Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2025-67841 | UNKNOWN | — | Nordic Semiconductor IronSide SE for nRF54H20 before 23.0.2+17 has an Algorithmic complexity issue. | Apr 15, 2026 |
| CVE-2025-53444 | MEDIUM | 4.3 | Cross-Site Request Forgery (CSRF) vulnerability in DeluxeThemes Userpro allows Cross Site Request Forgery.This issue affects Userpro: from n/a before 5.1.11. | Apr 15, 2026 |
| CVE-2025-12141 | UNKNOWN | — | In Grafana's alerting system, users with edit permissions for a contact point, specifically the permissions “alert.notifications:write” or “alert.notifications.receivers:test” that are granted as part of the … | Apr 15, 2026 |
| CVE-2026-4682 | UNKNOWN | — | Certain HP DeskJet All in One devices may be vulnerable to remote code execution caused by a buffer overflow when specially crafted Web Services for … | Apr 15, 2026 |
| CVE-2026-4667 | UNKNOWN | — | HP System Optimizer might potentially be vulnerable to escalation of privilege. HP is releasing an update to mitigate this potential vulnerability. | Apr 15, 2026 |
| CVE-2026-30364 | HIGH | 7.5 | CentSDR commit e40795 was discovered to contain a stack overflow in the "Thread1" function. | Apr 15, 2026 |
| CVE-2024-53412 | HIGH | 8.4 | Command injection in the connect function in NietThijmen ShoppingCart 0.0.2 allows an attacker to execute arbitrary shell commands and achieve remote code execution via injection … | Apr 15, 2026 |
| CVE-2026-4145 | HIGH | 7.8 | During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix that could allow a local authenticated user to perform arbitrary code … | Apr 15, 2026 |
| CVE-2026-4135 | MEDIUM | 6.6 | During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix, that during installation could allow a local authenticated user to perform … | Apr 15, 2026 |
| CVE-2026-4134 | HIGH | 7.3 | During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix, that during installation could allow a local authenticated user to execute … | Apr 15, 2026 |
| CVE-2026-25219 | MEDIUM | 6.5 | The `access_key` and `connection_string` connection properties were not marked as sensitive names in secrets masker. This means that user with read permission could see the … | Apr 15, 2026 |
| CVE-2026-1636 | MEDIUM | 6.7 | A potential DLL hijacking vulnerability was reported in Lenovo Service Bridge that, under certain conditions, could allow a local authenticated user to execute code with … | Apr 15, 2026 |
| CVE-2026-0827 | HIGH | 7.1 | During an internal security assessment, a potential vulnerability was discovered in Lenovo Diagnostics and the HardwareScanAddin used in Lenovo Vantage that, during installation or when … | Apr 15, 2026 |
| CVE-2026-3590 | MEDIUM | 6.5 | Mattermost versions 10.11.x <= 10.11.12, 11.5.x <= 11.5.0, 11.4.x <= 11.4.2, 11.3.x <= 11.3.2 fail to enforce atomic single-use consumption of guest magic link tokens, … | Apr 15, 2026 |
| CVE-2026-1852 | MEDIUM | 6.1 | The Product Pricing Table by WooBeWoo plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is … | Apr 15, 2026 |
| CVE-2026-40786 | UNKNOWN | — | Missing Authorization vulnerability in Long Watch Studio MyRewards woorewards allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MyRewards: from n/a through <= 5.7.3. | Apr 15, 2026 |
| CVE-2026-40784 | HIGH | 8.1 | Authorization Bypass Through User-Controlled Key vulnerability in Mahmudul Hasan Arif FluentBoards fluent-boards allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FluentBoards: from n/a … | Apr 15, 2026 |
| CVE-2026-40778 | UNKNOWN | — | Missing Authorization vulnerability in Majestic Support Majestic Support majestic-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Majestic Support: from n/a through <= … | Apr 15, 2026 |
| CVE-2026-40764 | HIGH | 8.1 | Cross-Site Request Forgery (CSRF) vulnerability in Syed Balkhi Contact Form by WPForms wpforms-lite allows Cross Site Request Forgery.This issue affects Contact Form by WPForms: from … | Apr 15, 2026 |
| CVE-2026-40763 | UNKNOWN | — | Missing Authorization vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Royal Elementor Addons: from n/a … | Apr 15, 2026 |
| CVE-2026-40745 | HIGH | 7.6 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Blind SQL Injection.This issue … | Apr 15, 2026 |
| CVE-2026-40744 | UNKNOWN | — | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Beaver Builder Beaver Builder beaver-builder-lite-version allows Blind SQL Injection.This issue affects … | Apr 15, 2026 |
| CVE-2026-40742 | MEDIUM | 5.3 | Missing Authorization vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nelio AB Testing: from n/a … | Apr 15, 2026 |
| CVE-2026-40740 | UNKNOWN | — | Missing Authorization vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through <= 3.9.7. | Apr 15, 2026 |
| CVE-2026-40737 | MEDIUM | 5.3 | Authorization Bypass Through User-Controlled Key vulnerability in VillaTheme COMPE compe-woo-compare-products allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects COMPE: from n/a through <= … | Apr 15, 2026 |