| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-0746 | AI Engine <= 3.3.2 - Authenticated (Subscriber+) Server-Side Request Forgery | tigroumeow | AI Engine – The Chatbot, AI Framework & MCP for WordPress | Medium | 6.4 | 2026-01-27 18:27:56 | Deep Dive |
| CVE-2026-24490 | MobSF has Stored XSS via Manifest Analysis - Dialer Code Host Field | MobSF | Mobile-Security-Framework-MobSF | High | 8.1 | 2026-01-27 00:40:36 | Deep Dive |
| CVE-2025-6461 | CubeWP – All-in-One Dynamic Content Framework <= 1.1.27 - Unauthenticated Post Disclosure in class-cubewp-search-ajax-hooks.php | cubewp1211 | CubeWP Framework | Medium | 4.3 | 2026-01-25 02:22:37 | Deep Dive |
| CVE-2025-63051 | WordPress REHub Framework plugin < 19.9.9.4 - Sensitive Data Exposure vulnerability | sizam | REHub Framework | - | - | 2026-01-22 16:51:49 | Deep Dive |
| CVE-2026-21924 | Oracle Utilities Applications 安全漏洞 | Oracle Corporation | Oracle Utilities Application Framework | Medium | 5.4 | 2026-01-20 21:56:21 | Deep Dive |
| CVE-2025-8615 | CubeWP <= 1.1.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via cubewp_shortcode_taxonomy Shortcode | cubewp1211 | CubeWP Framework | Medium | 6.4 | 2026-01-17 08:24:32 | Deep Dive |
| CVE-2025-12129 | CubeWP – All-in-One Dynamic Content Framework <= 1.1.27 - Unauthenticated Information Exposure | cubewp1211 | CubeWP Framework | Medium | 5.3 | 2026-01-17 07:27:37 | Deep Dive |
| CVE-2026-22521 | WordPress Handmade Framework plugin <= 3.9 - Local File Inclusion vulnerability | G5Theme | Handmade Framework | High | 7.5 | 2026-01-08 16:18:29 | Deep Dive |
| CVE-2025-23504 | WordPress Felan Framework plugin <= 1.1.3 - Account Takeover vulnerability | RiceTheme | Felan Framework | 中危 | - | 2026-01-08 09:17:41 | Deep Dive |
| CVE-2025-23993 | WordPress Felan Framework plugin <= 1.1.3 - SQL Injection vulnerability | RiceTheme | Felan Framework | Critical | 9.3 | 2026-01-08 09:17:41 | Deep Dive |
| CVE-2025-14358 | WordPress REHub Framework plugin <= 19.9.5 - Broken Access Control vulnerability | sizam | REHub Framework | High | 7.5 | 2026-01-08 09:17:37 | Deep Dive |
| CVE-2025-15022 | Cross-site scripting in Action caption | vaadin | vaadin | 中危 | - | 2026-01-05 07:52:56 | Deep Dive |
| CVE-2025-67629 | WordPress Basticom Framework plugin <= 1.5.2 - Cross Site Scripting (XSS) vulnerability | Basticom | Basticom Framework | Medium | 5.9 | 2025-12-24 13:10:23 | Deep Dive |
| CVE-2025-33226 | NVIDIA Nemo Framework 代码问题漏洞 | NVIDIA | NeMo Framework | High | 7.8 | 2025-12-16 17:22:32 | Deep Dive |
| CVE-2025-33212 | NVIDIA Nemo Framework 代码问题漏洞 | NVIDIA | NeMo Framework | High | 7.3 | 2025-12-16 17:21:48 | Deep Dive |
| CVE-2025-67722 | Authenticated amportal search for ‘freepbx_engine’ in non root writeable directories leads to potential privilege escalation | FreePBX | framework | - | - | 2025-12-16 00:14:19 | Deep Dive |
| CVE-2025-9488 | Redux Framework <= 4.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via data Parameter | davidanderson | Redux Framework | Medium | 6.4 | 2025-12-13 04:31:33 | Deep Dive |
| CVE-2025-66039 | FreePBX Endpoint Manager Allows Unauthenticated Logins to Administrator Control Panel via Forged Basic Auth Header | FreePBX | framework | - | - | 2025-12-09 21:32:03 | Deep Dive |
| CVE-2025-63050 | WordPress REHub Framework plugin < 19.9.9.7 - Cross Site Scripting (XSS) vulnerability | sizam | REHub Framework | Medium | 6.5 | 2025-12-09 14:52:32 | Deep Dive |
| CVE-2025-42875 | Missing Authentication check in SAP NetWeaver Internet Communication Framework | SAP_SE | SAP NetWeaver Internet Communication Framework | Medium | 6.6 | 2025-12-09 02:14:30 | Deep Dive |