| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-22567 | ZIA Admin UI Input Validation Bug | Zscaler | ZIA Admin UI | High | 7.6 | 2026-02-23 16:13:33 | Deep Dive |
| CVE-2026-22568 | Unauthorized information retrieval in ZIA Admin UI | Zscaler | ZIA Admin UI | Medium | 5.5 | 2026-02-23 16:12:53 | Deep Dive |
| CVE-2026-2957 | qinming99 dst-admin File BackupController.java deleteBackup denial of service | qinming99 | dst-admin | Medium | 5.4 | 2026-02-22 23:02:43 | Deep Dive |
| CVE-2026-2956 | qinming99 dst-admin restore revertBackup command injection | qinming99 | dst-admin | Medium | 6.3 | 2026-02-22 22:02:42 | Deep Dive |
| CVE-2026-2665 | huanzi-qch base-admin JSP Parser SysFileController.java upload unrestricted upload | huanzi-qch | base-admin | Medium | 6.3 | 2026-02-18 20:02:08 | Deep Dive |
| CVE-2026-2663 | Alixhan xh-admin-backend Database Query query sql injection | Alixhan | xh-admin-backend | Medium | 6.3 | 2026-02-18 19:32:09 | Deep Dive |
| CVE-2026-26119 | Windows Admin Center Elevation of Privilege Vulnerability | Microsoft | Windows Admin Center | High | 8.8 | 2026-02-17 22:56:04 | Deep Dive |
| CVE-2026-25011 | WordPress WP Custom Admin Interface plugin <= 7.41 - Broken Access Control vulnerability | Northern Beaches Websites | WP Custom Admin Interface | - | - | 2026-02-03 14:08:39 | Deep Dive |
| CVE-2026-1680 | Local Privilege Escalation in Local Admin Service | Edgemo (Danoffice IT) | Local Admin Service | - | - | 2026-01-30 06:00:31 | Deep Dive |
| CVE-2026-1060 | WP Adminify <= 4.0.7.7 - Unauthenticated Sensitive Information Exposure via 'get-addons-list' REST API | litonice13 | WP Adminify – White Label WordPress, Admin Menu Editor, Login Customizer | Medium | 5.3 | 2026-01-28 14:25:12 | Deep Dive |
| CVE-2020-36955 | Grav CMS 1.6.30 Admin Plugin 1.9.18 - 'Page Title' Persistent Cross-Site Scripting | Getgrav | Grav CMS Admin Plugin | Medium | 6.4 | 2026-01-26 17:42:45 | Deep Dive |
| CVE-2026-24578 | WordPress Admin login URL Change plugin <= 1.1.5 - Broken Access Control vulnerability | Jahid Hasan | Admin login URL Change | Medium | 4.3 | 2026-01-23 14:28:59 | Deep Dive |
| CVE-2026-0682 | Church Admin <= 5.0.28 - Authenticated (Administrator+) Blind Server-Side Request Forgery via 'audio_url' Parameter | andy_moyle | Church Admin | Low | 2.2 | 2026-01-17 03:24:24 | Deep Dive |
| CVE-2022-50894 | VIAVIWEB Wallpaper Admin 1.0 SQL Injection via edit_gallery_image.php | VIAVIWEB | VIAVIWEB Wallpaper Admin | Medium | 6.5 | 2026-01-13 22:56:21 | Deep Dive |
| CVE-2022-50893 | VIAVIWEB Wallpaper Admin 1.0 - Code Execution via Image Upload | VIAVIWEB | VIAVIWEB Wallpaper Admin | Critical | 9.8 | 2026-01-13 22:56:15 | Deep Dive |
| CVE-2022-50892 | VIAVIWEB Wallpaper Admin 1.0 - SQL Injection via Login Page | VIAVIWEB | VIAVIWEB Wallpaper Admin | High | 8.2 | 2026-01-13 22:56:09 | Deep Dive |
| CVE-2026-20965 | Windows Admin Center Elevation of Privilege Vulnerability | Microsoft | Windows Admin Center in Azure Portal | High | 7.5 | 2026-01-13 17:56:07 | Deep Dive |
| CVE-2026-22786 | Gin-vue-admin has arbitrary file upload vulnerability caused by path traversal | flipped-aurora | gin-vue-admin | - | - | 2026-01-12 21:09:02 | Deep Dive |
| CVE-2025-14741 | Frontend Admin by DynamiApps <= 3.28.25 - Missing Authorization to Unauthenticated Arbitrary Data Deletion via 'delete post' Form Element | shabti | Frontend Admin by DynamiApps | Critical | 9.1 | 2026-01-09 07:22:11 | Deep Dive |
| CVE-2025-14937 | Frontend Admin by DynamiApps <= 3.28.23 - Unauthenticated Stored Cross-Site Scripting via 'update_field' | shabti | Frontend Admin by DynamiApps | High | 7.2 | 2026-01-09 07:22:10 | Deep Dive |