🛡️ CVE Intelligence Center
Common Vulnerabilities & Exposures — Security Intelligence Database
| CVE ID | Severity | CVSS | Description | Status | Published |
|---|---|---|---|---|---|
| CVE-2026-26207 | Medium | 5.4 |
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, `discourse-policy`…
|
— | Feb 26, 2026 |
| CVE-2026-28218 | Medium | 5.4 |
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, fail-open access c…
|
— | Feb 26, 2026 |
| CVE-2026-2356 | Medium | 5.3 |
The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vuln…
|
— | Feb 26, 2026 |
| CVE-2026-24004 | Medium | 5.3 |
Fleet is open source device management software. In versions prior to 4.80.1, a vulnerability in Fleet’s Android MDM Pub…
|
— | Feb 26, 2026 |
| CVE-2026-27021 | Medium | 5.3 |
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, the voters endpoin…
|
— | Feb 26, 2026 |
| CVE-2026-28132 | Medium | 5.3 |
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in villatheme WooCommerce Ph…
|
— | Feb 26, 2026 |
| CVE-2026-26228 | Medium | 4.9 |
VideoLAN VLC for Android prior to version 3.7.0 contains a path traversal vulnerability in the Remote Access Server rout…
|
— | Feb 26, 2026 |
| CVE-2026-26936 | Medium | 4.9 |
Inefficient Regular Expression Complexity (CWE-1333) in the AI Inference Anonymization Engine in Kibana can lead Denial …
|
— | Feb 26, 2026 |
| CVE-2026-27162 | Medium | 4.9 |
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, `posts_nearby` was…
|
— | Feb 26, 2026 |
| CVE-2026-27963 | Medium | 4.8 |
Audiobookshelf is a self-hosted audiobook and podcast server. A stored cross-site scripting (XSS) vulnerability exists i…
|
⚡ Exploit ✅ Patch | Feb 26, 2026 |
| CVE-2026-27974 | Medium | 4.8 |
Audiobookshelf is a self-hosted audiobook and podcast server. A cross-site scripting (XSS) vulnerability exists in versi…
|
— | Feb 26, 2026 |
| CVE-2026-26973 | Medium | 4.3 |
Discourse is an open source discussion platform. Versions prior to 2025.12.2, 2026.1.1, and 2026.2.0 have an IDOR (Insec…
|
— | Feb 26, 2026 |
| CVE-2026-27457 | Medium | 4.3 |
Weblate is a web based localization tool. Prior to version 5.16.1, the REST API's `AddonViewSet` (`weblate/api/views.py`…
|
✅ Patch | Feb 26, 2026 |
| CVE-2026-27835 | Medium | 4.3 |
wger is a free, open-source workout and fitness manager. In versions up to and including 2.4, `RepetitionsConfigViewSet`…
|
⚡ Exploit ✅ Patch | Feb 26, 2026 |
| CVE-2026-27839 | Medium | 4.3 |
wger is a free, open-source workout and fitness manager. In versions up to and including 2.4, three `nutritional_values`…
|
⚡ Exploit ✅ Patch | Feb 26, 2026 |
| CVE-2026-28219 | Medium | 4.3 |
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, an improper author…
|
— | Feb 26, 2026 |
| CVE-2026-28295 | Medium | 4.3 |
A flaw was found in the FTP GVfs backend. A malicious FTP server can exploit this vulnerability by providing an arbitrar…
|
— | Feb 26, 2026 |
| CVE-2026-28296 | Medium | 4.3 |
A flaw was found in the FTP GVfs backend. A remote attacker could exploit this input validation vulnerability by supplyi…
|
— | Feb 26, 2026 |
| CVE-2023-31364 | Medium | — |
Improper handling of direct memory writes in the input-output memory management unit could allow a malicious guest virtu…
|
— | Feb 26, 2026 |
| CVE-2025-11381 | Medium | — |
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
|
— | Feb 26, 2026 |