🛡️ CVE Intelligence Center
Common Vulnerabilities & Exposures — Security Intelligence Database
| CVE ID | Severity | CVSS | Description | Status | Published |
|---|---|---|---|---|---|
| CVE-2025-13916 | Medium | 5.9 |
IBM Aspera Shares 1.9.9 through 1.11.0 uses weaker than expected cryptographic algorithms that could allow an attacker t…
|
— | Apr 1, 2026 |
| CVE-2025-66484 | Medium | 5.5 |
IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to …
|
— | Apr 1, 2026 |
| CVE-2025-66485 | Medium | 5.4 |
IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTTP header injection, caused by improper validation of input by…
|
— | Apr 1, 2026 |
| CVE-2026-4364 | Medium | 5.4 |
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 …
|
— | Apr 1, 2026 |
| CVE-2026-1491 | Medium | 5.3 |
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 …
|
— | Apr 1, 2026 |
| CVE-2026-2862 | Medium | 5.3 |
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 …
|
— | Apr 1, 2026 |
| CVE-2026-34510 | Medium | 5.3 |
OpenClaw before 2026.3.22 contains a path traversal vulnerability in Windows media loaders that accepts remote-host file…
|
— | Apr 1, 2026 |
| CVE-2026-34999 | Medium | 5.3 |
OpenViking versions 0.2.5 prior to 0.2.14 contain a missing authentication vulnerability in the bot proxy router that al…
|
— | Apr 1, 2026 |
| CVE-2026-5311 | Medium | 5.3 |
A security flaw has been discovered in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-32…
|
— | Apr 1, 2026 |
| CVE-2026-5312 | Medium | 5.3 |
A weakness has been identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, D…
|
— | Apr 1, 2026 |
| CVE-2026-1710 | Medium | 6.5 |
The WooPayments: Integrated WooCommerce Payments plugin for WordPress is vulnerable to unauthorized modification of data…
|
— | Mar 31, 2026 |
| CVE-2026-30521 | Medium | 6.5 |
A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to improper server-side validati…
|
⚡ Exploit | Mar 31, 2026 |
| CVE-2026-32976 | Medium | 6.5 |
OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowing channel commands to mutate protected s…
|
— | Mar 31, 2026 |
| CVE-2026-33576 | Medium | 6.5 |
OpenClaw before 2026.3.28 downloads and stores inbound media from Zalo channels before validating sender authorization. …
|
✅ Patch | Mar 31, 2026 |
| CVE-2026-33580 | Medium | 6.5 |
OpenClaw before 2026.3.28 contains a missing rate limiting vulnerability in the Nextcloud Talk webhook authentication th…
|
✅ Patch | Mar 31, 2026 |
| CVE-2026-34215 | Medium | 6.5 |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version…
|
✅ Patch | Mar 31, 2026 |
| CVE-2026-34505 | Medium | 6.5 |
OpenClaw before 2026.3.12 applies rate limiting only after successful webhook authentication, allowing attackers to bypa…
|
— | Mar 31, 2026 |
| CVE-2026-1834 | Medium | 6.4 |
The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin'…
|
— | Mar 31, 2026 |
| CVE-2026-2480 | Medium | 6.4 |
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the…
|
— | Mar 31, 2026 |
| CVE-2026-34716 | Medium | 6.4 |
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo YPTSocket plugin's caller feature r…
|
⚡ Exploit | Mar 31, 2026 |