Total CVEs

145,712

Critical Severity

4,267

High Severity

15,730

Last 7 Days

2,323
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 24,161 - 24,180 of 42,117 CVEs

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.

Published: Apr 08, 2026
Source: NVD
CVE-2026-28261 HIGH - 7.8

Dell Elastic Cloud Storage, version 3.8.1.7 and prior, and Dell ObjectScale, versions prior to 4.1.0.3 and version 4.2.0.0, contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to...

Vendor: Dell
Product: Elastic Cloud Storage, ObjectScale
Published: Apr 08, 2026
Source: NVD
CVE-2026-27102 MEDIUM - 6.6

Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.6 and versions 9.11.0.0 through 9.13.0.1, contains an incorrect privilege assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges.

Vendor: Dell
Product: PowerScale OneFS
Published: Apr 08, 2026
Source: NVD
CVE-2026-24511 MEDIUM - 4.4

Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.6 and versions 9.11.0.0 through 9.13.0.0, contains a generation of error message containing sensitive information vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information di...

Vendor: Dell
Product: PowerScale OneFS
Published: Apr 08, 2026
Source: NVD
CVE-2026-5208 HIGH - 8.2

Command injection in alerts in CoolerControl/coolercontrold <4.0.0 allows authenticated attackers to execute arbitrary code as root via injected bash commands in alert names

Published: Apr 08, 2026
Source: NVD
CVE-2026-3396 HIGH - 7.5

WCAPF – WooCommerce Ajax Product Filter plugin is vulnerable to time-based SQL Injection via the 'post-author' parameter in all versions up to, and including, 4.2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. Thi...

Published: Apr 08, 2026
Source: NVD
CVE-2026-3243 HIGH - 8.8

The Advanced Members for ACF plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the create_crop function in all versions up to, and including, 1.2.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to ...

Published: Apr 08, 2026
Source: NVD
CVE-2026-2481 MEDIUM - 6.4

The Beaver Builder Page Builder – Drag and Drop Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'settings[js]' parameter in versions up to, and including, 2.10.1.1 due to insufficient input sanitization and output escaping. This makes it possible f...

Published: Apr 08, 2026
Source: NVD

Dell PowerProtect Agent Service, version(s) prior to 20.1, contain(s) an Incorrect Permission Assignment for Critical Resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure.

Vendor: Dell
Product: PowerProtect Agent
Published: Apr 08, 2026
Source: NVD
CVE-2026-1865 MEDIUM - 6.5

The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin for WordPress is vulnerable to SQL Injection via the ‘membership_ids[]’ parameter in all versions up to, and including, 5.1.2 du...

Published: Apr 08, 2026
Source: NVD
CVE-2026-1673 MEDIUM - 4.3

The BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.5. This is due to missing nonce validation on the woobe_delete_tax_term() function. This makes it possib...

Published: Apr 08, 2026
Source: NVD
CVE-2026-1672 MEDIUM - 6.5

The BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.5. This is due to missing nonce validation on the woobe_redraw_table_row() function. This makes it possi...

Published: Apr 08, 2026
Source: NVD
CVE-2026-4303 MEDIUM - 6.4

The WP Visitor Statistics (Real Time Traffic) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wsm_showDayStatsGraph' shortcode in all versions up to, and including, 8.4 due to insufficient input sanitization and output escaping on user supplied attr...

Published: Apr 08, 2026
Source: NVD
CVE-2026-4300 MEDIUM - 6.4

The Robo Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Loading Label' setting in all versions up to, and including, 5.1.3. The plugin uses a custom `|***...***|` marker pattern in its `fixJsFunction()` method to embed raw JavaScript function references ...

Published: Apr 08, 2026
Source: NVD
CVE-2026-4073 MEDIUM - 6.4

The pdfl.io plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pdflio' shortcode in all versions up to, and including, 1.0.5. This is due to insufficient input sanitization and output escaping on the 'text' shortcode attribute. The output_shortcode() funct...

Published: Apr 08, 2026
Source: NVD
CVE-2026-4025 MEDIUM - 6.4

The PrivateContent Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'align' shortcode attribute in the [pc-login-form] shortcode in all versions up to, and including, 1.2.0. This is due to insufficient input sanitization and output escaping on the 'align&...

Published: Apr 08, 2026
Source: NVD
CVE-2026-39716 MEDIUM - 5.3

Missing Authorization vulnerability in CKThemes Flipmart flipmart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flipmart: from n/a through <= 2.8.

Vendor: CKThemes
Product: Flipmart
Published: Apr 08, 2026
Source: NVD
CVE-2026-39715 MEDIUM - 5.3

Missing Authorization vulnerability in AnyTrack AnyTrack Affiliate Link Manager anytrack-affiliate-link-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AnyTrack Affiliate Link Manager: from n/a through <= 1.5.5.

Vendor: AnyTrack
Product: AnyTrack Affiliate Link Manager
Published: Apr 08, 2026
Source: NVD
CVE-2026-39714 MEDIUM - 5.3

Missing Authorization vulnerability in G5Theme G5Plus April g5plus-april allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects G5Plus April: from n/a through <= 6.8.

Vendor: G5Theme
Product: G5Plus April
Published: Apr 08, 2026
Source: NVD
CVE-2026-39713 MEDIUM - 5.3

Missing Authorization vulnerability in mailercloud Mailercloud &#8211; Integrate webforms and synchronize website contacts mailercloud-integrate-webforms-synchronize-contacts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mailercloud &#8211; Integr...

Vendor: mailercloud
Product: Mailercloud &#8211; Integrate webforms and synchronize website contacts
Published: Apr 08, 2026
Source: NVD