CVE-2026-1622
NONE
Neo4j Enterprise and Community editions versions prior to 2026.01.3 and 5.26.21 are vulnerable to a potential information disclosure by a user who has ability to access the local log files. The "obf...
2/4/2026CWE-532
Security Database
VULNERABILITY
DATABASE
Comprehensive database of CVEs, exploits from Exploit-DB, and CISA's Known Exploited Vulnerabilities (KEV) catalog. Updated daily with the latest security vulnerabilities.
CVEs
787
Exploits
2K+
KEV
1K+
Daily
LIVE
Critical & Exploited
CRITICAL
CVE-2025-5319
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i...
CRITICAL
CVE-2026-25202
The database account and password are hardcoded, allowing login with the account to manipulate the d...
CRITICAL
CVE-2026-25200
A vulnerability in MagicInfo9 Server allows authorized users to upload HTML files without authentica...
CRITICAL
CVE-2020-37056
Crystal Shard http-protection 0.2.0 contains an IP spoofing vulnerability that allows attackers to b...
CRITICAL
CVE-2020-37052
AirControl 1.4.2 contains a pre-authentication remote code execution vulnerability that allows unaut...
Recent CVEs
CVE-2025-41085
NONE
Stored Cross-Site Scripting (XSS) vulnerability type in Apidog in the version 2.7.15, where SVG image uploads are not properly sanitized. This allows attackers to embed malicious scripts in SVG files...
2/4/2026CWE-79
CVE-2026-1370
4.9MEDIUM
The SIBS woocommerce payment gateway plugin for WordPress is vulnerable to time-based SQL Injection via the ‘referencedId’ parameter in all versions up to, and including, 2.2.0 due to insufficient esc...
2/4/2026CWE-89
CVE-2026-0816
4.9MEDIUM
The All push notification for WP plugin for WordPress is vulnerable to time-based SQL Injection via the 'delete_id' parameter in all versions up to, and including, 1.5.3 due to insufficient escaping o...
2/4/2026CWE-89
CVE-2026-0743
4.4MEDIUM
The WP Content Permission plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ohmem-message' parameter in all versions up to, and including, 1.2 due to insufficient input saniti...
2/4/2026CWE-79
CVE-2026-0742
6.4MEDIUM
The Smart Appointment & Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the saab_save_form_data AJAX action in all versions up to, and including, 1.0.7 due to insufficien...
2/4/2026CWE-79
Recent Exploits
EDB-52465
webappsmultiple
WordPress Quiz Maker 6.7.0.56 - SQL Injection
CVE-2025-10042
Rahul Sreenivasan12/25/2025
EDB-52463
webappsmultiple
FreeBSD rtsold 15.x - Remote Code Execution via DNSSL
CVE-2025-14558
Lukas Johannes Möller12/25/2025
EDB-52464
webappsmultiple
Chained Quiz 1.3.5 - Unauthenticated Insecure Direct Object Reference via Cookie
CVE-2025-10493
0xsabre12/25/2025
EDB-52462
webappsmultiple
Summar Employee Portal 3.98.0 - Authenticated SQL Injection
CVE-2025-40677
Peter Gabaldon12/16/2025
EDB-52461
webappsmultiple
esm-dev 136 - Path Traversal
CVE-2025-59342
Byte Reaper12/16/2025
EDB-52460
webappsphp
Pluck 4.7.7-dev2 - PHP Code Execution
CVE-2018-11736
CodeSecLab12/8/2025
CISA KEV Catalog
| CVE ID | Vendor | Product | Date Added | Ransomware |
|---|---|---|---|---|
| CVE-2026-20805 | Microsoft | Windows | 2026-01-13 | - |
| CVE-2025-8110 | Gogs | Gogs | 2026-01-12 | - |
| CVE-2025-37164 | Hewlett Packard Enterprise (HPE) | OneView | 2026-01-07 | - |
| CVE-2009-0556 | Microsoft | Office | 2026-01-07 | - |
| CVE-2025-14847 | MongoDB | MongoDB and MongoDB Server | 2025-12-29 | - |
Data Sources
This vulnerability database is provided for educational and authorized security research purposes only.