🛡️ CVE Intelligence Center
Common Vulnerabilities & Exposures — Security Intelligence Database
| CVE ID | Severity | CVSS | Description | Status | Published |
|---|---|---|---|---|---|
| CVE-2024-58342 | Medium | 6.3 |
XenForo before 2.2.17 and 2.3.1 allows open redirect via a specially crafted URL. The getDynamicRedirect() function does…
|
— | Apr 1, 2026 |
| CVE-2025-71280 | Medium | 6.2 |
XenForo before 2.3.7 allows information disclosure via local account page caching on shared systems. On systems where mu…
|
— | Apr 1, 2026 |
| CVE-2026-35055 | Medium | 6.1 |
XenForo before 2.3.9 and before 2.2.18 is vulnerable to cross-site scripting (XSS) related to lightbox usage in posts. A…
|
— | Apr 1, 2026 |
| CVE-2026-20085 | Medium | 6.1 |
A vulnerability in the web-based management interface of Cisco IMC could allow an unauthenticated, remote attacker to co…
|
— | Apr 1, 2026 |
| CVE-2026-20041 | Medium | 6.1 |
A vulnerability in Cisco Nexus Dashboard and Cisco Nexus Dashboard Insights could allow an unauthenticated, remote attac…
|
— | Apr 1, 2026 |
| CVE-2026-3877 | Medium | 6.1 |
A reflected cross-site scripting (XSS) vulnerability in the dashboard search functionality of the VertiGIS FM solution a…
|
⚡ Exploit | Apr 1, 2026 |
| CVE-2025-13916 | Medium | 5.9 |
IBM Aspera Shares 1.9.9 through 1.11.0 uses weaker than expected cryptographic algorithms that could allow an attacker t…
|
— | Apr 1, 2026 |
| CVE-2025-66484 | Medium | 5.5 |
IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to …
|
— | Apr 1, 2026 |
| CVE-2026-4364 | Medium | 5.4 |
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 …
|
— | Apr 1, 2026 |
| CVE-2025-66485 | Medium | 5.4 |
IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTTP header injection, caused by improper validation of input by…
|
— | Apr 1, 2026 |
| CVE-2026-5311 | Medium | 5.3 |
A security flaw has been discovered in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-32…
|
— | Apr 1, 2026 |
| CVE-2026-1491 | Medium | 5.3 |
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 …
|
— | Apr 1, 2026 |
| CVE-2026-2862 | Medium | 5.3 |
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 …
|
— | Apr 1, 2026 |
| CVE-2026-34510 | Medium | 5.3 |
OpenClaw before 2026.3.22 contains a path traversal vulnerability in Windows media loaders that accepts remote-host file…
|
— | Apr 1, 2026 |
| CVE-2026-34999 | Medium | 5.3 |
OpenViking versions 0.2.5 prior to 0.2.14 contain a missing authentication vulnerability in the bot proxy router that al…
|
— | Apr 1, 2026 |
| CVE-2026-5312 | Medium | 5.3 |
A weakness has been identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, D…
|
— | Apr 1, 2026 |
| CVE-2026-21861 | Critical | 9.1 |
baserCMS is a website development framework. Prior to version 5.2.3, baserCMS contains an OS command injection vulnerabi…
|
⚡ Exploit | Mar 31, 2026 |
| CVE-2026-30877 | Critical | 9.1 |
baserCMS is a website development framework. Prior to version 5.2.3, there is an OS command injection vulnerability in t…
|
— | Mar 31, 2026 |
| CVE-2026-5156 | High | 8.8 |
A vulnerability was determined in Tenda CH22 1.0.0.1. This impacts the function formQuickIndex of the file /goform/Quick…
|
⚡ Exploit | Mar 31, 2026 |
| CVE-2026-5204 | High | 8.8 |
A vulnerability was determined in Tenda CH22 1.0.0.1. Affected is the function formWebTypeLibrary of the file /goform/we…
|
⚡ Exploit | Mar 31, 2026 |