🛡️ CVE Vulnerability Database
CVE vulnerabilities with bilingual AI analysis tailored for Saudi Arabia
| CVE ID | Title / Description | Severity | CVSS | Status | Published |
|---|---|---|---|---|---|
| CVE-2026-40901 |
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below shi…
|
HIGH |
8.8
|
⚡ | Apr 16, 2026 |
| CVE-2026-35632 |
OpenClaw through 2026.2.22 contains a symlink traversal vulnerability in agents.create and agents.up…
|
HIGH |
7.1
|
⚡ | Apr 9, 2026 |
| CVE-2026-30460 |
Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution (RCE…
|
HIGH |
8.8
|
⚡ | Apr 7, 2026 |
| CVE-2026-34545 |
OpenEXR provides the specification and reference implementation of the EXR file format, an image sto…
|
HIGH |
7.3
|
⚡ ✅ | Apr 1, 2026 |
| CVE-2026-0522 |
A local file inclusion vulnerability in the upload/download flow of the VertiGIS FM application allo…
|
HIGH |
8.8
|
⚡ | Apr 1, 2026 |
| CVE-2026-34585 |
SiYuan is a personal knowledge management system. Prior to versio…
SiYuan is a personal knowledge management system. Prior to version 3.6.2, a vulnerability allows cra…
|
HIGH |
8.6
|
⚡ | Mar 31, 2026 |
| CVE-2026-33028 |
Nginx UI is a web user interface for the Nginx web server. Prior …
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, the nginx-ui appl…
|
HIGH |
7.5
|
⚡ | Mar 30, 2026 |
| CVE-2026-0560 |
A Server-Side Request Forgery (SSRF) vulnerability exists in pari…
A Server-Side Request Forgery (SSRF) vulnerability exists in parisneo/lollms versions prior to 2.2.0…
|
HIGH |
7.5
|
⚡ ✅ | Mar 29, 2026 |
| CVE-2026-33509 |
pyLoad is a free and open-source download manager written in Pyth…
pyLoad is a free and open-source download manager written in Python. From version 0.4.0 to before ve…
|
HIGH |
7.5
|
⚡ | Mar 24, 2026 |
| CVE-2026-33336 |
Vikunja is an open-source self-hosted task management platform. S…
Vikunja is an open-source self-hosted task management platform. Starting in version 0.21.0 and prior…
|
HIGH |
8.8
|
⚡ | Mar 24, 2026 |
| CVE-2026-33157 |
Craft CMS is a content management system (CMS). From version 5.6.…
Craft CMS is a content management system (CMS). From version 5.6.0 to before version 5.9.13, a Remot…
|
HIGH |
7.2
|
⚡ ✅ | Mar 24, 2026 |
| CVE-2019-25647 |
PhreeBooks ERP 5.2.3 contains a remote code execution vulnerabili…
PhreeBooks ERP 5.2.3 contains a remote code execution vulnerability in the image manager that allows…
|
HIGH |
8.8
|
⚡ | Mar 24, 2026 |
| CVE-2026-22719 |
VMware Aria Operations contains a command injection vulnerability…
VMware Aria Operations contains a command injection vulnerability. A malicious unauthenticated actor…
|
HIGH |
8.1
|
⚡ ✅ KEV | Feb 25, 2026 |
| CVE-2026-25924 |
Kanboard is project management software focused on Kanban methodo…
Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, a security c…
|
HIGH |
8.4
|
⚡ ✅ | Feb 11, 2026 |
| CVE-2026-25498 |
Craft is a platform for creating digital experiences. In versions…
Craft is a platform for creating digital experiences. In versions 4.0.0-RC1 through 4.16.17 and 5.0.…
|
HIGH |
7.2
|
⚡ ✅ | Feb 9, 2026 |
| CVE-2026-25512 |
Group-Office is an enterprise customer relationship management an…
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions…
|
HIGH |
8.8
|
⚡ ✅ | Feb 4, 2026 |
| CVE-2020-37113 |
GUnet OpenEclass 1.7.3 allows authenticated users to bypass file …
GUnet OpenEclass 1.7.3 allows authenticated users to bypass file extension restrictions when uploadi…
|
HIGH |
8.8
|
⚡ ✅ | Feb 3, 2026 |
| CVE-2020-37084 |
School ERP Pro 1.0 contains a remote code execution vulnerability…
School ERP Pro 1.0 contains a remote code execution vulnerability that allows authenticated admin us…
|
HIGH |
7.2
|
⚡ ✅ | Feb 3, 2026 |
| CVE-2026-25134 |
Group-Office is an enterprise customer relationship management an…
Group-Office is an enterprise customer relationship management and groupware tool. Prior to 6.8.150,…
|
HIGH |
8.8
|
⚡ ✅ | Feb 2, 2026 |
| CVE-2020-37032 |
Wing FTP Server 6.3.8 contains a remote code execution vulnerabil…
Wing FTP Server 6.3.8 contains a remote code execution vulnerability in its Lua-based web console th…
|
HIGH |
8.8
|
⚡ ✅ | Jan 30, 2026 |
| CVE-2026-25116 |
Runtipi is a personal homeserver orchestrator. Starting in versio…
Runtipi is a personal homeserver orchestrator. Starting in version 4.5.0 and prior to version 4.7.2,…
|
HIGH |
7.6
|
⚡ ✅ | Jan 29, 2026 |
| CVE-2026-24780 |
AutoGPT is a platform that allows users to create, deploy, and ma…
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intellig…
|
HIGH |
8.8
|
⚡ ✅ | Jan 29, 2026 |
| CVE-2021-47794 |
ZesleCP 3.1.9 contains an authenticated remote code execution vul…
ZesleCP 3.1.9 contains an authenticated remote code execution vulnerability that allows attackers to…
|
HIGH |
8.8
|
⚡ ✅ | Jan 16, 2026 |
| CVE-2021-47758 |
Chikitsa Patient Management System 2.0.2 contains an authenticate…
Chikitsa Patient Management System 2.0.2 contains an authenticated remote code execution vulnerabili…
|
HIGH |
8.8
|
⚡ ✅ | Jan 15, 2026 |
| CVE-2021-47757 |
Chikitsa Patient Management System 2.0.2 contains an authenticate…
Chikitsa Patient Management System 2.0.2 contains an authenticated remote code execution vulnerabili…
|
HIGH |
8.8
|
⚡ ✅ | Jan 15, 2026 |
🤖 AI Analysis Active
AI analysis includes: Arabic description, Saudi impact assessment, remediation steps, compliance mapping (NCA ECC, SAMA CSF, ISO 27001) and MITRE ATT&CK techniques.
🔴 Recent Critical CVEs
CVE-2026-20133
Apr 20, 2026
CVE-2026-20128
Apr 20, 2026
CVE-2026-20122
Apr 20, 2026
CVE-2025-48700
Apr 20, 2026
CVE-2025-32975
Apr 20, 2026
💡 Search Tips
CVE-2024-12345
Search by exact ID
apache
Search by product name
remote code execution
Search by vulnerability type
log4j
Search by common name
📡 Data Sources
NVD (NIST) · CIRCL
CISA KEV · ThreatFox
Feodo Tracker · AlienVault OTX
Auto-updated daily via cron