| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-6443 | Essentialplugin Plugins (Various Versions) - Injected Backdoor | essentialplugin | Accordion and Accordion Slider | Critical | 9.8 | 2026-04-17 06:44:49 | Deep Dive |
| CVE-2026-1462 | Safe Mode Bypass in keras-team/keras | keras-team | keras-team/keras | 高危 | - | 2026-04-13 14:55:29 | Deep Dive |
| CVE-2026-28704 | EmoCheck 代码问题漏洞 | Japan Computer Emergency Response Team Coordination Center (JPCERT/CC) | Emocheck | - | - | 2026-04-10 05:50:00 | Deep Dive |
| CVE-2026-39987 | marimo Affected by Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass | marimo-team | marimo | - | - | 2026-04-09 17:16:56 | Deep Dive |
| CVE-2026-39705 | WordPress MIPL WC Multisite Sync plugin <= 1.4.4 - Broken Access Control vulnerability | Mulika Team | MIPL WC Multisite Sync | - | - | 2026-04-08 08:30:48 | Deep Dive |
| CVE-2026-39356 | SQL Injection via escapeName() in all Drizzle ORM SQL dialects | drizzle-team | drizzle-orm | High | 7.5 | 2026-04-07 19:58:46 | Deep Dive |
| CVE-2026-32562 | WordPress PPWP plugin <= 1.9.15 - Broken Access Control vulnerability | WP Folio Team | PPWP | 中危 | - | 2026-03-25 16:15:12 | Deep Dive |
| CVE-2026-32544 | WordPress OOPSpam Anti-Spam plugin <= 1.2.62 - Cross Site Scripting (XSS) vulnerability | OOPSpam Team | OOPSpam Anti-Spam | 中危 | - | 2026-03-25 16:15:12 | Deep Dive |
| CVE-2026-27039 | WordPress WZone plugin <= 14.0.31 - SQL Injection vulnerability | AA-Team | WZone | High | 8.5 | 2026-03-25 16:14:52 | Deep Dive |
| CVE-2026-27040 | WordPress WZone plugin <= 14.0.31 - Arbitrary File Deletion vulnerability | AA-Team | WZone | High | 8.8 | 2026-03-25 16:14:52 | Deep Dive |
| CVE-2026-25026 | WordPress Team plugin <= 5.0.11 - Broken Access Control vulnerability | RadiusTheme | Team | 中危 | - | 2026-03-25 16:14:38 | Deep Dive |
| CVE-2026-4733 | Information disclosure in ixray-1.6-stcop | ixray-team | ixray-1.6-stcop | Medium | 5.3 | 2026-03-24 02:52:46 | Deep Dive |
| CVE-2026-33634 | Trivy ecosystem supply chain briefly compromised | aquasecurity | setup-trivy | 高危 | - | 2026-03-23 21:47:30 | Deep Dive |
| CVE-2026-32396 | WordPress Team plugin <= 5.0.13 - Broken Access Control vulnerability | RadiusTheme | Team | 中危 | - | 2026-03-13 11:42:11 | Deep Dive |
| CVE-2026-32353 | WordPress MailerPress plugin <= 1.4.2 - Server Side Request Forgery (SSRF) vulnerability | MailerPress Team | MailerPress | 中危 | - | 2026-03-13 11:42:00 | Deep Dive |
| CVE-2018-25162 | 2-Plan Team 1.0.4 Arbitrary File Upload via managefile.php | 2-Plan | Plan Team | Medium | 6.5 | 2026-03-06 12:18:55 | Deep Dive |
| CVE-2026-28562 | wpForo Forum 2.4.14 SQL Injection via Topics ORDER BY Parameter | gVectors Team | wpForo Forum | High | 8.2 | 2026-02-28 21:47:42 | Deep Dive |
| CVE-2026-28561 | wpForo Forum 2.4.14 Stored XSS via Unescaped Forum Description in Templates | gVectors Team | wpForo Forum | Medium | 5.5 | 2026-02-28 21:47:41 | Deep Dive |
| CVE-2026-28560 | wpForo Forum 2.4.14 Stored XSS via Unsafe JSON Encoding in Inline Script | gVectors Team | wpForo Forum | Medium | 5.5 | 2026-02-28 21:47:40 | Deep Dive |
| CVE-2026-28559 | wpForo Forum 2.4.14 Information Disclosure via Global RSS Feed | gVectors Team | wpForo Forum | Medium | 5.3 | 2026-02-28 21:47:39 | Deep Dive |