| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-40346 | NocoBase has SSRF in Workflow HTTP Request and Custom Request Plugins | nocobase | @nocobase/plugin-workflow-request | - | - | 2026-04-17 23:54:35 | Deep Dive |
| CVE-2016-20051 | Snews CMS 1.7 Cross-Site Request Forgery via changeup | Snewscms | Snews CMS Cross Site Request Forgery | Medium | 5.3 | 2026-04-04 13:50:57 | Deep Dive |
| CVE-2026-2718 | Dealia <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gutenberg Block Attributes | dealia | Dealia – Request a quote | Medium | 6.4 | 2026-02-19 09:26:36 | Deep Dive |
| CVE-2026-2504 | Dealia – Request a quote <= 1.0.7 - Missing Authorization to Authenticated (Contributor+) Plugin Configuration Reset | dealia | Dealia – Request a quote | Medium | 4.3 | 2026-02-19 04:36:23 | Deep Dive |
| CVE-2025-4521 | IDonate 2.1.5 - 2.1.9 - Missing Authorization to Authenticated (Subscriber+) Account Takeover/Privilege Escalation via idonate_donor_profile Function | themeatelier | IDonate – Blood Donation, Request And Donor Management System | High | 8.8 | 2026-02-19 04:36:12 | Deep Dive |
| CVE-2026-24366 | WordPress YITH WooCommerce Request A Quote plugin <= 2.46.0 - Broken Access Control vulnerability | YITHEMES | YITH WooCommerce Request A Quote | Medium | 5.3 | 2026-01-22 16:52:45 | Deep Dive |
| CVE-2025-61873 | Request Tracker 安全漏洞 | bestpractical | Request Tracker | Low | 2.6 | 2026-01-16 00:00:00 | Deep Dive |
| CVE-2025-64248 | WordPress Request a Quote plugin <= 2.5.3 - Broken Access Control vulnerability | emarket-design | Request a Quote | - | - | 2025-12-16 08:12:49 | Deep Dive |
| CVE-2020-36878 | ReQuest Serious Play F3 Media Player <= 3.0.0 Directory Traversal File Disclosure | ReQuest Serious Play LLC | ReQuest Serious Play Media Player | 中危 | - | 2025-12-05 17:17:38 | Deep Dive |
| CVE-2020-36877 | ReQuest Serious Play F3 Media Server <= 7.0.3 code execution | ReQuest Serious Play LLC | ReQuest Serious Play Pro | 中危 | - | 2025-12-05 17:16:50 | Deep Dive |
| CVE-2020-36876 | ReQuest Serious Play F3 Media Server <= 7.0.3 Debug Log Disclosure2020 | ReQuest Serious Play LLC | ReQuest Serious Play Pro | 中危 | - | 2025-12-05 17:13:39 | Deep Dive |
| CVE-2025-12634 | Refund Request for WooCommerce <= 1.0 - Missing Authorization to Authenticated (Subscriber+) Refund Status Update | sunarc | Refund Request for WooCommerce | Medium | 4.3 | 2025-11-25 07:28:27 | Deep Dive |
| CVE-2025-12877 | IDonate – Blood Donation, Request And Donor Management System <= 2.1.15 - Missing Authorization to Unauthenticated Arbitrary Post Deletion | faysal61 | IDonate – Blood Donation, Request And Donor Management System | Medium | 5.3 | 2025-11-22 07:29:20 | Deep Dive |
| CVE-2021-4465 | ReQuest Serious Play F3 Media Server <= 7.0.3 Remote DoS | ReQuest Serious Play LLC | ReQuest Serious Play Pro | 中危 | - | 2025-11-14 22:51:28 | Deep Dive |
| CVE-2025-4522 | IDonate 2.0.0 - 2.1.9 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Deletion via admin_post_donor_delete Function | themeatelier | IDonate – Blood Donation, Request And Donor Management System | Medium | 6.5 | 2025-11-07 04:28:55 | Deep Dive |
| CVE-2025-4519 | IDonate 2.1.5 - 2.1.9 - Missing Authorization to Authenticated (Subscriber+) Account Takeover/Privilege Escalation via idonate_donor_password Function | themeatelier | IDonate – Blood Donation, Request And Donor Management System | High | 8.8 | 2025-11-07 04:28:55 | Deep Dive |
| CVE-2025-9158 | Stored XSS in Request Tracker | Best Practical | Request Tracker | 中危 | - | 2025-10-24 06:00:11 | Deep Dive |
| CVE-2025-58915 | WordPress Request a Quote plugin <= 2.5.0 - Cross Site Scripting (XSS) vulnerability | emarket-design | Request a Quote | Medium | 6.5 | 2025-09-23 02:08:41 | Deep Dive |
| CVE-2025-9276 | Cockroach Labs cockroach-k8s-request-cert Empty Root Password Authentication Bypass Vulnerability | Cockroach Labs | cockroach-k8s-request-cert | 超危 | - | 2025-09-02 20:00:52 | Deep Dive |
| CVE-2025-57814 | request-filtering-agent SSRF Bypass via HTTPS Requests | azu | request-filtering-agent | - | - | 2025-08-25 21:48:10 | Deep Dive |