🛡️ CVE Vulnerability Database

CVE vulnerabilities with bilingual AI analysis tailored for Saudi Arabia

CVE ID	Title / Description	Severity	CVSS	Status	Published
CVE-2026-34429	Vvveb prior to 1.0.8.1 contains a stored cross-site scripting vulnerability that allows authenticate…	MEDIUM	5.4	—	Apr 20, 2026
CVE-2026-3464	The WP Customer Area plugin for WordPress is vulnerable to arbitrary file read and deletion due to i…	HIGH	8.8	—	Apr 17, 2026
CVE-2026-40901	DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below shi…	HIGH	8.8	⚡	Apr 16, 2026
CVE-2026-20204	In Splunk Enterprise versions below 10.2.1, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform ve…	HIGH	7.1	—	Apr 15, 2026
CVE-2026-6227	The BackWPup plugin for WordPress is vulnerable to Local File Inclusion via the `block_name` paramet…	HIGH	7.2	—	Apr 14, 2026
CVE-2009-0238	Microsoft Office — CVE-2009-0238 Microsoft Office Excel contains a remote code execution vulnerabili…	CRITICAL	9.8	KEV AI	Apr 14, 2026
CVE-2026-40040	Pachno 1.0.6 contains an unrestricted file upload vulnerability that allows authenticated users to u…	HIGH	8.8	—	Apr 13, 2026
CVE-2023-21529	Microsoft Exchange Server — CVE-2023-21529 Microsoft Exchange Server contains a deserialization of u…	CRITICAL	9.8	KEV AI	Apr 13, 2026
CVE-2012-1854	Microsoft Visual Basic for Applications (VBA) — CVE-2012-1854 Microsoft Visual Basic for Application…	CRITICAL	9.8	KEV AI	Apr 13, 2026
CVE-2026-33704	Chamilo LMS is a learning management system. Prior to 1.11.38, any authenticated user (including stu…	HIGH	7.1	✅	Apr 10, 2026
CVE-2026-35639	OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the device.pair.approve m…	HIGH	8.8	—	Apr 9, 2026
CVE-2026-35632	OpenClaw through 2026.2.22 contains a symlink traversal vulnerability in agents.create and agents.up…	HIGH	7.1	⚡	Apr 9, 2026
CVE-2026-35625	OpenClaw before 2026.3.25 contains a privilege escalation vulnerability where silent local shared-au…	HIGH	7.8	—	Apr 9, 2026
CVE-2026-5436	The MW WP Form plugin for WordPress is vulnerable to Arbitrary File Move/Read in all versions up to …	HIGH	8.1	—	Apr 8, 2026
CVE-2026-4808	The Gerador de Certificados – DevApps plugin for WordPress is vulnerable to arbitrary file uploads d…	HIGH	7.2	—	Apr 8, 2026
CVE-2026-3243	The Advanced Members for ACF plugin for WordPress is vulnerable to arbitrary file deletion due to in…	HIGH	8.8	—	Apr 8, 2026
CVE-2026-1340	Ivanti Endpoint Manager Mobile (EPMM) — CVE-2026-1340 Ivanti Endpoint Manager Mobile (EPMM) contains…	CRITICAL	9.8	KEV AI	Apr 8, 2026
CVE-2026-30460	Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution (RCE…	HIGH	8.8	⚡	Apr 7, 2026
CVE-2026-22683	Windmill versions 1.56.0 through 1.614.0 contain a missing authorization vulnerability that allows u…	HIGH	8.8	—	Apr 7, 2026
CVE-2026-22666	Dolibarr ERP/CRM versions prior to 23.0.2 contain an authenticated remote code execution vulnerabili…	HIGH	7.2	—	Apr 7, 2026
CVE-2026-35029	LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.83.…	HIGH	8.8	—	Apr 6, 2026
CVE-2019-25671	VA MAX 8.3.4 contains a remote code execution vulnerability that allows authenticated attackers to e…	HIGH	8.8	—	Apr 5, 2026
CVE-2025-59710	An issue was discovered in Biztalk360 before 11.5. Because of incorrect access control, any user is …	HIGH	8.8	—	Apr 3, 2026
CVE-2026-4347	The MW WP Form plugin for WordPress is vulnerable to arbitrary fi… The MW WP Form plugin for WordPress is vulnerable to arbitrary file moving due to insufficient file …	HIGH	8.1	—	Apr 2, 2026
CVE-2026-35056	XenForo before 2.3.9 and before 2.2.18 allows remote code executi… XenForo before 2.3.9 and before 2.2.18 allows remote code execution (RCE) by authenticated, but mali…	HIGH	7.2	—	Apr 1, 2026

1 2 3…22 →

🤖 AI Analysis Active

AI analysis includes: Arabic description, Saudi impact assessment, remediation steps, compliance mapping (NCA ECC, SAMA CSF, ISO 27001) and MITRE ATT&CK techniques.

1,693 CVEs analyzed

🔴 Recent Critical CVEs

9.8

9.8

9.8