Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
11567
Total
772
Critical
3269
High
3678
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2025-14816 | UNKNOWN | — | Cleartext Storage of Sensitive Information in GUI vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi … | Apr 08, 2026 |
| CVE-2025-14815 | UNKNOWN | — | Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI … | Apr 08, 2026 |
| CVE-2026-5600 | UNKNOWN | — | A new API endpoint introduced in pretix 2025 that is supposed to return all check-in events of a specific event in fact returns all check-in … | Apr 08, 2026 |
| CVE-2026-5302 | MEDIUM | 6.3 | CORS misconfiguration in CoolerControl/coolercontrold <4.0.0 allows unauthenticated remote attackers to read data and send commands to the service via malicious websites | Apr 08, 2026 |
| CVE-2026-5301 | HIGH | 7.6 | Stored XSS in log viewer in CoolerControl/coolercontrol-ui <4.0.0 allows unauthenticated attackers to take over the service via malicious JavaScript in poisoned log entries | Apr 08, 2026 |
| CVE-2026-5300 | MEDIUM | 5.9 | Unauthenticated functionality in CoolerControl/coolercontrold <4.0.0 allows unauthenticated attackers to view and modify potentially sensitive data via HTTP requests | Apr 08, 2026 |
| CVE-2026-4402 | UNKNOWN | — | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this … | Apr 08, 2026 |
| CVE-2026-28261 | HIGH | 7.8 | Dell Elastic Cloud Storage, version 3.8.1.7 and prior, and Dell ObjectScale, versions prior to 4.1.0.3 and version 4.2.0.0, contains an Insertion of Sensitive Information into … | Apr 08, 2026 |
| CVE-2026-27102 | MEDIUM | 6.6 | Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.6 and versions 9.11.0.0 through 9.13.0.1, contains an incorrect privilege assignment vulnerability. A low privileged attacker with local access … | Apr 08, 2026 |
| CVE-2026-24511 | MEDIUM | 4.4 | Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.6 and versions 9.11.0.0 through 9.13.0.0, contains a generation of error message containing sensitive information vulnerability. A high privileged … | Apr 08, 2026 |
| CVE-2026-5208 | HIGH | 8.2 | Command injection in alerts in CoolerControl/coolercontrold <4.0.0 allows authenticated attackers to execute arbitrary code as root via injected bash commands in alert names | Apr 08, 2026 |
| CVE-2026-3396 | HIGH | 7.5 | WCAPF – WooCommerce Ajax Product Filter plugin is vulnerable to time-based SQL Injection via the 'post-author' parameter in all versions up to, and including, 4.2.3 … | Apr 08, 2026 |
| CVE-2026-3243 | HIGH | 8.8 | The Advanced Members for ACF plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the create_crop function in … | Apr 08, 2026 |
| CVE-2026-2481 | MEDIUM | 6.4 | The Beaver Builder Page Builder – Drag and Drop Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'settings[js]' parameter in … | Apr 08, 2026 |
| CVE-2026-28264 | LOW | 3.3 | Dell PowerProtect Agent Service, version(s) prior to 20.1, contain(s) an Incorrect Permission Assignment for Critical Resource vulnerability. A low privileged attacker with local access could … | Apr 08, 2026 |
| CVE-2026-1865 | MEDIUM | 6.5 | The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin for WordPress is … | Apr 08, 2026 |
| CVE-2026-1673 | MEDIUM | 4.3 | The BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions … | Apr 08, 2026 |
| CVE-2026-1672 | MEDIUM | 6.5 | The BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions … | Apr 08, 2026 |
| CVE-2026-4303 | MEDIUM | 6.4 | The WP Visitor Statistics (Real Time Traffic) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wsm_showDayStatsGraph' shortcode in all versions up … | Apr 08, 2026 |
| CVE-2026-4300 | MEDIUM | 6.4 | The Robo Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Loading Label' setting in all versions up to, and including, 5.1.3. … | Apr 08, 2026 |
| CVE-2026-4073 | MEDIUM | 6.4 | The pdfl.io plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pdflio' shortcode in all versions up to, and including, 1.0.5. This is … | Apr 08, 2026 |
| CVE-2026-4025 | MEDIUM | 6.4 | The PrivateContent Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'align' shortcode attribute in the [pc-login-form] shortcode in all versions up … | Apr 08, 2026 |
| CVE-2026-39716 | MEDIUM | 5.3 | Missing Authorization vulnerability in CKThemes Flipmart flipmart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flipmart: from n/a through <= 2.8. | Apr 08, 2026 |
| CVE-2026-39715 | UNKNOWN | — | Missing Authorization vulnerability in AnyTrack AnyTrack Affiliate Link Manager anytrack-affiliate-link-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AnyTrack Affiliate Link Manager: from … | Apr 08, 2026 |
| CVE-2026-39714 | MEDIUM | 5.3 | Missing Authorization vulnerability in G5Theme G5Plus April g5plus-april allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects G5Plus April: from n/a through <= 6.8. | Apr 08, 2026 |