| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-33955 | Notesnook vulnerable to RCE via stored XSS in Note History diff viewer | streetwriters | Notesnook Web/Desktop | High | 8.6 | 2026-03-27 21:27:32 | Deep Dive |
| CVE-2026-33976 | Notesnook vulnerable to RCE via stored XSS in Web Clipper rendering | streetwriters | Notesnook Web/Desktop | Critical | 9.6 | 2026-03-27 21:26:10 | Deep Dive |
| CVE-2026-33765 | Pi-hole Web Interface has a Command Injection Vulnerability | pi-hole | web | 中危 | - | 2026-03-27 19:46:58 | Deep Dive |
| CVE-2018-25210 | WebOfisi E-Ticaret 4.0 SQL Injection via urun Parameter | Web-Ofisi | Ticaret V4 | High | 8.2 | 2026-03-26 11:39:56 | Deep Dive |
| CVE-2026-4281 | FormLift for Infusionsoft Web Forms <= 7.5.21 - Missing Authorization to Unauthenticated Infusionsoft Connection Hijack via OAuth Connection Flow | trainingbusinesspros | FormLift for Infusionsoft Web Forms | Medium | 5.3 | 2026-03-26 03:37:28 | Deep Dive |
| CVE-2026-21992 | Oracle Identity Manager 安全漏洞 | Oracle Corporation | Oracle Identity Manager | Critical | 9.8 | 2026-03-20 02:24:16 | Deep Dive |
| CVE-2026-27540 | WordPress Woocommerce Wholesale Lead Capture plugin <= 2.0.3.1 - Arbitrary File Upload vulnerability | Rymera Web Co Pty Ltd. | Woocommerce Wholesale Lead Capture | 超危 | - | 2026-03-19 05:24:46 | Deep Dive |
| CVE-2026-27542 | WordPress Woocommerce Wholesale Lead Capture plugin <= 2.0.3.1 - Privilege Escalation vulnerability | Rymera Web Co Pty Ltd. | Woocommerce Wholesale Lead Capture | 超危 | - | 2026-03-19 05:22:50 | Deep Dive |
| CVE-2025-2274 | Stored Cross Site Scripting in Forcepoint Web Security | Forcepoint | Web Security (On-Prem) | - | - | 2026-03-16 14:46:50 | Deep Dive |
| CVE-2026-3024 | Stored Cross-Site Scripting (XSS) vulnerability in the Wakyma application web | Wakyma | Wakyma application web | - | - | 2026-03-16 10:13:37 | Deep Dive |
| CVE-2026-3023 | Non-relational SQL injection vulnerability (NoSQLi) in the Wakyma application web | Wakyma | Wakyma application web | - | - | 2026-03-16 10:12:53 | Deep Dive |
| CVE-2026-3022 | Non-relational SQL injection vulnerability (NoSQLi) in the Wakyma application web | Wakyma | Wakyma application web | - | - | 2026-03-16 10:11:30 | Deep Dive |
| CVE-2026-3021 | Non-relational SQL injection vulnerability (NoSQLi) in the Wakyma application web | Wakyma | Wakyma application web | - | - | 2026-03-16 10:11:12 | Deep Dive |
| CVE-2026-3020 | Identity based authorization bypass vulnerability (IDOR) in the Wakyma application web | Wakyma | Wakyma application web | - | - | 2026-03-16 10:09:55 | Deep Dive |
| CVE-2026-22199 | Voltronic Power SNMP Web Pro 1.1 Path Traversal via upload.cgi | Voltronic Power | SNMP Web Pro | High | 7.5 | 2026-03-13 01:18:07 | Deep Dive |
| CVE-2026-22192 | Voltronic Power SNMP Web Pro 1.1 Authentication Bypass via localStorage | Voltronic Power | SNMP Web Pro | Critical | 9.9 | 2026-03-13 01:18:04 | Deep Dive |
| CVE-2026-4013 | SourceCodester Web-based Pharmacy Product Management System add_admin.php improper authorization | SourceCodester | Web-based Pharmacy Product Management System | Medium | 6.3 | 2026-03-12 08:02:08 | Deep Dive |
| CVE-2026-3963 | perfree go-fastdfs-web Apache Shiro RememberMe ShiroConfig.java rememberMeManager hard-coded key | perfree | go-fastdfs-web | Low | 3.7 | 2026-03-11 23:02:08 | Deep Dive |
| CVE-2026-3962 | Jcharis Machine-Learning-Web-Apps Jinja2 Template app.py render_template cross site scripting | Jcharis | Machine-Learning-Web-Apps | Medium | 4.3 | 2026-03-11 22:32:09 | Deep Dive |
| CVE-2019-25466 | Easy File Sharing Web Server 7.2 Local SEH Overflow | Sharing-File | Easy File Sharing Web Server | High | 8.4 | 2026-03-11 18:23:11 | Deep Dive |