🛡️ CVE Intelligence Center
Common Vulnerabilities & Exposures — Security Intelligence Database
| CVE ID | Severity | CVSS | Description | Status | Published |
|---|---|---|---|---|---|
| CVE-2026-25506 | High | 7.7 |
MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can …
|
✅ Patch | Feb 10, 2026 |
| CVE-2025-40587 | High | 7.6 |
A vulnerability has been identified in Polarion V2404 (All versions < V2404.5), Polarion V2410 (All versions < V2410.2).…
|
✅ Patch | Feb 10, 2026 |
| CVE-2026-0485 | High | 7.5 |
SAP BusinessObjects BI Platform allows an unauthenticated attacker to send specially crafted requests that could cause t…
|
✅ Patch | Feb 10, 2026 |
| CVE-2026-0490 | High | 7.5 |
SAP BusinessObjects BI Platform allows an unauthenticated attacker to craft a specific network request to the trusted en…
|
✅ Patch | Feb 10, 2026 |
| CVE-2026-2093 | High | 7.5 |
Docpedia developed by Flowring has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject ar…
|
✅ Patch | Feb 10, 2026 |
| CVE-2026-21218 | High | 7.5 |
Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network.
|
✅ Patch | Feb 10, 2026 |
| CVE-2026-2268 | High | 7.5 |
The Ninja Forms plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and includin…
|
✅ Patch | Feb 10, 2026 |
| CVE-2026-25728 | High | 7.5 |
ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - #40, a Time-of-Check to Time-of-Use (TOCTOU) ra…
|
⚡ Exploit ✅ Patch | Feb 10, 2026 |
| CVE-2026-0508 | High | 7.3 |
The SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker with high privileges to insert m…
|
✅ Patch | Feb 10, 2026 |
| CVE-2026-0845 | High | 7.2 |
The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is…
|
✅ Patch | Feb 10, 2026 |
| CVE-2026-1866 | High | 7.2 |
The Name Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via double HTML-entity encoding in …
|
✅ Patch | Feb 10, 2026 |
| CVE-2026-2260 | High | 7.2 |
A vulnerability was found in D-Link DCS-931L up to 1.13.0. This affects an unknown part of the file /goform/setSysAdmin.…
|
⚡ Exploit ✅ Patch | Feb 10, 2026 |
| CVE-2026-21508 | High | 7.0 |
Improper authentication in Windows Storage allows an authorized attacker to elevate privileges locally.
|
✅ Patch | Feb 10, 2026 |
| CVE-2025-10465 | High | 8.8 |
Unrestricted Upload of File with Dangerous Type vulnerability in Birtech Information Technologies Industry and Trade Ltd…
|
✅ Patch | Feb 9, 2026 |
| CVE-2026-25495 | High | 8.8 |
Craft is a platform for creating digital experiences. In Craft versions 4.0.0-RC1 through 4.16.17 and 5.0.0-RC1 through …
|
⚡ Exploit ✅ Patch | Feb 9, 2026 |
| CVE-2026-25497 | High | 8.8 |
Craft is a platform for creating digital experiences. In Craft versions from 4.0.0-RC1 to before 4.17.0-beta.1 and 5.9.0…
|
✅ Patch | Feb 9, 2026 |
| CVE-2026-25812 | High | 8.8 |
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application enable…
|
✅ Patch | Feb 9, 2026 |
| CVE-2025-7799 | High | 8.6 |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Zirve Infor…
|
✅ Patch | Feb 9, 2026 |
| CVE-2026-0870 | High | 7.8 |
MacroHub developed by GIGABYTE has a Local Privilege Escalation vulnerability. Due to the MacroHub application launching…
|
✅ Patch | Feb 9, 2026 |
| CVE-2026-2236 | High | 7.5 |
C&Cm@il developed by HGiga has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbit…
|
✅ Patch | Feb 9, 2026 |