🛡️ CVE Intelligence Center
Common Vulnerabilities & Exposures — Security Intelligence Database
| CVE ID | Severity | CVSS | Description | Status | Published |
|---|---|---|---|---|---|
| CVE-2026-28363 | Critical | 9.9 |
In OpenClaw before 2026.2.23, tools.exec.safeBins validation for sort could be bypassed via GNU long-option abbreviation…
|
✅ Patch | Feb 27, 2026 |
| CVE-2026-2749 | Critical | 9.9 |
Vulnerability in Centreon Centreon Open Tickets on Central Server on Linux (Centroen Open Ticket modules).This issue aff…
|
✅ Patch | Feb 27, 2026 |
| CVE-2026-27755 | Critical | 9.8 |
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a weak session identifier generation vulnerability th…
|
✅ Patch | Feb 27, 2026 |
| CVE-2026-27751 | Critical | 9.8 |
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a default credentials vulnerability that allows remot…
|
✅ Patch | Feb 27, 2026 |
| CVE-2026-2251 | Critical | 9.8 |
Improper limitation of a pathname to a restricted directory (Path Traversal) vulnerability in Xerox FreeFlow Core allows…
|
✅ Patch | Feb 27, 2026 |
| CVE-2026-28268 | Critical | 9.8 |
Vikunja is an open-source self-hosted task management platform. Versions prior to 2.1.0 have a business logic vulnerabil…
|
✅ Patch | Feb 27, 2026 |
| CVE-2025-12981 | Critical | 9.8 |
The Listee theme for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.1.6. This i…
|
✅ Patch | Feb 27, 2026 |
| CVE-2025-11252 | Critical | 9.8 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Signum Technology …
|
✅ Patch | Feb 27, 2026 |
| CVE-2026-24352 | Critical | 9.8 |
PluXml CMS allows a user's session identifier to be set before authentication. The value of this session ID stays the sa…
|
✅ Patch | Feb 27, 2026 |
| CVE-2026-3301 | Critical | 9.8 |
A security flaw has been discovered in Totolink N300RH 6.1c.1353_B20190305. Affected by this vulnerability is the functi…
|
⚡ Exploit ✅ Patch | Feb 27, 2026 |
| CVE-2025-11251 | Critical | 9.8 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Dayneks Software I…
|
✅ Patch | Feb 27, 2026 |
| CVE-2026-2750 | Critical | 9.1 |
Improper Input Validation vulnerability in Centreon Centreon Open Tickets on Central Server on Linux (Centreon Open Tick…
|
✅ Patch | Feb 27, 2026 |
| CVE-2026-28370 | Critical | 9.1 |
In the query parser in OpenStack Vitrage before 12.0.1, 13.0.0, 14.0.0, and 15.0.0, a user allowed to access the Vitrage…
|
⚡ Exploit ✅ Patch | Feb 27, 2026 |
| CVE-2026-27975 | Critical | 9.8 |
Ajenti is a Linux and BSD modular server admin panel. Prior to version 2.2.13, an unauthenticated user could gain access…
|
✅ Patch | Feb 26, 2026 |
| CVE-2026-28213 | Critical | 9.8 |
EverShop is a TypeScript-first eCommerce platform. Versions prior to 2.1.1 have a vulnerability in the "Forgot Password"…
|
✅ Patch | Feb 26, 2026 |
| CVE-2025-50857 | Critical | 9.8 |
ZenTaoPMS v18.11 through v21.6.beta is vulnerable to Directory Traversal in /module/ai/control.php. This allows attacker…
|
✅ Patch | Feb 26, 2026 |
| CVE-2026-22207 | Critical | 9.8 |
OpenViking through version 0.1.18, prior to commit 0251c70, contains a broken access control vulnerability that allows u…
|
✅ Patch | Feb 26, 2026 |
| CVE-2026-27510 | Critical | 9.6 |
Unitree Go2 firmware versions 1.1.7 through 1.1.11, when used with the Unitree Go2 Android application (com.unitree.dogg…
|
✅ Patch | Feb 26, 2026 |
| CVE-2026-28215 | Critical | 9.1 |
hoppscotch is an open source API development ecosystem. Prior to version 2026.2.0, an unauthenticated attacker can overw…
|
⚡ Exploit ✅ Patch | Feb 26, 2026 |
| CVE-2026-20127 | Critical | 9.0 |
Cisco Catalyst SD-WAN Controller and Manager Authentication Bypass Vulnerability — Cisco Catalyst SD-WAN Controller, for…
|
⚡ Exploit ✅ Patch | Feb 25, 2026 |