Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
11346
Total
769
Critical
3260
High
3665
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-4429 | MEDIUM | 6.4 | The OSM – OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'marker_name' and 'file_color_list' shortcode attribute of the [osm_map_v3] shortcode in … | Apr 09, 2026 |
| CVE-2026-4124 | MEDIUM | 5.4 | The Ziggeo plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.1.1. The wp_ajax_ziggeo_ajax handler only verifies a nonce … | Apr 09, 2026 |
| CVE-2026-3574 | MEDIUM | 4.4 | The Experto Dashboard for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings fields (including 'Navigation Font Size', 'Navigation Font … | Apr 09, 2026 |
| CVE-2026-3568 | MEDIUM | 4.3 | The MStore API plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.18.3. This is due to … | Apr 09, 2026 |
| CVE-2026-5832 | HIGH | 7.3 | A weakness has been identified in atototo api-lab-mcp up to 0.2.1. This affects the function analyze_api_spec/generate_test_scenarios/test_http_endpoint of the file src/mcp/http-server.ts of the component HTTP Interface. … | Apr 09, 2026 |
| CVE-2026-5831 | MEDIUM | 6.3 | A security flaw has been discovered in Agions taskflow-ai up to 2.1.8. This impacts an unknown function of the file src/mcp/server/handlers.ts of the component terminal_execute. … | Apr 09, 2026 |
| CVE-2026-5830 | HIGH | 8.8 | A vulnerability was identified in Tenda AC15 15.03.05.18. This affects the function websGetVar of the file /goform/SysToolChangePwd. Such manipulation of the argument oldPwd/newPwd/cfmPwd leads to … | Apr 09, 2026 |
| CVE-2026-5829 | HIGH | 7.3 | A vulnerability was determined in code-projects Simple IT Discussion Forum 1.0. The impacted element is an unknown function of the file /pages/content.php. This manipulation of … | Apr 09, 2026 |
| CVE-2026-5828 | HIGH | 7.3 | A vulnerability was found in code-projects Simple IT Discussion Forum 1.0. The affected element is an unknown function of the file /functions/addcomment.php. The manipulation of … | Apr 09, 2026 |
| CVE-2026-4326 | HIGH | 8.8 | The Vertex Addons for Elementor plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.6.4. This is due to … | Apr 09, 2026 |
| CVE-2026-5827 | HIGH | 7.3 | A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. Impacted is an unknown function of the file /question-function.php. The manipulation of the … | Apr 09, 2026 |
| CVE-2026-5826 | MEDIUM | 4.3 | A flaw has been found in code-projects Simple IT Discussion Forum 1.0. This issue affects some unknown processing of the file /edit-category.php. Executing a manipulation … | Apr 09, 2026 |
| CVE-2026-5825 | MEDIUM | 4.3 | A vulnerability was detected in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /delmemberinfo.php. Performing a manipulation of the argument … | Apr 09, 2026 |
| CVE-2026-5824 | HIGH | 7.3 | A security vulnerability has been detected in code-projects Simple Laundry System 1.0. This affects an unknown part of the file /userchecklogin.php. Such manipulation of the … | Apr 09, 2026 |
| CVE-2026-5823 | MEDIUM | 6.3 | A weakness has been identified in itsourcecode Construction Management System 1.0. Affected by this issue is some unknown functionality of the file /borrowed_tool_report.php. This manipulation … | Apr 09, 2026 |
| CVE-2026-5815 | HIGH | 8.8 | A vulnerability was detected in D-Link DIR-645 1.01/1.02/1.03. Impacted is the function hedwigcgi_main of the file /cgi-bin/hedwig.cgi. The manipulation results in stack-based buffer overflow. The … | Apr 09, 2026 |
| CVE-2026-5814 | HIGH | 7.3 | A security vulnerability has been detected in PHPGurukul Online Course Registration 3.1. This issue affects some unknown processing of the file /admin/check_availability.php. The manipulation of … | Apr 09, 2026 |
| CVE-2026-5813 | HIGH | 7.3 | A weakness has been identified in PHPGurukul Online Course Registration 3.1. This vulnerability affects unknown code of the file /check_availability.php. Executing a manipulation of the … | Apr 08, 2026 |
| CVE-2026-5812 | MEDIUM | 5.4 | A security flaw has been discovered in SourceCodester Pharmacy Product Management System 1.0. This affects an unknown part of the file add-sales.php of the component … | Apr 08, 2026 |
| CVE-2026-5811 | MEDIUM | 5.4 | A vulnerability was identified in SourceCodester Online Food Ordering System 1.0. Affected by this issue is the function save_product of the file /Actions.php of the … | Apr 08, 2026 |
| CVE-2026-5173 | HIGH | 8.5 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.9.6 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have … | Apr 08, 2026 |
| CVE-2026-4916 | LOW | 2.7 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have … | Apr 08, 2026 |
| CVE-2026-4398 | UNKNOWN | — | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | Apr 08, 2026 |
| CVE-2026-4332 | MEDIUM | 5.4 | GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that, in customizable … | Apr 08, 2026 |
| CVE-2026-3438 | UNKNOWN | — | A reflected cross-site scripting vulnerability exists in Sonatype Nexus Repository versions 3.0.0 through 3.90.2 that allows unauthenticated remote attackers to execute arbitrary JavaScript in a … | Apr 08, 2026 |