🛡️ CVE Intelligence Center
Common Vulnerabilities & Exposures — Security Intelligence Database
| CVE ID | Severity | CVSS | Description | Status | Published |
|---|---|---|---|---|---|
| CVE-2019-25578 | High | 8.2 |
phpTransformer 2016.9 contains an SQL injection vulnerability that allows remote attackers to execute arbitrary SQL quer…
|
⚡ Exploit | Mar 21, 2026 |
| CVE-2019-25580 | High | 8.2 |
ownDMS 4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL querie…
|
— | Mar 21, 2026 |
| CVE-2019-25581 | High | 8.2 |
i-doit CMDB 1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL …
|
⚡ Exploit | Mar 21, 2026 |
| CVE-2026-3629 | High | 8.1 |
The Import and export users and customers plugin for WordPress is vulnerable to privilege escalation in all versions up …
|
— | Mar 21, 2026 |
| CVE-2019-25552 | High | 7.5 |
CEWE PHOTO SHOW 6.4.3 contains a denial of service vulnerability that allows attackers to crash the application by submi…
|
— | Mar 21, 2026 |
| CVE-2019-25560 | High | 7.5 |
Lyric Video Creator 2.1 contains a denial of service vulnerability that allows attackers to crash the application by pro…
|
— | Mar 21, 2026 |
| CVE-2019-25579 | High | 7.5 |
phpTransformer 2016.9 contains a directory traversal vulnerability that allows unauthenticated attackers to access arbit…
|
⚡ Exploit | Mar 21, 2026 |
| CVE-2026-4528 | High | 7.3 |
A vulnerability was determined in trueleaf ApiFlow 0.9.7. The impacted element is the function validateUrlSecurity of th…
|
— | Mar 21, 2026 |
| CVE-2019-25573 | High | 7.1 |
Green CMS 2.x contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queri…
|
⚡ Exploit | Mar 21, 2026 |
| CVE-2026-4004 | Medium | 6.5 |
The Task Manager plugin for WordPress is vulnerable to arbitrary shortcode execution via the 'search' AJAX action in all…
|
— | Mar 21, 2026 |
| CVE-2019-25574 | Medium | 6.5 |
Green CMS 2.x contains a path traversal vulnerability that allows authenticated attackers to download arbitrary files an…
|
— | Mar 21, 2026 |
| CVE-2019-25582 | Medium | 6.5 |
i-doit CMDB 1.12 contains an arbitrary file download vulnerability that allows authenticated attackers to download sensi…
|
— | Mar 21, 2026 |
| CVE-2026-2720 | Medium | 6.5 |
The Hr Press Lite plugin for WordPress is vulnerable to unauthorized access of sensitive employee data due to a missing …
|
— | Mar 21, 2026 |
| CVE-2026-2503 | Medium | 6.5 |
The ElementCamp plugin for WordPress is vulnerable to time-based SQL Injection via the 'meta_query[compare]' parameter i…
|
— | Mar 21, 2026 |
| CVE-2026-2375 | Medium | 6.5 |
The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to Privilege Escalat…
|
— | Mar 21, 2026 |
| CVE-2026-4087 | Medium | 6.5 |
The Pre* Party Resource Hints plugin for WordPress is vulnerable to SQL Injection via the 'hint_ids' parameter of the pp…
|
— | Mar 21, 2026 |
| CVE-2026-32043 | Medium | 6.5 |
OpenClaw versions prior to 2026.2.25 contain a time-of-check-time-of-use vulnerability in approval-bound system.run exec…
|
— | Mar 21, 2026 |
| CVE-2026-32054 | Medium | 6.5 |
OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability in browser trace and download output path…
|
— | Mar 21, 2026 |
| CVE-2026-32053 | Medium | 6.5 |
OpenClaw versions prior to 2026.2.23 contain a vulnerability in Twilio webhook event deduplication where normalized even…
|
— | Mar 21, 2026 |
| CVE-2026-2351 | Medium | 6.5 |
The Task Manager plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.0.2 v…
|
— | Mar 21, 2026 |