CVE & Exploit Intelligence Database

CVE-2026-27541 7.1 HIGH EXPLOITED EPSS 0.00

Incorrect Privilege Assignment vulnerability in Josh Kohlbach Wholesale Suite woocommerce-wholesale-prices allows Privilege Escalation.This issue affects Wholesale Suite: from n/a through <= 2.2.6.

CWE-266 Mar 05, 2026

CVE-2026-1492 9.8 CRITICAL EXPLOITED 3 PoCs Analysis EPSS 0.00

The User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to improper privilege management in all versions up to, and including, 5.1.2. This is due to the plugin accepting a user-supplied role during membership registration without properly enforcing a server-side allowlist. This makes it possible for unauthenticated attackers to create administrator accounts by supplying a role value during membership registration.

CWE-269 Mar 03, 2026

CVE-2026-21385 7.8 HIGH KEV 2 PoCs Analysis EPSS 0.00

Memory corruption while using alignments for memory allocation.

CWE-190 Mar 02, 2026

CVE-2026-22719 8.1 HIGH KEV EPSS 0.07

VMware Aria Operations contains a command injection vulnerability. A malicious unauthenticated actor may exploit this issue to execute arbitrary commands which may lead to remote code execution in VMware Aria Operations while support-assisted product migration is in progress.  To remediate CVE-2026-22719, apply the patches listed in the 'Fixed Version' column of the ' Response Matrix https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 ' in VMSA-2026-0001  Workarounds for CVE-2026-22719 are documented in the 'Workarounds' column of the ' Response Matrix https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 ' in VMSA-2026-0001

CWE-77 Feb 25, 2026

CVE-2026-20128 7.5 HIGH EXPLOITED EPSS 0.00

A vulnerability in the Data Collection Agent (DCA) feature of Cisco Catalyst SD-WAN Manager could allow an authenticated, local attacker to gain DCA user privileges on an affected system. To exploit this vulnerability, the attacker must have valid&nbsp;vmanage credentials on the affected system. This vulnerability is due to the presence of a credential file for the DCA user on an affected system. An attacker could exploit this vulnerability by accessing the filesystem as a low-privileged user and reading the file that contains the DCA password from that affected system. A successful exploit could allow the attacker to access another affected system and gain DCA user privileges. Note: Cisco Catalyst SD-WAN Manager releases 20.18 and later are not affected by this vulnerability.

CWE-257 Feb 25, 2026

CVE-2026-20127 10.0 CRITICAL KEV 8 PoCs Analysis EPSS 0.03

A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system. This vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to an affected system. A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root&nbsp;user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric.&nbsp;

CWE-287 Feb 25, 2026

CVE-2026-20122 5.4 MEDIUM EXPLOITED EPSS 0.00

A vulnerability in the API of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to overwrite arbitrary files on the local file system. To exploit this vulnerability, the attacker must have valid read-only credentials with API access on the affected system. This vulnerability is due to improper file handling on the API interface of an affected system. An attacker could exploit this vulnerability by uploading a malicious file on the local file system. A successful exploit could allow the attacker to overwrite arbitrary files on the affected system&nbsp;and gain vmanage user privileges.

CWE-648 Feb 25, 2026

CVE-2021-35402 10.0 CRITICAL EXPLOITED EPSS 0.00

PROLiNK PRC2402M 20190909 before 2021-06-13 allows live_api.cgi?page=satellite_list OS command injection via shell metacharacters in the ip parameter (for satellite_status).

CWE-78 Feb 20, 2026

CVE-2026-1581 7.5 HIGH EXPLOITED 1 PoC Analysis EPSS 0.00

The wpForo Forum plugin for WordPress is vulnerable to time-based SQL Injection via the 'wpfob' parameter in all versions up to, and including, 2.4.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

CWE-89 Feb 19, 2026

CVE-2026-1994 9.8 CRITICAL EXPLOITED EPSS 0.00

The s2Member plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 260127. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.

CWE-269 Feb 19, 2026

CVE-2026-22769 10.0 CRITICAL KEV EPSS 0.34

Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credential vulnerability. This is considered critical as an unauthenticated remote attacker with knowledge of the hardcoded credential could potentially exploit this vulnerability leading to unauthorized access to the underlying operating system and root-level persistence. Dell recommends that customers upgrade or apply one of the remediations as soon as possible.

CWE-798 Feb 17, 2026

CVE-2026-2441 8.8 HIGH KEV 10 PoCs Analysis EPSS 0.00

Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CWE-416 Feb 13, 2026

CVE-2026-25108 8.8 HIGH KEV EPSS 0.19

FileZen contains an OS command injection vulnerability. When FileZen Antivirus Check Option is enabled, a logged-in user may send a specially crafted HTTP request to execute an arbitrary OS command.

CWE-78 Feb 13, 2026

CVE-2026-20700 7.8 HIGH KEV 3 PoCs Analysis EPSS 0.00

A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An attacker with memory write capability may be able to execute arbitrary code. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 and CVE-2025-43529 were also issued in response to this report.

CWE-119 Feb 11, 2026

CVE-2026-1357 9.8 CRITICAL EXPLOITED 7 PoCs Analysis EPSS 0.00

The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Upload in versions up to and including 0.9.123. This is due to improper error handling in the RSA decryption process combined with a lack of path sanitization when writing uploaded files. When the plugin fails to decrypt a session key using openssl_private_decrypt(), it does not terminate execution and instead passes the boolean false value to the phpseclib library's AES cipher initialization. The library treats this false value as a string of null bytes, allowing an attacker to encrypt a malicious payload using a predictable null-byte key. Additionally, the plugin accepts filenames from the decrypted payload without sanitization, enabling directory traversal to escape the protected backup directory. This makes it possible for unauthenticated attackers to upload arbitrary PHP files to publicly accessible directories and achieve Remote Code Execution via the wpvivid_action=send_to_site parameter.

CWE-434 Feb 11, 2026

CVE-2026-21533 7.8 HIGH KEV 7 PoCs Analysis EPSS 0.03

Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.

CWE-269 Feb 10, 2026

CVE-2026-21525 6.2 MEDIUM KEV EPSS 0.03

Null pointer dereference in Windows Remote Access Connection Manager allows an unauthorized attacker to deny service locally.

CWE-476 Feb 10, 2026

CVE-2026-21519 7.8 HIGH KEV EPSS 0.03

Access of resource using incompatible type ('type confusion') in Desktop Window Manager allows an authorized attacker to elevate privileges locally.

CWE-843 Feb 10, 2026

CVE-2026-21514 7.8 HIGH KEV EPSS 0.05

Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally.

CWE-807 Feb 10, 2026

CVE-2026-21513 8.8 HIGH KEV EPSS 0.05

Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.

CWE-693 Feb 10, 2026