CVE & Exploit Intelligence Database

CVE-2026-1492 9.8 CRITICAL EXPLOITED 2 PoCs Analysis EPSS 0.00

The User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to improper privilege management in all versions up to, and including, 5.1.2. This is due to the plugin accepting a user-supplied role during membership registration without properly enforcing a server-side allowlist. This makes it possible for unauthenticated attackers to create administrator accounts by supplying a role value during membership registration.

CWE-269 Mar 03, 2026

CVE-2026-21385 7.8 HIGH KEV 2 PoCs Analysis EPSS 0.00

Memory corruption while using alignments for memory allocation.

CWE-190 Mar 02, 2026

CVE-2026-20127 10.0 CRITICAL KEV 8 PoCs Analysis EPSS 0.03

A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system. This vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to an affected system. A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric. 

CWE-287 Feb 25, 2026

CVE-2026-1581 7.5 HIGH EXPLOITED 1 PoC Analysis EPSS 0.00

The wpForo Forum plugin for WordPress is vulnerable to time-based SQL Injection via the 'wpfob' parameter in all versions up to, and including, 2.4.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

CWE-89 Feb 19, 2026

CVE-2026-2441 8.8 HIGH KEV 10 PoCs Analysis EPSS 0.00

Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CWE-416 Feb 13, 2026

CVE-2026-20700 7.8 HIGH KEV 3 PoCs Analysis EPSS 0.00

A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An attacker with memory write capability may be able to execute arbitrary code. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 and CVE-2025-43529 were also issued in response to this report.

CWE-119 Feb 11, 2026

CVE-2026-1357 9.8 CRITICAL EXPLOITED 7 PoCs Analysis EPSS 0.00

The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Upload in versions up to and including 0.9.123. This is due to improper error handling in the RSA decryption process combined with a lack of path sanitization when writing uploaded files. When the plugin fails to decrypt a session key using openssl_private_decrypt(), it does not terminate execution and instead passes the boolean false value to the phpseclib library's AES cipher initialization. The library treats this false value as a string of null bytes, allowing an attacker to encrypt a malicious payload using a predictable null-byte key. Additionally, the plugin accepts filenames from the decrypted payload without sanitization, enabling directory traversal to escape the protected backup directory. This makes it possible for unauthenticated attackers to upload arbitrary PHP files to publicly accessible directories and achieve Remote Code Execution via the wpvivid_action=send_to_site parameter.

CWE-434 Feb 11, 2026

CVE-2026-21533 7.8 HIGH KEV 6 PoCs Analysis EPSS 0.03

Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.

CWE-269 Feb 10, 2026

CVE-2026-21510 8.8 HIGH KEV 2 PoCs Analysis EPSS 0.03

Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.

CWE-693 Feb 10, 2026

CVE-2026-1731 9.8 CRITICAL KEV RANSOMWARE 8 PoCs Analysis NUCLEI EPSS 0.65

BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.

CWE-78 Feb 06, 2026

CVE-2025-15556 7.5 HIGH KEV 3 PoCs Analysis EPSS 0.04

Notepad++ versions prior to 8.8.9, when using the WinGUp updater, contain an update integrity verification vulnerability where downloaded update metadata and installers are not cryptographically verified. An attacker able to intercept or redirect update traffic can cause the updater to download and execute an attacker-controlled installer, resulting in arbitrary code execution with the privileges of the user.

CWE-494 Feb 03, 2026

CVE-2025-15030 9.8 CRITICAL EXPLOITED 4 PoCs Analysis EPSS 0.00

The User Profile Builder WordPress plugin before 3.15.2 does not have a proper password reset process, allowing a few unauthenticated requests to reset the password of any user by knowing their username, such as administrator ones, and therefore gain access to their account

CWE-269 Feb 02, 2026

CVE-2026-25253 8.8 HIGH EXPLOITED 8 PoCs Analysis EPSS 0.00

OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value from a query string and automatically makes a WebSocket connection without prompting, sending a token value.

CWE-669 Feb 01, 2026

CVE-2026-1340 9.8 CRITICAL EXPLOITED 3 PoCs Analysis EPSS 0.51

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

CWE-94 Jan 29, 2026

CVE-2026-1281 9.8 CRITICAL KEV 3 PoCs Analysis EPSS 0.65

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

CWE-94 Jan 29, 2026

CVE-2025-40551 9.8 CRITICAL KEV 1 PoC Analysis NUCLEI EPSS 0.81

SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.

CWE-502 Jan 28, 2026

CVE-2025-40536 8.1 HIGH KEV 1 PoC Analysis NUCLEI EPSS 0.68

SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality.

CWE-693 Jan 28, 2026

CVE-2026-24858 9.8 CRITICAL KEV 6 PoCs Analysis EPSS 0.03

An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15, FortiManager 7.6.0 through 7.6.5, FortiManager 7.4.0 through 7.4.9, FortiManager 7.2.0 through 7.2.11, FortiManager 7.0.0 through 7.0.15, FortiOS 7.6.0 through 7.6.5, FortiOS 7.4.0 through 7.4.10, FortiOS 7.2.0 through 7.2.12, FortiOS 7.0.0 through 7.0.18, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4.0 through 7.4.12, FortiProxy 7.2.0 through 7.2.15, FortiProxy 7.0.0 through 7.0.22, FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 may allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices.

CWE-288 Jan 27, 2026

CVE-2026-21509 7.8 HIGH KEV 12 PoCs Analysis EPSS 0.09

Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally.

CWE-807 Jan 26, 2026

CVE-2016-15057 9.9 CRITICAL EXPLOITED 1 PoC Analysis EPSS 0.38

** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Continuum. This issue affects Apache Continuum: all versions. Attackers with access to the installations REST API can use this to invoke arbitrary commands on the server. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CWE-77 Jan 26, 2026