🛡️ CVE Intelligence Center
Common Vulnerabilities & Exposures — Security Intelligence Database
| CVE ID | Severity | CVSS | Description | Status | Published |
|---|---|---|---|---|---|
| CVE-2026-4999 | Medium | 6.3 |
A security vulnerability has been detected in z-9527 admin up to 72aaf2dd05cf4ec2e98f390668b41e128eec5ad2. This issue af…
|
— | Mar 28, 2026 |
| CVE-2026-2595 | Medium | 5.4 |
The Quads Ads Manager for Google AdSense plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions u…
|
— | Mar 28, 2026 |
| CVE-2026-5014 | Medium | 5.3 |
A vulnerability was found in elecV2 elecV2P up to 3.8.3. The affected element is the function path.join of the file /log…
|
— | Mar 28, 2026 |
| CVE-2026-2442 | Medium | 5.3 |
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Improper Neutralizatio…
|
— | Mar 28, 2026 |
| CVE-2026-5007 | Medium | 5.3 |
A vulnerability was identified in kazuph mcp-docs-rag up to 0.5.0. Affected is the function cloneRepository of the file …
|
— | Mar 28, 2026 |
| CVE-2026-5003 | Medium | 5.3 |
A vulnerability was found in PromtEngineer localGPT up to 4d41c7d1713b16b216d8e062e51a5dd88b20b054. This affects the fun…
|
— | Mar 28, 2026 |
| CVE-2026-4997 | Medium | 5.3 |
A security flaw has been discovered in Sinaptik AI PandasAI up to 3.0.0. This affects the function is_sql_query_safe of …
|
— | Mar 28, 2026 |
| CVE-2026-5013 | Medium | 5.3 |
A vulnerability has been found in elecV2 elecV2P up to 3.8.3. Impacted is the function path.join of the file /store/:key…
|
— | Mar 28, 2026 |
| CVE-2025-53521 | Critical | 9.8 |
F5 BIG-IP — CVE-2025-53521
F5 BIG-IP APM contains a stack-based buffer overflow vulnerability that could allow a threat …
|
— | Mar 27, 2026 |
| CVE-2026-33757 | Critical | 9.6 |
OpenBao is an open source identity-based secrets management system. Prior to version 2.5.2, OpenBao does not prompt for …
|
✅ Patch | Mar 27, 2026 |
| CVE-2026-33767 | High | 8.8 |
WWBN AVideo is an open source video platform. In versions up to and including 26.0, in `objects/like.php`, the `getLike(…
|
⚡ Exploit ✅ Patch | Mar 27, 2026 |
| CVE-2026-33735 | High | 8.8 |
MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.69, an authorization bypas…
|
⚡ Exploit ✅ Patch | Mar 27, 2026 |
| CVE-2026-4906 | High | 8.8 |
A vulnerability was determined in Tenda AC5 15.03.06.47. The affected element is the function decodePwd of the file /gof…
|
⚡ Exploit | Mar 27, 2026 |
| CVE-2026-4974 | High | 8.8 |
A flaw has been found in Tenda AC7 15.03.06.44. Affected by this issue is the function fromSetSysTime of the file /gofor…
|
⚡ Exploit | Mar 27, 2026 |
| CVE-2026-4975 | High | 8.8 |
A vulnerability has been found in Tenda AC15 15.03.05.19. This affects the function formSetCfm of the file /goform/setcf…
|
⚡ Exploit | Mar 27, 2026 |
| CVE-2026-34386 | High | 8.8 |
Fleet is open source device management software. Prior to 4.81.0, a SQL injection vulnerability in Fleet's MDM bootstrap…
|
— | Mar 27, 2026 |
| CVE-2026-4904 | High | 8.8 |
A vulnerability has been found in Tenda AC5 15.03.06.47. This issue affects the function formSetCfm of the file /goform/…
|
⚡ Exploit | Mar 27, 2026 |
| CVE-2026-4905 | High | 8.8 |
A vulnerability was found in Tenda AC5 15.03.06.47. Impacted is the function formWifiWpsOOB of the file /goform/WifiWpsO…
|
⚡ Exploit | Mar 27, 2026 |
| CVE-2026-26060 | High | 8.8 |
Fleet is open source device management software. Prior to 4.81.0, a vulnerability in Fleet’s password management logic c…
|
— | Mar 27, 2026 |
| CVE-2026-25099 | High | 8.8 |
Bludit’s API plugin allows an authenticated attacker with a valid API token to upload files of any type and extension wi…
|
— | Mar 27, 2026 |