| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-3153 | itsourcecode Document Management System register.php sql injection | itsourcecode | Document Management System | High | 7.3 | 2026-02-25 05:32:08 | Deep Dive |
| CVE-2026-3133 | itsourcecode Document Management System Login loging.php sql injection | itsourcecode | Document Management System | High | 7.3 | 2026-02-24 23:32:09 | Deep Dive |
| CVE-2026-3069 | itsourcecode Document Management System edtlbls.php sql injection | itsourcecode | Document Management System | High | 7.3 | 2026-02-24 04:02:08 | Deep Dive |
| CVE-2026-3068 | itsourcecode Document Management System deluser.php sql injection | itsourcecode | Document Management System | High | 7.3 | 2026-02-24 03:32:11 | Deep Dive |
| CVE-2024-31118 | WordPress SP Project & Document Manager plugin <= 4.70 - Broken Access Control to XSS vulnerability | Smartypants | SP Project & Document Manager | Medium | 6.5 | 2026-02-17 15:04:26 | Deep Dive |
| CVE-2026-24323 | Multiple vulnerabilities in BSP Applications of SAP Document Management System | SAP_SE | SAP Document Management System | Medium | 6.1 | 2026-02-10 03:04:12 | Deep Dive |
| CVE-2026-0505 | Multiple vulnerabilities in BSP Applications of SAP Document Management System | SAP_SE | SAP Document Management System | Medium | 6.1 | 2026-02-10 03:01:31 | Deep Dive |
| CVE-2025-15507 | Magic Import Document Extractor <= 1.0.5 - Missing Authorization to Unauthenticated Plugin License Status Modification | magicimport | Magic Import Document Extractor | Medium | 5.3 | 2026-02-04 08:25:31 | Deep Dive |
| CVE-2025-15508 | Magic Import Document Extractor <= 1.0.6 - Unauthenticated Sensitive Information Exposure | magicimport | Magic Import Document Extractor | Medium | 5.3 | 2026-02-04 08:25:31 | Deep Dive |
| CVE-2026-1389 | Document Embedder <= 2.0.4 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Document Library Entry Deletion | bplugins | Document Embedder – Embed PDFs, Word, Excel, and Other Files | Medium | 4.3 | 2026-01-28 07:27:35 | Deep Dive |
| CVE-2026-1514 | 2100 Technology|Official Document Management System - Incorrect Authorization | 2100 Technology | Official Document Management System | Medium | 6.5 | 2026-01-28 03:39:56 | Deep Dive |
| CVE-2025-14632 | Filr – Secure document library <= 1.2.11 - Authenticated (Administrator+) Stored Cross-Site Scripting via HTML Upload | wpchill | Filr – Secure document library | Medium | 4.4 | 2026-01-17 02:22:32 | Deep Dive |
| CVE-2022-50932 | Kyocera Command Center RX ECOSYS M2035dn - Directory Traversal File Disclosure (Unauthenticated) | KYOCERA Document Solutions | Kyocera Command Center RX | High | 7.5 | 2026-01-13 22:52:00 | Deep Dive |
| CVE-2025-68936 | ONLYOFFICE Docs 跨站脚本漏洞 | ONLYOFFICE | Document Server | Medium | 6.4 | 2025-12-25 20:07:56 | Deep Dive |
| CVE-2025-68935 | ONLYOFFICE Docs 跨站脚本漏洞 | ONLYOFFICE | Document Server | Medium | 6.4 | 2025-12-25 20:05:49 | Deep Dive |
| CVE-2025-68917 | ONLYOFFICE Docs 跨站脚本漏洞 | ONLYOFFICE | Document Server | Medium | 6.4 | 2025-12-24 20:19:25 | Deep Dive |
| CVE-2025-68585 | WordPress WP Document Revisions plugin <= 3.7.2 - Broken Access Control vulnerability | Ben Balter | WP Document Revisions | Low | 2.7 | 2025-12-24 13:10:42 | Deep Dive |
| CVE-2025-14633 | F70 Lead Document Download <= 1.4.4 - Missing Authorization to Unauthenticated Arbitrary Media File Download | niao70 | F70 Lead Document Download | Medium | 5.3 | 2025-12-20 03:20:23 | Deep Dive |
| CVE-2025-12885 | Embed Any Document <= 2.7.10 - Authenticated (Contributor+) Stored Cross-Site Scripting | awsmin | Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files | Medium | 6.4 | 2025-12-18 01:51:13 | Deep Dive |
| CVE-2025-67985 | WordPress Document Library Lite plugin <= 1.1.7 - Insecure Direct Object References (IDOR) vulnerability | Barn2 Plugins | Document Library Lite | Medium | 5.3 | 2025-12-16 08:12:59 | Deep Dive |