| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-28558 | wpForo Forum 2.4.14 Stored XSS via SVG Avatar File Upload | gVectors Team | wpForo Forum | Medium | 6.4 | 2026-02-28 21:47:38 | Deep Dive |
| CVE-2026-28557 | wpForo Forum 2.4.14 Privilege Escalation via Role Synchronization Handler | gVectors Team | wpForo Forum | Medium | 6.5 | 2026-02-28 21:47:37 | Deep Dive |
| CVE-2026-28556 | wpForo Forum 2.4.14 Missing Authorization via Topic Management Form Handlers | gVectors Team | wpForo Forum | Medium | 5.4 | 2026-02-28 21:47:36 | Deep Dive |
| CVE-2026-28555 | wpForo Forum 2.4.14 Missing Authorization via Topic Close AJAX Handler | gVectors Team | wpForo Forum | Medium | 4.3 | 2026-02-28 21:47:36 | Deep Dive |
| CVE-2026-28554 | wpForo Forum 2.4.14 Missing Authorization via Post Approval AJAX Handler | gVectors Team | wpForo Forum | Medium | 4.3 | 2026-02-28 21:47:34 | Deep Dive |
| CVE-2026-27793 | Seerr has Broken Object-Level Authorization in User Profile Endpoint that Exposes Third-Party Notification Credentials | seerr-team | seerr | Medium | 6.5 | 2026-02-27 19:38:50 | Deep Dive |
| CVE-2026-27792 | Seerr missing authentication on pushSubscription endpoints | seerr-team | seerr | Medium | 5.4 | 2026-02-27 19:33:18 | Deep Dive |
| CVE-2026-27707 | Plex-configured Seerr instances vulnerable to unauthenticated account registration via Jellyfin authentication endpoint | seerr-team | seerr | High | 7.3 | 2026-02-27 19:29:19 | Deep Dive |
| CVE-2026-25473 | WordPress WZone plugin <= 14.0.31 - Broken Access Control vulnerability | AA-Team | WZone | - | - | 2026-02-19 08:27:09 | Deep Dive |
| CVE-2026-25318 | WordPress WiserReview Product Reviews for WooCommerce plugin <= 2.9 - Broken Access Control vulnerability | Wisernotify team | WiserReview Product Reviews for WooCommerce | - | - | 2026-02-19 08:26:55 | Deep Dive |
| CVE-2026-2495 | WPNakama <= 0.6.5 - Unauthenticated SQL Injection via 'order' REST API Parameter | qdonow | WPNakama – Team and multi-Client Collaboration, Editorial and Project Management | High | 7.5 | 2026-02-18 08:26:04 | Deep Dive |
| CVE-2019-25308 | Mikogo 5.2.2.150317 - 'Mikogo-Service' Unquoted Service Path | LiteManager Team | Mikogo | High | 7.8 | 2026-02-11 14:56:51 | Deep Dive |
| CVE-2020-37134 | UltraVNC Viewer 1.2.4.0 - 'VNCServer' Denial of Service | UltraVNC Team | UltraVNC Viewer | High | 7.5 | 2026-02-05 16:13:37 | Deep Dive |
| CVE-2020-37132 | UltraVNC Launcher 1.2.4.0 - 'Password' Denial of Service | UltraVNC Team | UltraVNC Launcher | Medium | 6.2 | 2026-02-05 16:13:36 | Deep Dive |
| CVE-2020-37133 | UltraVNC Launcher 1.2.4.0 - 'RepeaterHost' Denial of Service | UltraVNC Team | UltraVNC Launcher | High | 7.5 | 2026-02-05 16:13:36 | Deep Dive |
| CVE-2026-24870 | Information disclosure in ixray-1.6-stcop | ixray-team | ixray-1.6-stcop | Low | 3.7 | 2026-01-27 15:47:13 | Deep Dive |
| CVE-2026-24832 | Out-of-bounds write in ixray-1.6-stcop | ixray-team | ixray-1.6-stcop | Critical | 9.8 | 2026-01-27 15:43:53 | Deep Dive |
| CVE-2026-24831 | Infinite loop (DoS) in ixray-1.6-stcop | ixray-team | ixray-1.6-stcop | High | 7.5 | 2026-01-27 15:40:51 | Deep Dive |
| CVE-2021-47888 | Textpattern 4.8.3 - Remote code execution | The Textpattern Development Team | Textpattern | High | 8.8 | 2026-01-23 16:47:35 | Deep Dive |
| CVE-2026-24593 | WordPress AWP Classifieds plugin <= 4.4.3 - Sensitive Data Exposure vulnerability | Strategy11 Team | AWP Classifieds | 中危 | - | 2026-01-23 14:29:01 | Deep Dive |