| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-32196 | Windows Admin Center Spoofing Vulnerability | Microsoft | Windows Admin Center | Medium | 6.1 | 2026-04-14 16:58:34 | Deep Dive |
| CVE-2026-5252 | z-9527 admin Message Create Endpoint message.js cross site scripting | z-9527 | admin | Low | 3.5 | 2026-04-01 03:15:13 | Deep Dive |
| CVE-2026-5251 | z-9527 admin User Update Endpoint user.js dynamically-determined object attributes | z-9527 | admin | Medium | 6.3 | 2026-04-01 02:30:14 | Deep Dive |
| CVE-2026-4999 | z-9527 admin isImg Check upload.js uploadFile path traversal | z-9527 | admin | Medium | 6.3 | 2026-03-28 15:00:14 | Deep Dive |
| CVE-2026-3328 | Frontend Admin by DynamiApps <= 3.28.31 - Authenticated (Editor+) PHP Object Injection via 'post_content' of Admin Form Posts | shabti | Frontend Admin by DynamiApps | High | 7.2 | 2026-03-26 02:25:20 | Deep Dive |
| CVE-2026-32521 | WordPress WP Custom Admin Interface plugin <= 7.42 - Cross Site Scripting (XSS) vulnerability | Northern Beaches Websites | WP Custom Admin Interface | 中危 | - | 2026-03-25 16:15:07 | Deep Dive |
| CVE-2026-22524 | WordPress Legacy Admin plugin <= 9.5 - Reflected Cross Site Scripting (XSS) vulnerability | themepassion | Legacy Admin | High | 7.1 | 2026-03-25 16:14:29 | Deep Dive |
| CVE-2026-22523 | WordPress Ultra WordPress Admin plugin <= 11.7 - Reflected Cross Site Scripting (XSS) vulnerability | themepassion | Ultra WordPress Admin | High | 7.1 | 2026-03-25 16:14:29 | Deep Dive |
| CVE-2019-25618 | AdminExpress 1.2.5 Denial of Service via System Compare | Admin-Express | AdminExpress | Medium | 6.2 | 2026-03-22 13:38:50 | Deep Dive |
| CVE-2019-25612 | Admin Express 1.2.5.485 Local SEH Buffer Overflow via Folder Path | Admin-Express | Admin-Express | High | 7.8 | 2026-03-22 13:38:46 | Deep Dive |
| CVE-2026-2294 | UiPress lite | Effortless custom dashboards, admin themes and pages <= 3.5.09 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update | admintwentytwenty | UiPress lite | Effortless custom dashboards, admin themes and pages | Medium | 4.3 | 2026-03-21 03:26:48 | Deep Dive |
| CVE-2026-25471 | WordPress Admin Safety Guard plugin <= 1.2.7 - Broken Authentication vulnerability | Themepaste | Admin Safety Guard | High | 8.1 | 2026-03-19 07:17:54 | Deep Dive |
| CVE-2026-4285 | taoofagi easegen-admin Pdf2MdUtil.java recognizeMarkdown path traversal | taoofagi | easegen-admin | Low | 2.7 | 2026-03-16 23:32:42 | Deep Dive |
| CVE-2026-4284 | taoofagi easegen-admin PPT File PPTUtil.java downloadFile server-side request forgery | taoofagi | easegen-admin | Medium | 4.7 | 2026-03-16 23:02:44 | Deep Dive |
| CVE-2026-32456 | WordPress Admin Menu Editor plugin <= 1.14.1 - Cross Site Request Forgery (CSRF) vulnerability | Janis Elsts | Admin Menu Editor | 中危 | - | 2026-03-13 11:42:22 | Deep Dive |
| CVE-2026-32423 | WordPress Admin and Site Enhancements (ASE) plugin <= 8.4.0 - Broken Access Control vulnerability | Bowo | Admin and Site Enhancements (ASE) | 中危 | - | 2026-03-13 11:42:17 | Deep Dive |
| CVE-2026-23660 | Windows Admin Center in Azure Portal Elevation of Privilege Vulnerability | Microsoft | Windows Admin Center in Azure Portal | High | 7.8 | 2026-03-10 17:04:33 | Deep Dive |
| CVE-2026-3750 | ContiNew Admin Storage Management S3ClientFactory.java URI.create server-side request forgery | - | ContiNew Admin | Medium | 4.7 | 2026-03-08 16:32:08 | Deep Dive |
| CVE-2026-3200 | z-9527 admin user.js getUsers sql injection | z-9527 | admin | High | 7.3 | 2026-02-25 20:02:09 | Deep Dive |
| CVE-2026-2410 | Disable Admin Notices – Hide Dashboard Notifications <= 1.4.2 - Cross-Site Request Forgery to Plugin Settings Update | themeisle | Disable Admin Notices – Hide Dashboard Notifications | Medium | 4.3 | 2026-02-25 09:26:51 | Deep Dive |