🛡️ CVE Intelligence Center
Common Vulnerabilities & Exposures — Security Intelligence Database
| CVE ID | Severity | CVSS | Description | Status | Published |
|---|---|---|---|---|---|
| CVE-2026-28364 | High | 7.9 |
In OCaml before 4.14.3 and 5.x before 5.4.1, a buffer over-read in Marshal deserialization (runtime/intern.c) enables re…
|
✅ Patch | Feb 27, 2026 |
| CVE-2026-1442 | High | 7.8 |
Since the encryption algorithm used to protect firmware updates is itself encrypted using key material available to an a…
|
✅ Patch | Feb 27, 2026 |
| CVE-2025-10990 | High | 7.5 |
A flaw was found in REXML. A remote attacker could exploit inefficient regular expression (regex) parsing when processin…
|
✅ Patch | Feb 27, 2026 |
| CVE-2026-27836 | High | 7.5 |
phpMyFAQ is an open source FAQ web application. Prior to version 4.0.18, the WebAuthn prepare endpoint (`/api/webauthn/p…
|
✅ Patch | Feb 27, 2026 |
| CVE-2026-2428 | High | 7.5 |
The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in…
|
✅ Patch | Feb 27, 2026 |
| CVE-2026-2252 | High | 7.5 |
An XML External Entity (XXE) vulnerability allows malicious user to perform Server-Side Request Forgery (SSRF) via craft…
|
✅ Patch | Feb 27, 2026 |
| CVE-2026-28372 | High | 7.4 |
telnetd in GNU inetutils through 2.7 allows privilege escalation that can be exploited by abusing systemd service creden…
|
✅ Patch | Feb 27, 2026 |
| CVE-2026-27707 | High | 7.3 |
Seerr is an open-source media request and discovery manager for Jellyfin, Plex, and Emby. Starting in version 2.0.0 and …
|
✅ Patch | Feb 27, 2026 |
| CVE-2026-27776 | High | 7.2 |
IM-LogicDesigner module of intra-mart Accel Platform contains insecure deserialization issue. This can be exploited only…
|
✅ Patch | Feb 27, 2026 |
| CVE-2026-25147 | High | 7.1 |
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to versio…
|
✅ Patch | Feb 27, 2026 |
| CVE-2026-27757 | High | 7.1 |
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain an authentication vulnerability that allows authentic…
|
✅ Patch | Feb 27, 2026 |
| CVE-2026-1311 | High | 8.8 |
The Worry Proof Backup plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 0.2.4 …
|
✅ Patch | Feb 26, 2026 |
| CVE-2026-1565 | High | 8.8 |
The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordP…
|
✅ Patch | Feb 26, 2026 |
| CVE-2026-22206 | High | 8.8 |
SPIP versions prior to 4.4.10 contain a SQL injection vulnerability that allows authenticated low-privilege users to exe…
|
✅ Patch | Feb 26, 2026 |
| CVE-2026-26938 | High | 8.6 |
Improper Neutralization of Special Elements Used in a Template Engine (CWE-1336) exists in Workflows in Kibana which cou…
|
✅ Patch | Feb 26, 2026 |
| CVE-2026-3071 | High | 8.4 |
Deserialization of untrusted data in the LanguageModel class of Flair from versions 0.4.1 to latest are vulnerable to ar…
|
✅ Patch | Feb 26, 2026 |
| CVE-2026-28216 | High | 8.3 |
hoppscotch is an open source API development ecosystem. Prior to version 2026.2.0, any logged-in user can read, modify o…
|
⚡ Exploit ✅ Patch | Feb 26, 2026 |
| CVE-2025-71057 | High | 8.2 |
Improper session management in D-Link Wireless N 300 ADSL2+ Modem Router DSL-124 ME_1.00 allows attackers to execute a s…
|
✅ Patch | Feb 26, 2026 |
| CVE-2026-1779 | High | 8.1 |
The User Registration & Membership plugin for WordPress is vulnerable to authentication bypass in versions up to, and in…
|
✅ Patch | Feb 26, 2026 |
| CVE-2026-23750 | High | 8.1 |
Golioth Pouch version 0.1.0, prior to commit 1b2219a1, contains a heap-based buffer overflow in BLE GATT server certific…
|
✅ Patch | Feb 26, 2026 |