Total CVEs

144,294

Critical Severity

4,165

High Severity

14,995

Last 7 Days

1,598
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 22,481 - 22,500 of 40,699 CVEs
CVE-2026-4429 MEDIUM - 6.4

The OSM โ€“ OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'marker_name' and 'file_color_list' shortcode attribute of the [osm_map_v3] shortcode in all versions up to and including 6.1.15. This is due to insufficient input sanitization and o...

Published: Apr 09, 2026
Source: NVD
CVE-2026-4124 MEDIUM - 5.4

The Ziggeo plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.1.1. The wp_ajax_ziggeo_ajax handler only verifies a nonce (check_ajax_referer) but performs no capability checks via current_user_can(). Furthermore, the nonce ('ziggeo_ajax_nonce�...

Published: Apr 09, 2026
Source: NVD
CVE-2026-3574 MEDIUM - 4.4

The Experto Dashboard for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings fields (including 'Navigation Font Size', 'Navigation Font Weight', 'Heading Font Size', 'Heading Font Weight', 'Text Fo...

Published: Apr 09, 2026
Source: NVD
CVE-2026-3568 MEDIUM - 4.3

The MStore API plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.18.3. This is due to the update_user_profile() function in controllers/flutter-user.php processing the 'meta_data' JSON parameter without any allowlist, blocklist,...

Published: Apr 09, 2026
Source: NVD
CVE-2026-5832 HIGH - 7.3

A weakness has been identified in atototo api-lab-mcp up to 0.2.1. This affects the function analyze_api_spec/generate_test_scenarios/test_http_endpoint of the file src/mcp/http-server.ts of the component HTTP Interface. This manipulation of the argument source/url causes server-side request forgery...

Published: Apr 09, 2026
Source: NVD
CVE-2026-5831 MEDIUM - 6.3

A security flaw has been discovered in Agions taskflow-ai up to 2.1.8. This impacts an unknown function of the file src/mcp/server/handlers.ts of the component terminal_execute. Performing a manipulation results in os command injection. The attack is possible to be carried out remotely. Upgrading to...

Published: Apr 09, 2026
Source: NVD
CVE-2026-5830 HIGH - 8.8

A vulnerability was identified in Tenda AC15 15.03.05.18. This affects the function websGetVar of the file /goform/SysToolChangePwd. Such manipulation of the argument oldPwd/newPwd/cfmPwd leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and...

Published: Apr 09, 2026
Source: NVD
CVE-2026-5829 HIGH - 7.3

A vulnerability was determined in code-projects Simple IT Discussion Forum 1.0. The impacted element is an unknown function of the file /pages/content.php. This manipulation of the argument post_id causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly dis...

Published: Apr 09, 2026
Source: NVD
CVE-2026-5828 HIGH - 7.3

A vulnerability was found in code-projects Simple IT Discussion Forum 1.0. The affected element is an unknown function of the file /functions/addcomment.php. The manipulation of the argument postid results in sql injection. The attack may be launched remotely. The exploit has been made public and co...

Published: Apr 09, 2026
Source: NVD
CVE-2026-4326 HIGH - 8.8

The Vertex Addons for Elementor plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.6.4. This is due to improper authorization enforcement in the activate_required_plugins() function. Specifically, the current_user_can('install_plugins') capabi...

Published: Apr 09, 2026
Source: NVD
CVE-2026-5827 HIGH - 7.3

A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. Impacted is an unknown function of the file /question-function.php. The manipulation of the argument content leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and ...

Published: Apr 09, 2026
Source: NVD
CVE-2026-5826 MEDIUM - 4.3

A flaw has been found in code-projects Simple IT Discussion Forum 1.0. This issue affects some unknown processing of the file /edit-category.php. Executing a manipulation of the argument Category can lead to cross site scripting. The attack can be launched remotely. The exploit has been published an...

Published: Apr 09, 2026
Source: NVD
CVE-2026-5825 MEDIUM - 4.3

A vulnerability was detected in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /delmemberinfo.php. Performing a manipulation of the argument userid results in cross site scripting. The attack can be initiated remotely. The exploit is now public and may b...

Published: Apr 09, 2026
Source: NVD
CVE-2026-5824 HIGH - 7.3

A security vulnerability has been detected in code-projects Simple Laundry System 1.0. This affects an unknown part of the file /userchecklogin.php. Such manipulation of the argument userid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly ...

Published: Apr 09, 2026
Source: NVD
CVE-2026-5823 MEDIUM - 6.3

A weakness has been identified in itsourcecode Construction Management System 1.0. Affected by this issue is some unknown functionality of the file /borrowed_tool_report.php. This manipulation of the argument Home causes sql injection. It is possible to initiate the attack remotely. The exploit has ...

Published: Apr 09, 2026
Source: NVD
CVE-2026-5815 HIGH - 8.8

A vulnerability was detected in D-Link DIR-645 1.01/1.02/1.03. Impacted is the function hedwigcgi_main of the file /cgi-bin/hedwig.cgi. The manipulation results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may be used. This vulnerability only aff...

Published: Apr 09, 2026
Source: NVD
CVE-2026-5814 HIGH - 7.3

A security vulnerability has been detected in PHPGurukul Online Course Registration 3.1. This issue affects some unknown processing of the file /admin/check_availability.php. The manipulation of the argument regno leads to sql injection. The attack can be initiated remotely. The exploit has been dis...

Published: Apr 09, 2026
Source: NVD
CVE-2026-5813 HIGH - 7.3

A weakness has been identified in PHPGurukul Online Course Registration 3.1. This vulnerability affects unknown code of the file /check_availability.php. Executing a manipulation of the argument cid can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made av...

Published: Apr 08, 2026
Source: NVD
CVE-2026-5812 MEDIUM - 5.4

A security flaw has been discovered in SourceCodester Pharmacy Product Management System 1.0. This affects an unknown part of the file add-sales.php of the component POST Parameter Handler. Performing a manipulation of the argument txtqty results in business logic errors. It is possible to initiate ...

Published: Apr 08, 2026
Source: NVD
CVE-2026-5811 MEDIUM - 5.4

A vulnerability was identified in SourceCodester Online Food Ordering System 1.0. Affected by this issue is the function save_product of the file /Actions.php of the component POST Parameter Handler. Such manipulation of the argument price leads to business logic errors. The attack may be performed ...

Published: Apr 08, 2026
Source: NVD