Total CVEs

145,712

Critical Severity

4,267

High Severity

15,730

Last 7 Days

2,309
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 24,201 - 24,220 of 42,117 CVEs
CVE-2026-39692 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Composer td-composer allows Stored XSS.This issue affects tagDiv Composer: from n/a through <= 5.4.3.

Vendor: tagDiv
Product: tagDiv Composer
Published: Apr 08, 2026
Source: NVD
CVE-2026-39691 MEDIUM - 5.3

Missing Authorization vulnerability in AdAstraCrypto Cryptocurrency Donation Box โ€“ Bitcoin & Crypto Donations cryptocurrency-donation-box allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cryptocurrency Donation Box โ€“ Bitcoin & Crypto Donations: from ...

Vendor: AdAstraCrypto
Product: Cryptocurrency Donation Box โ€“ Bitcoin & Crypto Donations
Published: Apr 08, 2026
Source: NVD
CVE-2026-39690 MEDIUM - 5.3

Missing Authorization vulnerability in Paul Bearne Author Avatars List/Block author-avatars allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Author Avatars List/Block: from n/a through <= 2.1.25.

Vendor: Paul Bearne
Product: Author Avatars List/Block
Published: Apr 08, 2026
Source: NVD

Missing Authorization vulnerability in eshipper eShipper Commerce eshipper-commerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects eShipper Commerce: from n/a through <= 2.16.12.

Vendor: eshipper
Product: eShipper Commerce
Published: Apr 08, 2026
Source: NVD
CVE-2026-39688 MEDIUM - 5.3

Missing Authorization vulnerability in Glowlogix WP Frontend Profile wp-front-end-profile allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Frontend Profile: from n/a through <= 1.3.9.

Vendor: Glowlogix
Product: WP Frontend Profile
Published: Apr 08, 2026
Source: NVD
CVE-2026-39687 MEDIUM - 5.3

Missing Authorization vulnerability in Rapid Car Check Rapid Car Check Vehicle Data free-vehicle-data-uk allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rapid Car Check Vehicle Data: from n/a through <= 2.0.

Vendor: Rapid Car Check
Product: Rapid Car Check Vehicle Data
Published: Apr 08, 2026
Source: NVD

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in bannersky BSK PDF Manager bsk-pdf-manager allows Retrieve Embedded Sensitive Data.This issue affects BSK PDF Manager: from n/a through <= 3.7.2.

Vendor: bannersky
Product: BSK PDF Manager
Published: Apr 08, 2026
Source: NVD
CVE-2026-39685 MEDIUM - 5.3

Missing Authorization vulnerability in lvaudore The Moneytizer the-moneytizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Moneytizer: from n/a through <= 10.0.10.

Vendor: lvaudore
Product: The Moneytizer
Published: Apr 08, 2026
Source: NVD
CVE-2026-39684 HIGH - 7.5

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in UnTheme OrganicFood organicfood allows PHP Local File Inclusion.This issue affects OrganicFood: from n/a through <= 3.6.4.

Vendor: UnTheme
Product: OrganicFood
Published: Apr 08, 2026
Source: NVD
CVE-2026-39683 MEDIUM - 5.9

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chief Gnome Garden Gnome Package garden-gnome-package allows DOM-Based XSS.This issue affects Garden Gnome Package: from n/a through <= 2.4.1.

Vendor: Chief Gnome
Product: Garden Gnome Package
Published: Apr 08, 2026
Source: NVD
CVE-2026-39682 MEDIUM - 5.3

Missing Authorization vulnerability in Arjan Pronk linkPizza-Manager linkpizza-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects linkPizza-Manager: from n/a through <= 5.5.5.

Vendor: Arjan Pronk
Product: linkPizza-Manager
Published: Apr 08, 2026
Source: NVD
CVE-2026-39681 HIGH - 7.5

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusTheme Homeo homeo allows PHP Local File Inclusion.This issue affects Homeo: from n/a through <= 1.2.59.

Vendor: ApusTheme
Product: Homeo
Published: Apr 08, 2026
Source: NVD
CVE-2026-39680 MEDIUM - 5.3

Missing Authorization vulnerability in MWP Development Diet Calorie Calculator diet-calorie-calculator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Diet Calorie Calculator: from n/a through <= 1.1.1.

Vendor: MWP Development
Product: Diet Calorie Calculator
Published: Apr 08, 2026
Source: NVD
CVE-2026-39679 HIGH - 7.5

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusTheme Freeio freeio allows PHP Local File Inclusion.This issue affects Freeio: from n/a through <= 1.3.21.

Vendor: ApusTheme
Product: Freeio
Published: Apr 08, 2026
Source: NVD
CVE-2026-39678 MEDIUM - 5.3

Missing Authorization vulnerability in DOTonPAPER Pinpoint Booking System booking-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pinpoint Booking System: from n/a through <= 2.9.9.6.5.

Vendor: DOTonPAPER
Product: Pinpoint Booking System
Published: Apr 08, 2026
Source: NVD
CVE-2026-39677 HIGH - 7.5

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Creatives_Planet Emphires emphires allows PHP Local File Inclusion.This issue affects Emphires: from n/a through <= 3.9.

Vendor: Creatives_Planet
Product: Emphires
Published: Apr 08, 2026
Source: NVD
CVE-2026-39676 MEDIUM - 5.3

Missing Authorization vulnerability in Shahjada Download Manager download-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Manager: from n/a through <= 3.3.52.

Vendor: Shahjada
Product: Download Manager
Published: Apr 08, 2026
Source: NVD
CVE-2026-39675 MEDIUM - 5.3

Missing Authorization vulnerability in webmuehle Court Reservation court-reservation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Court Reservation: from n/a through <= 1.10.11.

Vendor: webmuehle
Product: Court Reservation
Published: Apr 08, 2026
Source: NVD
CVE-2026-39674 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Manoj Kumar MK Google Directions google-distance-calculator allows DOM-Based XSS.This issue affects MK Google Directions: from n/a through <= 3.1.1.

Vendor: Manoj Kumar
Product: MK Google Directions
Published: Apr 08, 2026
Source: NVD
CVE-2026-39673 MEDIUM - 5.3

Missing Authorization vulnerability in shrikantkale iZooto izooto-web-push allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iZooto: from n/a through <= 3.7.20.

Vendor: shrikantkale
Product: iZooto
Published: Apr 08, 2026
Source: NVD