🛡️ CVE Intelligence Center
Common Vulnerabilities & Exposures — Security Intelligence Database
| CVE ID | Severity | CVSS | Description | Status | Published |
|---|---|---|---|---|---|
| CVE-2025-14541 | High | 7.2 |
The Lucky Wheel Giveaway plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and includin…
|
✅ Patch | Feb 11, 2026 |
| CVE-2025-15440 | High | 7.2 |
The iONE360 configurator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Contact Form Paramet…
|
✅ Patch | Feb 11, 2026 |
| CVE-2026-20617 | High | 7.0 |
A race condition was addressed with improved state handling. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe…
|
✅ Patch | Feb 11, 2026 |
| CVE-2026-26157 | High | 7.0 |
A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attacker to craf…
|
✅ Patch | Feb 11, 2026 |
| CVE-2026-26158 | High | 7.0 |
A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the intended extraction di…
|
✅ Patch | Feb 11, 2026 |
| CVE-2025-7347 | High | 8.8 |
Authorization Bypass Through User-Controlled Key vulnerability in Dinibh Puzzle Software Solutions Dinibh Patrol Trackin…
|
✅ Patch | Feb 10, 2026 |
| CVE-2025-7636 | High | 8.8 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ergosis Security S…
|
✅ Patch | Feb 10, 2026 |
| CVE-2026-0652 | High | 8.8 |
On TP-Link Tapo C260 v1, command injection vulnerability exists due to improper sanitization in certain POST parameters …
|
✅ Patch | Feb 10, 2026 |
| CVE-2026-2094 | High | 8.8 |
Docpedia developed by Flowring has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbi…
|
✅ Patch | Feb 10, 2026 |
| CVE-2026-2097 | High | 8.8 |
Agentflow developed by Flowring has an Arbitrary File Upload vulnerability, allowing authenticated remote attackers to u…
|
✅ Patch | Feb 10, 2026 |
| CVE-2026-21256 | High | 8.8 |
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio …
|
✅ Patch | Feb 10, 2026 |
| CVE-2026-21516 | High | 8.8 |
Improper neutralization of special elements used in a command ('command injection') in Github Copilot allows an unauthor…
|
✅ Patch | Feb 10, 2026 |
| CVE-2026-21537 | High | 8.8 |
Improper control of generation of code ('code injection') in Microsoft Defender for Linux allows an unauthorized attacke…
|
✅ Patch | Feb 10, 2026 |
| CVE-2026-23687 | High | 8.8 |
SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtai…
|
✅ Patch | Feb 10, 2026 |
| CVE-2025-6967 | High | 8.7 |
Execution After Redirect (EAR) vulnerability in Sarman Soft Software and Technology Services Industry and Trade Ltd. Co.…
|
✅ Patch | Feb 10, 2026 |
| CVE-2026-1603 | High | 8.6 |
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to …
|
✅ Patch | Feb 10, 2026 |
| CVE-2026-21228 | High | 8.1 |
Improper certificate validation in Azure Local allows an unauthorized attacker to execute code over a network.
|
✅ Patch | Feb 10, 2026 |
| CVE-2026-25646 | High | 8.1 |
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) …
|
⚡ Exploit ✅ Patch | Feb 10, 2026 |
| CVE-2026-21229 | High | 8.0 |
Improper input validation in Power BI allows an authorized attacker to execute code over a network.
|
✅ Patch | Feb 10, 2026 |
| CVE-2026-21257 | High | 8.0 |
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio …
|
✅ Patch | Feb 10, 2026 |