Security

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

11567

Total

772

Critical

3269

High

3678

Medium

CVE ID	Severity	Score	Description	Published
CVE-2026-39635	UNKNOWN	—	Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Magazine grandmagazine allows Cross Site Request Forgery.This issue affects Grand Magazine: from n/a through <= 3.5.5.	Apr 08, 2026
CVE-2026-39634	UNKNOWN	—	Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Portfolio grandportfolio allows Cross Site Request Forgery.This issue affects Grand Portfolio: from n/a through <= 3.3.	Apr 08, 2026
CVE-2026-39633	UNKNOWN	—	Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Car Rental grandcarrental allows Cross Site Request Forgery.This issue affects Grand Car Rental: from n/a through <= …	Apr 08, 2026
CVE-2026-39632	UNKNOWN	—	Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Blog grandblog allows Cross Site Request Forgery.This issue affects Grand Blog: from n/a through <= 3.1.	Apr 08, 2026
CVE-2026-39631	UNKNOWN	—	Missing Authorization vulnerability in Ronik@UnlimitedWP WPSchoolPress wpschoolpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPSchoolPress: from n/a through <= 2.2.35.	Apr 08, 2026
CVE-2026-39630	UNKNOWN	—	Server-Side Request Forgery (SSRF) vulnerability in Getty Images Getty Images getty-images allows Server Side Request Forgery.This issue affects Getty Images: from n/a through <= 4.1.0.	Apr 08, 2026
CVE-2026-39629	UNKNOWN	—	Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutethemes Uminex uminex allows Code Injection.This issue affects Uminex: from n/a …	Apr 08, 2026
CVE-2026-39628	UNKNOWN	—	Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutethemes DukaMarket dukamarket allows Code Injection.This issue affects DukaMarket: from n/a …	Apr 08, 2026
CVE-2026-39627	UNKNOWN	—	Missing Authorization vulnerability in wproyal Ashe ashe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ashe: from n/a through <= 2.266.	Apr 08, 2026
CVE-2026-39626	UNKNOWN	—	Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutethemes Armania armania allows Code Injection.This issue affects Armania: from n/a …	Apr 08, 2026
CVE-2026-39625	UNKNOWN	—	Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutethemes TechOne techone allows Code Injection.This issue affects TechOne: from n/a …	Apr 08, 2026
CVE-2026-39624	UNKNOWN	—	Missing Authorization vulnerability in kutethemes Biolife biolife allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Biolife: from n/a through <= 3.2.3.	Apr 08, 2026
CVE-2026-39623	UNKNOWN	—	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in kutethemes Biolife biolife allows PHP Local File Inclusion.This issue …	Apr 08, 2026
CVE-2026-39622	UNKNOWN	—	Missing Authorization vulnerability in acmethemes Education Base education-base allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Education Base: from n/a through <= 3.0.8.	Apr 08, 2026
CVE-2026-39621	UNKNOWN	—	Cross-Site Request Forgery (CSRF) vulnerability in spicethemes SpicePress spicepress allows Upload a Web Shell to a Web Server.This issue affects SpicePress: from n/a through <= …	Apr 08, 2026
CVE-2026-39620	UNKNOWN	—	Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Appointment appointment allows Upload a Web Shell to a Web Server.This issue affects Appointment: from n/a through <= …	Apr 08, 2026
CVE-2026-39619	UNKNOWN	—	Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Busiprof busiprof allows Upload a Web Shell to a Web Server.This issue affects Busiprof: from n/a through <= …	Apr 08, 2026
CVE-2026-39618	UNKNOWN	—	Cross-Site Request Forgery (CSRF) vulnerability in themearile NewsExo newsexo allows Cross Site Request Forgery.This issue affects NewsExo: from n/a through <= 7.1.	Apr 08, 2026
CVE-2026-39617	UNKNOWN	—	Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Bluestreet bluestreet allows Cross Site Request Forgery.This issue affects Bluestreet: from n/a through <= 1.7.3.	Apr 08, 2026
CVE-2026-39616	UNKNOWN	—	Authorization Bypass Through User-Controlled Key vulnerability in dFactory Download Attachments download-attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Attachments: from n/a …	Apr 08, 2026
CVE-2026-39615	UNKNOWN	—	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shahjada Download Manager download-manager allows Stored XSS.This issue affects Download Manager: from n/a …	Apr 08, 2026
CVE-2026-39614	UNKNOWN	—	Missing Authorization vulnerability in ilGhera JW Player for WordPress jw-player-7-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JW Player for WordPress: from …	Apr 08, 2026
CVE-2026-39613	UNKNOWN	—	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in kutethemes Boutique kute-boutique allows PHP Local File Inclusion.This issue …	Apr 08, 2026
CVE-2026-39612	UNKNOWN	—	Missing Authorization vulnerability in kutethemes KuteShop kuteshop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects KuteShop: from n/a through <= 4.2.9.	Apr 08, 2026
CVE-2026-39611	UNKNOWN	—	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in kutethemes KuteShop kuteshop allows PHP Local File Inclusion.This issue …	Apr 08, 2026

« Prev 369 370 371 372 373 Next »