Security

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

11567

Total

772

Critical

3269

High

3678

Medium

CVE ID	Severity	Score	Description	Published
CVE-2026-39688	MEDIUM	5.3	Missing Authorization vulnerability in Glowlogix WP Frontend Profile wp-front-end-profile allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Frontend Profile: from n/a through …	Apr 08, 2026
CVE-2026-39687	UNKNOWN	—	Missing Authorization vulnerability in Rapid Car Check Rapid Car Check Vehicle Data free-vehicle-data-uk allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rapid Car …	Apr 08, 2026
CVE-2026-39686	UNKNOWN	—	Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in bannersky BSK PDF Manager bsk-pdf-manager allows Retrieve Embedded Sensitive Data.This issue affects BSK …	Apr 08, 2026
CVE-2026-39685	UNKNOWN	—	Missing Authorization vulnerability in lvaudore The Moneytizer the-moneytizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Moneytizer: from n/a through <= 10.0.10.	Apr 08, 2026
CVE-2026-39684	UNKNOWN	—	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in UnTheme OrganicFood organicfood allows PHP Local File Inclusion.This issue …	Apr 08, 2026
CVE-2026-39683	UNKNOWN	—	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chief Gnome Garden Gnome Package garden-gnome-package allows DOM-Based XSS.This issue affects Garden Gnome …	Apr 08, 2026
CVE-2026-39682	MEDIUM	5.3	Missing Authorization vulnerability in Arjan Pronk linkPizza-Manager linkpizza-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects linkPizza-Manager: from n/a through <= 5.5.5.	Apr 08, 2026
CVE-2026-39681	UNKNOWN	—	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusTheme Homeo homeo allows PHP Local File Inclusion.This issue …	Apr 08, 2026
CVE-2026-39680	MEDIUM	5.3	Missing Authorization vulnerability in MWP Development Diet Calorie Calculator diet-calorie-calculator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Diet Calorie Calculator: from n/a …	Apr 08, 2026
CVE-2026-39679	UNKNOWN	—	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusTheme Freeio freeio allows PHP Local File Inclusion.This issue …	Apr 08, 2026
CVE-2026-39678	MEDIUM	5.3	Missing Authorization vulnerability in DOTonPAPER Pinpoint Booking System booking-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pinpoint Booking System: from n/a through …	Apr 08, 2026
CVE-2026-39677	UNKNOWN	—	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Creatives_Planet Emphires emphires allows PHP Local File Inclusion.This issue …	Apr 08, 2026
CVE-2026-39676	MEDIUM	5.3	Missing Authorization vulnerability in Shahjada Download Manager download-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Manager: from n/a through <= 3.3.52.	Apr 08, 2026
CVE-2026-39675	UNKNOWN	—	Missing Authorization vulnerability in webmuehle Court Reservation court-reservation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Court Reservation: from n/a through <= 1.10.11.	Apr 08, 2026
CVE-2026-39674	MEDIUM	6.5	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Manoj Kumar MK Google Directions google-distance-calculator allows DOM-Based XSS.This issue affects MK Google …	Apr 08, 2026
CVE-2026-39673	UNKNOWN	—	Missing Authorization vulnerability in shrikantkale iZooto izooto-web-push allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iZooto: from n/a through <= 3.7.20.	Apr 08, 2026
CVE-2026-39672	MEDIUM	5.3	Missing Authorization vulnerability in shiptime ShipTime: Discounted Shipping Rates shiptime-discount-shipping allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShipTime: Discounted Shipping Rates: from …	Apr 08, 2026
CVE-2026-39671	UNKNOWN	—	Cross-Site Request Forgery (CSRF) vulnerability in Dotstore Extra Fees Plugin for WooCommerce woo-conditional-product-fees-for-checkout allows Cross Site Request Forgery.This issue affects Extra Fees Plugin for WooCommerce: …	Apr 08, 2026
CVE-2026-39670	UNKNOWN	—	Server-Side Request Forgery (SSRF) vulnerability in Brecht Visual Link Preview visual-link-preview allows Server Side Request Forgery.This issue affects Visual Link Preview: from n/a through <= …	Apr 08, 2026
CVE-2026-39669	UNKNOWN	—	Missing Authorization vulnerability in NitroPack NitroPack nitropack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NitroPack: from n/a through <= 1.19.3.	Apr 08, 2026
CVE-2026-39668	MEDIUM	5.3	Missing Authorization vulnerability in g5theme Book Previewer for Woocommerce book-previewer-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Book Previewer for Woocommerce: from …	Apr 08, 2026
CVE-2026-39667	UNKNOWN	—	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jongmyoung Kim Korea SNS korea-sns allows DOM-Based XSS.This issue affects Korea SNS: from …	Apr 08, 2026
CVE-2026-39666	MEDIUM	6.5	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in telepathy Hello Bar Popup Builder hellobar allows DOM-Based XSS.This issue affects Hello Bar …	Apr 08, 2026
CVE-2026-39665	UNKNOWN	—	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vladimir Prelovac SEO Friendly Images seo-image allows DOM-Based XSS.This issue affects SEO Friendly …	Apr 08, 2026
CVE-2026-39664	UNKNOWN	—	Missing Authorization vulnerability in leadrebel Leadrebel leadrebel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Leadrebel: from n/a through <= 1.0.2.	Apr 08, 2026

« Prev 367 368 369 370 371 Next »