Security

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

11702

Total

781

Critical

3315

High

3732

Medium

CVE ID	Severity	Score	Description	Published
CVE-2026-39620	UNKNOWN	—	Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Appointment appointment allows Upload a Web Shell to a Web Server.This issue affects Appointment: from n/a through <= …	Apr 08, 2026
CVE-2026-39619	UNKNOWN	—	Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Busiprof busiprof allows Upload a Web Shell to a Web Server.This issue affects Busiprof: from n/a through <= …	Apr 08, 2026
CVE-2026-39618	UNKNOWN	—	Cross-Site Request Forgery (CSRF) vulnerability in themearile NewsExo newsexo allows Cross Site Request Forgery.This issue affects NewsExo: from n/a through <= 7.1.	Apr 08, 2026
CVE-2026-39617	UNKNOWN	—	Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Bluestreet bluestreet allows Cross Site Request Forgery.This issue affects Bluestreet: from n/a through <= 1.7.3.	Apr 08, 2026
CVE-2026-39616	UNKNOWN	—	Authorization Bypass Through User-Controlled Key vulnerability in dFactory Download Attachments download-attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Attachments: from n/a …	Apr 08, 2026
CVE-2026-39615	UNKNOWN	—	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shahjada Download Manager download-manager allows Stored XSS.This issue affects Download Manager: from n/a …	Apr 08, 2026
CVE-2026-39614	UNKNOWN	—	Missing Authorization vulnerability in ilGhera JW Player for WordPress jw-player-7-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JW Player for WordPress: from …	Apr 08, 2026
CVE-2026-39613	UNKNOWN	—	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in kutethemes Boutique kute-boutique allows PHP Local File Inclusion.This issue …	Apr 08, 2026
CVE-2026-39612	UNKNOWN	—	Missing Authorization vulnerability in kutethemes KuteShop kuteshop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects KuteShop: from n/a through <= 4.2.9.	Apr 08, 2026
CVE-2026-39611	UNKNOWN	—	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in kutethemes KuteShop kuteshop allows PHP Local File Inclusion.This issue …	Apr 08, 2026
CVE-2026-39610	UNKNOWN	—	Missing Authorization vulnerability in Pankaj Kumar WpXmas-Snow wpxmas-snow allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpXmas-Snow: from n/a through <= 1.1.	Apr 08, 2026
CVE-2026-39609	UNKNOWN	—	Missing Authorization vulnerability in Wava.co Wava Payment wava-payment allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wava Payment: from n/a through <= 0.3.7.	Apr 08, 2026
CVE-2026-39608	UNKNOWN	—	Missing Authorization vulnerability in iPOSPays iPOSpays Gateways WC ipospays-gateways-wc allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iPOSpays Gateways WC: from n/a through …	Apr 08, 2026
CVE-2026-39607	UNKNOWN	—	Missing Authorization vulnerability in Wpbens Filter Plus filter-plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filter Plus: from n/a through <= 1.1.17.	Apr 08, 2026
CVE-2026-39606	UNKNOWN	—	Missing Authorization vulnerability in Foysal Imran BizReview bizreview allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BizReview: from n/a through <= 1.5.13.	Apr 08, 2026
CVE-2026-39605	UNKNOWN	—	Missing Authorization vulnerability in Obadiah Super Custom Login super-custom-login allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Super Custom Login: from n/a through …	Apr 08, 2026
CVE-2026-39604	UNKNOWN	—	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zookatron MyBookTable Bookstore mybooktable allows Stored XSS.This issue affects MyBookTable Bookstore: from n/a …	Apr 08, 2026
CVE-2026-39603	UNKNOWN	—	Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Photography grandphotography allows Cross Site Request Forgery.This issue affects Grand Photography: from n/a through <= 5.7.8.	Apr 08, 2026
CVE-2026-39602	UNKNOWN	—	Missing Authorization vulnerability in Rustaurius Order Tracking order-tracking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Tracking: from n/a through <= 3.4.3.	Apr 08, 2026
CVE-2026-39592	UNKNOWN	—	Missing Authorization vulnerability in Andy Ha DEPART depart-deposit-and-part-payment-for-woo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DEPART: from n/a through <= 1.0.7.	Apr 08, 2026
CVE-2026-39588	UNKNOWN	—	Missing Authorization vulnerability in nmerii NM Gift Registry and Wishlist Lite nm-gift-registry-and-wishlist-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NM Gift Registry …	Apr 08, 2026
CVE-2026-39586	UNKNOWN	—	Insertion of Sensitive Information Into Sent Data vulnerability in Ateeq Rafeeq RepairBuddy computer-repair-shop allows Retrieve Embedded Sensitive Data.This issue affects RepairBuddy: from n/a through <= …	Apr 08, 2026
CVE-2026-39585	UNKNOWN	—	Missing Authorization vulnerability in Arraytics Booktics booktics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booktics: from n/a through <= 1.0.16.	Apr 08, 2026
CVE-2026-39575	UNKNOWN	—	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ronald Huereca Custom Query Blocks post-type-archive-mapping allows DOM-Based XSS.This issue affects Custom Query …	Apr 08, 2026
CVE-2026-39572	UNKNOWN	—	Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in magepeopleteam Bus Ticket Booking with Seat Reservation bus-ticket-booking-with-seat-reservation allows Retrieve Embedded Sensitive Data.This …	Apr 08, 2026

« Prev 375 376 377 378 379 Next »