🛡️ CVE Intelligence Center
Common Vulnerabilities & Exposures — Security Intelligence Database
| CVE ID | Severity | CVSS | Description | Status | Published |
|---|---|---|---|---|---|
| CVE-2026-5349 | High | 8.8 |
A vulnerability was identified in Trendnet TEW-657BRM 1.00.1. The affected element is the function add_apcdb of the file…
|
⚡ Exploit | Apr 2, 2026 |
| CVE-2026-34794 | High | 8.8 |
Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE paramet…
|
— | Apr 2, 2026 |
| CVE-2026-34796 | High | 8.8 |
Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE paramet…
|
— | Apr 2, 2026 |
| CVE-2026-34793 | High | 8.8 |
Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE paramet…
|
— | Apr 2, 2026 |
| CVE-2026-34728 | High | 8.7 |
phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the MediaBrowserController::index() method handl…
|
⚡ Exploit | Apr 2, 2026 |
| CVE-2026-34742 | High | 8.1 |
The Go MCP SDK used Go's standard encoding/json. Prior to version 1.4.0, the Model Context Protocol (MCP) Go SDK does no…
|
✅ Patch | Apr 2, 2026 |
| CVE-2026-4347 | High | 8.1 |
The MW WP Form plugin for WordPress is vulnerable to arbitrary file moving due to insufficient file path validation via …
|
— | Apr 2, 2026 |
| CVE-2026-34576 | High | 7.7 |
Postiz is an AI social media scheduling tool. Prior to version 2.21.3, the POST /public/v1/upload-from-url endpoint acce…
|
⚡ Exploit | Apr 2, 2026 |
| CVE-2026-34426 | High | 7.6 |
OpenClaw versions prior to commit b57b680 contain an approval bypass vulnerability due to inconsistent environment varia…
|
✅ Patch | Apr 2, 2026 |
| CVE-2026-33614 | High | 7.5 |
An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getinfo endpoint du…
|
— | Apr 2, 2026 |
| CVE-2026-34752 | High | 7.5 |
Haraka is a Node.js mail server. Prior to version 3.1.4, sending an email with __proto__: as a header name crashes the H…
|
⚡ Exploit | Apr 2, 2026 |
| CVE-2026-5032 | High | 7.5 |
The W3 Total Cache plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.9.…
|
— | Apr 2, 2026 |
| CVE-2026-33616 | High | 7.5 |
An unauthenticated remote attacker can exploit an unauthenticated blind SQL Injection vulnerability in the mb24api endpo…
|
— | Apr 2, 2026 |
| CVE-2026-33951 | High | 7.5 |
Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0-beta.1, the Signal…
|
— | Apr 2, 2026 |
| CVE-2026-5368 | High | 7.3 |
A vulnerability was determined in projectworlds Car Rental Project 1.0. The affected element is an unknown function of t…
|
— | Apr 2, 2026 |
| CVE-2026-5346 | High | 7.3 |
A vulnerability was determined in huimeicloud hm_editor up to 2.2.3. Impacted is the function client.get of the file src…
|
— | Apr 2, 2026 |
| CVE-2026-5320 | High | 7.3 |
A vulnerability was detected in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is an unknown functionality o…
|
— | Apr 2, 2026 |
| CVE-2026-5334 | High | 7.3 |
A weakness has been identified in itsourcecode Online Enrollment System 1.0. Impacted is an unknown function of the file…
|
— | Apr 2, 2026 |
| CVE-2026-5333 | High | 7.3 |
A security flaw has been discovered in DefaultFuction Content-Management-System 1.0. This issue affects some unknown pro…
|
— | Apr 2, 2026 |
| CVE-2026-5322 | High | 7.3 |
A vulnerability has been found in AlejandroArciniegas mcp-data-vis bc597e391f184d2187062fd567599a3cb72adf51/de5a51525a69…
|
— | Apr 2, 2026 |