CVE Field Guide

Critical CVEs

CVE	Title	Updated	Score
CVE-2025-5329	SQLi in Martcode Software's Delta Course Automation	04.02.2026	9.8
CVE-2025-59818	Authenticated Remote Code Execution via the file name of an uploaded file	04.02.2026	10
CVE-2026-1633	Synectix LAN 232 TRIO Missing Authentication for Critical Function	03.02.2026	10
CVE-2026-1632	RISS SRL MOMA Seismic Station Missing Authentication for Critical Function	03.02.2026	9.3
CVE-2020-37071	CraftCMS 3 vCard Plugin 1.0.0 - Remote Code Execution	03.02.2026	9.3
CVE-2020-37092	Netis E1+ 1.2.32533 - Backdoor Account (root)	03.02.2026	9.3
CVE-2026-1341	Missing Authentication for Critical Function in Avation Light Engine Pro	03.02.2026	9.3
CVE-2026-25150	Prototype Pollution via FormData Processing in Qwik City	03.02.2026	9.3
CVE-2026-25510	CI4MS Vulnerable to Remote Code Execution (RCE) via Arbitrary File Creation and Save in File Editor	03.02.2026	10
CVE-2025-65078	Untrusted search path vulnerability in Embedded Solutions Framework	03.02.2026	9.3
CVE-2026-1803	Ziroom ZHOME A0101 Dropbear SSH Service default credentials	03.02.2026	9.2
CVE-2025-10878		03.02.2026	10
CVE-2026-25237	PEAR is Vulnerable to PHP Code Execution via preg_replace /e in Bug Update Emails	03.02.2026	9.2
CVE-2026-25238	PEAR is Vulnerable to SQL Injection in Bug Subscription Deletion via Weak Email Validation	03.02.2026	9.2
CVE-2026-25241	PEAR is Vulnerable to SQL Injection in /get/<package>/<version> Endpoint	03.02.2026	9.3
CVE-2025-70841		03.02.2026	10
CVE-2026-1568	Rapid7 InsightVM Signature Validation Vulnerability	04.02.2026	9.6
CVE-2025-5319	SQLi in Emit Informatics' DIGITA Efficiency Management System	04.02.2026	9.8
CVE-2026-1432	SQL injection (SQLi) on the Buroweb platform	03.02.2026	9.3
CVE-2026-24465		03.02.2026	9.3
CVE-2026-24936	An improper input validation vulnerability was found in ADM while joining a AD Domain.	03.02.2026	9.5
CVE-2025-66480	Wildfire has Arbitrary File Upload via Directory Traversal in UploadFileAction	03.02.2026	9.8
CVE-2026-22778	vLLM leaks a heap address when PIL throws an error	03.02.2026	9.8
CVE-2026-23515	RCE - Command Injection in Signal K set-system-time plugin	03.02.2026	10
CVE-2026-24471	Improper Validation in Conduit-derived homeservers resulting in Unintended Proxy or Intermediary ('Confused Deputy')	03.02.2026	9.3
CVE-2026-25134	Group-Office Argument Injection in MaintenanceController::actionZipLanguage	02.02.2026	9.4
CVE-2026-25137	NixOs Odoo database and filestore publicly accessible with default odoo configuration	02.02.2026	9.1
CVE-2026-25142	SandboxJS Prototype Pollution -> Sandbox Escape -> RCE	02.02.2026	10
CVE-2022-50981	Multiple Innomic VibroLine VLX HD 5.0 and avibia AVLX weak password requirements	02.02.2026	9.8
CVE-2024-2356	Remote Code Execution due to LFI in '/reinstall_extension' in parisneo/lollms-webui	02.02.2026	9.6
CVE-2024-5386	Account Hijacking via Password Reset Token Leak in lunary-ai/lunary	02.02.2026	9.6
CVE-2024-5986	Remote Arbitrary File Write with Arbitrary Data in h2oai/h2o-3	02.02.2026	9.1
CVE-2026-25200		03.02.2026	9.8
CVE-2026-25202		03.02.2026	9.8
CVE-2026-25069	SunFounder Pironman Dashboard <= 1.3.13 Path Traversal Arbitrary File Read/Deletion	02.02.2026	9.3
CVE-2020-37027	Sickbeard 0.1 - Remote Command Injection	03.02.2026	9.3
CVE-2020-37052	AirControl 1.4.2 - PreAuth Remote Code Execution	02.02.2026	9.3
CVE-2026-1723	TOTOLINK X6000R Unauthenticated Command Injection Vulnerability	04.02.2026	9.2
CVE-2025-24293		02.02.2026	9.2
CVE-2026-25130	Cybersecurity AI vulnerable to command Injection through argument injection in find_file Agent tool	02.02.2026	9.7
CVE-2026-25141	Orval has a code injection via unsanitized x-enum-descriptions uing JS comments	02.02.2026	9.3
CVE-2025-7964	Zigbee Router Denial of Service	30.01.2026	9.2
CVE-2025-26385	Metasys product command injection vulnerability could allow remote SQL execution	30.01.2026	9.5
CVE-2026-1699		02.02.2026	10
CVE-2026-0963	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Crafty Controller	02.02.2026	9.9
CVE-2026-24728	Interinfo DreamMaker - Missing Authentication for Critical Function	30.01.2026	9.3
CVE-2026-24729	Interinfo DreamMaker - Unrestricted Upload of File with Dangerous Type	30.01.2026	10
CVE-2026-1281		30.01.2026	9.8
CVE-2026-1340		30.01.2026	9.8
CVE-2026-25047	deepHas vulnerable to Prototype Pollution via constructor.prototype	02.02.2026	9.4
CVE-2026-22806	vCluster Platform's Access Keys Allows Access Beyond Scope	29.01.2026	9.1
CVE-2026-1453	Missing Authentication for Critical Function in KiloView Encoder Series	29.01.2026	9.3
CVE-2026-1610	Tenda AX12 Pro V2 Telnet Service hard-coded credentials	29.01.2026	9.2
CVE-2020-37012	Tea LaTex 1.0 - Remote Code Execution	29.01.2026	9.3

