| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-24993 | WordPress Advanced WooCommerce Product Sales Reporting plugin <= 4.1.3 - SQL Injection vulnerability | WPFactory | Advanced WooCommerce Product Sales Reporting | Critical | 9.3 | 2026-03-25 16:14:36 | Deep Dive |
| CVE-2026-2432 | CM Custom Reports <= 1.2.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Labels | creativemindssolutions | CM Custom Reports – Flexible reporting to track what matters most | Medium | 4.4 | 2026-03-20 08:25:59 | Deep Dive |
| CVE-2026-4396 | Devolutions Hub Reporting Service 安全漏洞 | Devolutions | Hub Reporting Service | 高危 | - | 2026-03-18 19:41:35 | Deep Dive |
| CVE-2025-11739 | Schneider Electric EcoStruxure Power Monitoring Expert和Schneider Electric EcoStruxure Power Operation(Schneider Electric EPO) 代码问题漏洞 | Schneider Electric | EcoStruxure™ Power Monitoring Expert (PME) | - | - | 2026-03-10 12:25:15 | Deep Dive |
| CVE-2026-2431 | CM Custom Reports <= 1.2.7 - Reflected Cross-Site Scripting via 'date_from' and 'date_to' Parameters | creativemindssolutions | CM Custom Reports – Flexible reporting to track what matters most | Medium | 6.1 | 2026-03-07 01:21:25 | Deep Dive |
| CVE-2026-28287 | FreePBX: Authenticated Remote Code Execution via Recordings Module AJAX Endpoints | FreePBX | security-reporting | 高危 | - | 2026-03-05 18:25:55 | Deep Dive |
| CVE-2026-28284 | FreePBX: Authenticated SQL Injection Vulnerabilities in FreePBX Logfiles Module | FreePBX | security-reporting | 高危 | - | 2026-03-05 18:24:51 | Deep Dive |
| CVE-2026-28210 | FreePBX: Authenticated SQL Injection in CDR (Call Data Record) Reports | FreePBX | security-reporting | 高危 | - | 2026-03-05 18:24:06 | Deep Dive |
| CVE-2026-28209 | FreePBX: Command Injection leading to Remote Code Execution in FreePBX ElevenLabs Text-to-Speech integration | FreePBX | security-reporting | 高危 | - | 2026-03-05 18:22:39 | Deep Dive |
| CVE-2025-2134 | IBM Jazz Reporting Service Denial of Service | IBM | Jazz Reporting Service | Low | 3.5 | 2026-02-04 21:07:26 | Deep Dive |
| CVE-2025-27550 | IBM Jazz Reporting Service Information Disclosure | IBM | Jazz Reporting Service | Low | 3.5 | 2026-02-04 21:07:21 | Deep Dive |
| CVE-2025-1823 | IBM Jazz Reporting Service Denial of Service | IBM | Jazz Reporting Service | Low | 3.5 | 2026-02-04 21:07:18 | Deep Dive |
| CVE-2026-24992 | WordPress Advanced WooCommerce Product Sales Reporting plugin <= 4.1.2 - Sensitive Data Exposure vulnerability | WPFactory | Advanced WooCommerce Product Sales Reporting | - | - | 2026-02-03 14:08:37 | Deep Dive |
| CVE-2025-62957 | WordPress NikanWP WooCommerce Reporting plugin <= 1.0.0 - Cross Site Request Forgery (CSRF) vulnerability | NikanWP | NikanWP WooCommerce Reporting | High | 7.1 | 2025-10-27 01:34:11 | Deep Dive |
| CVE-2025-40696 | Cross Site Scripting in PHPGurukul Online Fire Reporting System | PHPGurukul | Online Fire Reporting System | - | - | 2025-09-11 11:49:53 | Deep Dive |
| CVE-2025-40695 | Cross Site Scripting in PHPGurukul Online Fire Reporting System | PHPGurukul | Online Fire Reporting System | - | - | 2025-09-11 11:46:40 | Deep Dive |
| CVE-2025-40694 | Cross Site Scripting in PHPGurukul Online Fire Reporting System | PHPGurukul | Online Fire Reporting System | - | - | 2025-09-11 11:40:56 | Deep Dive |
| CVE-2025-40693 | Cross Site Scripting in PHPGurukul Online Fire Reporting System | PHPGurukul | Online Fire Reporting System | - | - | 2025-09-11 11:36:39 | Deep Dive |
| CVE-2025-40692 | SQL injection in PHPGurukul Online Fire Reporting System | PHPGurukul | Online Fire Reporting System | - | - | 2025-09-11 11:27:29 | Deep Dive |
| CVE-2025-40691 | SQL injection in PHPGurukul Online Fire Reporting System | PHPGurukul | Online Fire Reporting System | - | - | 2025-09-11 11:25:36 | Deep Dive |