026 |
| CVE-2026-5809 | High | 7.1 |
The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 3.0.2. Th…
|
— | Apr 11, 2026 |
| CVE-2026-5207 | Medium | 6.5 |
The LifterLMS plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and i…
|
— | Apr 11, 2026 |
| CVE-2026-3498 | Medium | 6.4 |
The BlockArt Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'clientId' block attribute…
|
— | Apr 11, 2026 |
| CVE-2026-4895 | Medium | 6.4 |
The GreenShift - Animation and Page Builder Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting in …
|
— | Apr 11, 2026 |
| CVE-2026-5226 | Medium | 6.1 |
The Optimole – Optimize Images in Real Time plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL…
|
— | Apr 11, 2026 |
| CVE-2026-3358 | Medium | 5.4 |
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized private course e…
|
— | Apr 11, 2026 |
| CVE-2026-4979 | Medium | 5.0 |
The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP plugin for WordPre…
|
— | Apr 11, 2026 |
| CVE-2026-5989 | High | 8.8 |
A flaw has been found in Tenda F451 1.0.0.7. Affected is the function fromRouteStatic of the file /goform/RouteStatic. E…
|
— | Apr 10, 2026 |
| CVE-2026-5990 | High | 8.8 |
A vulnerability has been found in Tenda F451 1.0.0.7. Affected by this vulnerability is the function fromSafeEmailFilter…
|
— | Apr 10, 2026 |