Latest Updates

CVE	Title	Updated	Score
CVE-2025-70545		04.02.2026
CVE-2026-22549	BIG-IP Container Ingress Services vulnerability	04.02.2026	4.9
CVE-2025-70997		04.02.2026
CVE-2026-1642	NGINX vulnerability	04.02.2026	5.9
CVE-2026-20730	BIG-IP Edge Client for Windows vulnerability	04.02.2026	3.3
CVE-2026-20732	BIG-IP Configuration utility vulnerability	04.02.2026	3.1
CVE-2026-22548	BIG-IP Advanced WAF and ASM vulnerability	04.02.2026	5.9
CVE-2025-69618		04.02.2026
CVE-2025-14740	Docker Desktop for Windows Incorrect Permission Assignment Privilege Escalation Vulnerabilities	04.02.2026	6.7
CVE-2025-15368	SportsPress <= 2.7.26 - Authenticated (Contributor+) Local File Inclusion via Shortcode	04.02.2026	8.8
CVE-2025-5329	SQLi in Martcode Software's Delta Course Automation	04.02.2026	9.8
CVE-2026-0873	Privilege Elevation in Ercom Cryptobox administration console	04.02.2026
CVE-2026-24735	Apache Answer: Revision API Improper Access Control leads to Information Disclosure	04.02.2026
CVE-2025-59818	Authenticated Remote Code Execution via the file name of an uploaded file	04.02.2026	10
CVE-2025-41085	Stored Cross-Site Scripting (XSS) in Apidog web platform	04.02.2026
CVE-2026-1622	Unredacted data exposure in query.log	04.02.2026
CVE-2025-14461	Xendit Payment <= 6.0.2 - Missing Authorization to Unauthenticated Arbitrary Order Status Update to Paid	04.02.2026	5.3
CVE-2025-15260	MyRewards – Loyalty Points and Rewards for WooCommerce <= 5.6.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Loyalty Rule Modification	04.02.2026	6.5
CVE-2025-15268	Infility Global <= 2.14.46 - Unauthenticated SQL Injection via Predictable API Key and IP Whitelist Bypass	04.02.2026	7.5
CVE-2025-15285	SEO Flow by LupsOnline <= 2.2.1 - Unauthenticated Arbitrary Post/Category Modification	04.02.2026	7.5
CVE-2025-15482	Chapa Payment Gateway Plugin for WooCommerce <= 1.0.3 - Unauthenticated Sensitive Information Exposure	04.02.2026	5.3
CVE-2025-15487	Code Explorer <= 1.4.6 - Authenticated (Administrator+) Arbitrary File Read via 'file' Parameter	04.02.2026	4.9
CVE-2025-15507	Magic Import Document Extractor <= 1.0.4 - Missing Authorization to Unauthenticated Plugin License Status Modification	04.02.2026	5.3
CVE-2025-15508	Magic Import Document Extractor <= 1.0.4 - Unauthenticated Sensitive Information Exposure	04.02.2026	5.3
CVE-2026-0572	WebPurify Profanity Filter <= 4.0.2 - Missing Authorization to Unauthenticated Plugin Settings Change via webpurify_save_options	04.02.2026	6.5
CVE-2026-0679	Fortis for WooCommerce <= 1.2.0 - Missing Authorization to Unauthenticated Arbitrary Order Status Update to Paid via 'wc-api' Endpoint	04.02.2026	5.3
CVE-2026-0681	Extended Random Number Generator <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings	04.02.2026	4.4
CVE-2026-0742	Smart Appointment & Booking <= 1.0.7 - Authenticated (Subscriber+) Stored Cross-Site Scripting via saab_save_form_data AJAX Action	04.02.2026	6.4
CVE-2026-0743	WP Content Permission <= 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'ohmem-message' Parameter	04.02.2026	4.4
CVE-2026-0816	All push notification for WP <= 1.5.3 - Authenticated (Administrator+) SQL Injection via 'delete_id' Parameter	04.02.2026	4.9
CVE-2026-1370	SIBS - WooCommerce <= 2.2.0 - Authenticated (Admin+) SQL Injection via 'referencedId' Parameter	04.02.2026	4.9
CVE-2026-1819	Stored XSS in Karel Electronics' ViPort	04.02.2026	8.8
CVE-2026-21393		04.02.2026
CVE-2026-22875		04.02.2026
CVE-2026-23704		04.02.2026
CVE-2026-24447		04.02.2026
CVE-2026-1756	WP FOFT Loader <= 2.1.39 - Authenticated (Author+) Arbitrary File Upload	04.02.2026	8.8
CVE-2026-20977		04.02.2026
CVE-2026-20978		04.02.2026
CVE-2026-20979		04.02.2026
CVE-2026-20980		04.02.2026
CVE-2026-20981		04.02.2026
CVE-2026-20982		04.02.2026
CVE-2026-20983		04.02.2026
CVE-2026-20984		04.02.2026
CVE-2026-20985		04.02.2026
CVE-2026-20986		04.02.2026
CVE-2026-20987		04.02.2026
CVE-2025-29867		04.02.2026
CVE-2026-1791	Arbitrary File Upload Vulnerability in Operation and Maintenance Security Gateway	04.02.2026	2.7
CVE-2025-69620		04.02.2026
CVE-2025-69621		04.02.2026