Security

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

11702

Total

781

Critical

3315

High

3732

Medium

CVE ID	Severity	Score	Description	Published
CVE-2026-39571	UNKNOWN	—	Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Themefic Instantio instantio allows Retrieve Embedded Sensitive Data.This issue affects Instantio: from n/a …	Apr 08, 2026
CVE-2026-39570	UNKNOWN	—	Insertion of Sensitive Information Into Sent Data vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-list allows Retrieve Embedded Sensitive Data.This issue affects 12 …	Apr 08, 2026
CVE-2026-39569	UNKNOWN	—	Missing Authorization vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-list allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 12 Step Meeting …	Apr 08, 2026
CVE-2026-39566	UNKNOWN	—	Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Designinvento DirectoryPress directorypress allows Retrieve Embedded Sensitive Data.This issue affects DirectoryPress: from n/a …	Apr 08, 2026
CVE-2026-39565	UNKNOWN	—	Missing Authorization vulnerability in magepeopleteam WpTravelly tour-booking-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpTravelly: from n/a through <= 2.1.7.	Apr 08, 2026
CVE-2026-39564	UNKNOWN	—	Insertion of Sensitive Information Into Sent Data vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Retrieve Embedded Sensitive Data.This issue affects Sunshine Photo Cart: from …	Apr 08, 2026
CVE-2026-39563	UNKNOWN	—	Missing Authorization vulnerability in ILLID Share This Image share-this-image allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Share This Image: from n/a through …	Apr 08, 2026
CVE-2026-39562	UNKNOWN	—	Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Invoicing by Sprout …	Apr 08, 2026
CVE-2026-39561	UNKNOWN	—	Missing Authorization vulnerability in WP Chill Revive.so revive-so allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Revive.so: from n/a through <= 2.0.7.	Apr 08, 2026
CVE-2026-39544	UNKNOWN	—	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themeStek LabtechCO labtechco allows PHP Local File Inclusion.This issue …	Apr 08, 2026
CVE-2026-39543	UNKNOWN	—	Missing Authorization vulnerability in Themefic Tourfic tourfic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tourfic: from n/a through <= 2.21.4.	Apr 08, 2026
CVE-2026-39542	UNKNOWN	—	Insertion of Sensitive Information Into Sent Data vulnerability in Doofinder Doofinder for WooCommerce doofinder-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects Doofinder for WooCommerce: from …	Apr 08, 2026
CVE-2026-39541	UNKNOWN	—	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Hydra Booking hydra-booking allows Stored XSS.This issue affects Hydra Booking: from n/a …	Apr 08, 2026
CVE-2026-39538	UNKNOWN	—	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Mikado Core mikado-core allows PHP Local File Inclusion.This …	Apr 08, 2026
CVE-2026-39536	UNKNOWN	—	Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WP Chill RSVP and Event Management rsvp allows Retrieve Embedded Sensitive Data.This issue …	Apr 08, 2026
CVE-2026-39535	UNKNOWN	—	Missing Authorization vulnerability in fullworks Display Eventbrite Events widget-for-eventbrite-api allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Display Eventbrite Events: from n/a through …	Apr 08, 2026
CVE-2026-39528	UNKNOWN	—	Missing Authorization vulnerability in WP Delicious WP Delicious delicious-recipes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Delicious: from n/a through <= …	Apr 08, 2026
CVE-2026-39526	UNKNOWN	—	Authorization Bypass Through User-Controlled Key vulnerability in wpstream WpStream wpstream allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpStream: from n/a through < …	Apr 08, 2026
CVE-2026-39521	UNKNOWN	—	Server-Side Request Forgery (SSRF) vulnerability in Nelio Software Nelio Content nelio-content allows Server Side Request Forgery.This issue affects Nelio Content: from n/a through <= 4.3.1.	Apr 08, 2026
CVE-2026-39520	UNKNOWN	—	Missing Authorization vulnerability in weDevs weDocs wedocs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects weDocs: from n/a through <= 2.1.18.	Apr 08, 2026
CVE-2026-39517	UNKNOWN	—	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in A WP Life Blog Filter blog-filter allows DOM-Based XSS.This issue affects Blog Filter: …	Apr 08, 2026
CVE-2026-39516	UNKNOWN	—	Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Retrieve Embedded Sensitive Data.This issue affects Nexter Blocks: …	Apr 08, 2026
CVE-2026-39510	UNKNOWN	—	Authorization Bypass Through User-Controlled Key vulnerability in WP Chill Image Photo Gallery Final Tiles Grid final-tiles-grid-gallery-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue …	Apr 08, 2026
CVE-2026-39509	UNKNOWN	—	Missing Authorization vulnerability in wpWax Directorist directorist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directorist: from n/a through <= 8.5.10.	Apr 08, 2026
CVE-2026-39508	UNKNOWN	—	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Josh Kohlbach Advanced Coupons for WooCommerce Coupons advanced-coupons-for-woocommerce-free allows DOM-Based XSS.This issue affects …	Apr 08, 2026

« Prev 376 377 378 379 380 Next »