🛡️ CVE Intelligence Center
Common Vulnerabilities & Exposures — Security Intelligence Database
| CVE ID | Severity | CVSS | Description | Status | Published |
|---|---|---|---|---|---|
| CVE-2026-34603 | High | 7.1 |
Tina is a headless content management system. Prior to version 2.2.2, @tinacms/cli recently added lexical path-traversal…
|
✅ Patch | Apr 1, 2026 |
| CVE-2026-34604 | High | 7.1 |
Tina is a headless content management system. Prior to version 2.2.2, @tinacms/graphql uses string-based path containmen…
|
✅ Patch | Apr 1, 2026 |
| CVE-2026-20097 | Medium | 6.5 |
A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with ad…
|
— | Apr 1, 2026 |
| CVE-2026-20096 | Medium | 6.5 |
A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with ad…
|
— | Apr 1, 2026 |
| CVE-2025-36375 | Medium | 6.5 |
IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway 10.5.0 10.5.0.0 through 10.5.0.20 and I…
|
— | Apr 1, 2026 |
| CVE-2026-30522 | Medium | 6.5 |
A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to improper server-side validati…
|
⚡ Exploit | Apr 1, 2026 |
| CVE-2026-20042 | Medium | 6.5 |
A vulnerability in the configuration backup feature of Cisco Nexus Dashboard could allow an attacker who has the encrypt…
|
— | Apr 1, 2026 |
| CVE-2026-35000 | Medium | 6.5 |
ChangeDetection.io versions prior to 0.54.7 contain a protection bypass vulnerability in the SafeXPath3Parser implementa…
|
— | Apr 1, 2026 |
| CVE-2026-4668 | Medium | 6.5 |
The Booking for Appointments and Events Calendar - Amelia plugin for WordPress is vulnerable to SQL Injection via the `s…
|
— | Apr 1, 2026 |
| CVE-2026-20095 | Medium | 6.5 |
A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with ad…
|
— | Apr 1, 2026 |
| CVE-2025-13535 | Medium | 6.4 |
The King Addons for Elementor plugin for WordPress is vulnerable to multiple Contributor+ DOM-Based Stored Cross-Site Sc…
|
— | Apr 1, 2026 |
| CVE-2026-35057 | Medium | 6.4 |
XenForo before 2.3.10 and before 2.2.19 is vulnerable to stored cross-site scripting (XSS) in structured text mentions, …
|
⚡ Exploit | Apr 1, 2026 |
| CVE-2026-35054 | Medium | 6.4 |
XenForo before 2.3.9 is vulnerable to stored cross-site scripting (XSS) related to BB code rendering. An attacker can in…
|
— | Apr 1, 2026 |
| CVE-2025-66483 | Medium | 6.3 |
IBM Aspera Shares 1.9.9 through 1.11.0 does not invalidate session after a password reset which could allow an authentic…
|
— | Apr 1, 2026 |
| CVE-2026-1879 | Medium | 6.3 |
A vulnerability was detected in Harvard University IQSS Dataverse up to 6.8. This affects an unknown function of the fil…
|
— | Apr 1, 2026 |
| CVE-2024-58342 | Medium | 6.3 |
XenForo before 2.2.17 and 2.3.1 allows open redirect via a specially crafted URL. The getDynamicRedirect() function does…
|
— | Apr 1, 2026 |
| CVE-2026-5259 | Medium | 6.3 |
A vulnerability was determined in AutohomeCorp frostmourne up to 1.0. The affected element is an unknown function of the…
|
— | Apr 1, 2026 |
| CVE-2026-5248 | Medium | 6.3 |
A vulnerability has been found in gougucms 4.08.18. This affects the function reg_submit of the file gougucms-master\app…
|
— | Apr 1, 2026 |
| CVE-2026-5251 | Medium | 6.3 |
A vulnerability was identified in z-9527 admin 1.0/2.0. This impacts an unknown function of the file /server/routes/user…
|
— | Apr 1, 2026 |
| CVE-2025-71280 | Medium | 6.2 |
XenForo before 2.3.7 allows information disclosure via local account page caching on shared systems. On systems where mu…
|
— | Apr 1, 2026 |