🛡️ CVE Intelligence Center
Common Vulnerabilities & Exposures — Security Intelligence Database
| CVE ID | Severity | CVSS | Description | Status | Published |
|---|---|---|---|---|---|
| CVE-2026-20976 | High | 7.8 |
Improper input validation in Galaxy Store prior to version 4.6.02 allows local attacker to execute arbitrary script.
|
✅ Patch | Jan 9, 2026 |
| CVE-2025-66049 | High | 7.5 |
Vivotek IP7137 camera with firmware version 0200a is vulnerable to an information disclosure issue where live camera foo…
|
✅ Patch | Jan 9, 2026 |
| CVE-2025-14657 | High | 7.2 |
The Eventin – Event Manager, Events Calendar, Event Tickets and Registrations plugin for WordPress is vulnerable to unau…
|
✅ Patch | Jan 9, 2026 |
| CVE-2025-14937 | High | 7.2 |
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'acff' parame…
|
✅ Patch | Jan 9, 2026 |
| CVE-2025-15055 | High | 7.2 |
The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'notes' and 'resource' …
|
✅ Patch | Jan 9, 2026 |
| CVE-2025-15057 | High | 7.2 |
The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `fh` (fingerprint) para…
|
✅ Patch | Jan 9, 2026 |
| CVE-2025-66052 | High | 7.2 |
Vivotek IP7137 camera with firmware version 0200a is vulnerable to command injection. Parameter "system_ntpIt" used by "…
|
✅ Patch | Jan 9, 2026 |
| CVE-2019-25289 | High | 8.8 |
SmartLiving SmartLAN <=6.x contains an authenticated remote command injection vulnerability in the web.cgi binary throug…
|
✅ Patch | Jan 8, 2026 |
| CVE-2026-22042 | High | 8.8 |
RustFS is a distributed object storage system built in Rust. Prior to version 1.0.0-alpha.79, he `ImportIam` admin API v…
|
⚡ Exploit ✅ Patch | Jan 8, 2026 |
| CVE-2019-25231 | High | 8.4 |
devolo dLAN Cockpit 4.3.1 contains an unquoted service path vulnerability in the 'DevoloNetworkService' that allows loca…
|
✅ Patch | Jan 8, 2026 |
| CVE-2026-22035 | High | 7.7 |
Greenshot is an open source Windows screenshot utility. Versions 1.3.310 and below arvulnerable to OS Command Injection …
|
⚡ Exploit ✅ Patch | Jan 8, 2026 |
| CVE-2019-25279 | High | 7.5 |
FaceSentry Access Control System 6.4.8 contains a cleartext password storage vulnerability that allows attackers to acce…
|
⚡ Exploit ✅ Patch | Jan 8, 2026 |
| CVE-2019-25291 | High | 7.5 |
INIM Electronics Smartliving SmartLAN/G/SI <=6.x contains hard-coded credentials in its Linux distribution image that ca…
|
✅ Patch | Jan 8, 2026 |
| CVE-2025-68151 | High | 7.5 |
CoreDNS is a DNS server that chains plugins. Prior to version 1.14.0, multiple CoreDNS server implementations (gRPC, HTT…
|
✅ Patch | Jan 8, 2026 |
| CVE-2026-22245 | High | 7.5 |
Mastodon is a free, open-source social network server based on ActivityPub. By nature, Mastodon performs a lot of outbou…
|
✅ Patch | Jan 8, 2026 |
| CVE-2025-14436 | High | 7.2 |
The Brevo for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘user_connection_id’…
|
✅ Patch | Jan 8, 2026 |
| CVE-2026-22241 | High | 7.2 |
The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, …
|
⚡ Exploit ✅ Patch | Jan 8, 2026 |
| CVE-2026-22244 | High | 7.2 |
OpenMetadata is a unified metadata platform. Versions prior to 1.11.4 are vulnerable to remote code execution via Server…
|
⚡ Exploit ✅ Patch | Jan 8, 2026 |
| CVE-2025-15158 | High | 8.8 |
The WP Enable WebP plugin for WordPress is vulnerable to arbitrary file uploads due to improper file type validation in …
|
✅ Patch | Jan 7, 2026 |
| CVE-2025-13371 | High | 8.6 |
The MoneySpace plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including…
|
✅ Patch | Jan 7, 2026 |