Total CVEs

145,712

Critical Severity

4,267

High Severity

15,730

Last 7 Days

2,296
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 24,241 - 24,260 of 42,117 CVEs
CVE-2026-39650 MEDIUM - 5.3

Missing Authorization vulnerability in Unitech Web UnitechPay unitechpay-paiements-mobile-money allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UnitechPay: from n/a through <= 1.0.2.

Vendor: Unitech Web
Product: UnitechPay
Published: Apr 08, 2026
Source: NVD
CVE-2026-39649 MEDIUM - 5.3

Missing Authorization vulnerability in themebeez Royale News royale-news allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Royale News: from n/a through <= 2.2.4.

Vendor: themebeez
Product: Royale News
Published: Apr 08, 2026
Source: NVD
CVE-2026-39648 MEDIUM - 5.3

Missing Authorization vulnerability in themebeez Cream Blog cream-blog allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cream Blog: from n/a through <= 2.1.7.

Vendor: themebeez
Product: Cream Blog
Published: Apr 08, 2026
Source: NVD
CVE-2026-39647 MEDIUM - 5.4

Server-Side Request Forgery (SSRF) vulnerability in sonaar MP3 Audio Player for Music, Radio & Podcast by Sonaar mp3-music-player-by-sonaar allows Server Side Request Forgery.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through <= 5.11.

Vendor: sonaar
Product: MP3 Audio Player for Music, Radio & Podcast by Sonaar
Published: Apr 08, 2026
Source: NVD
CVE-2026-39646 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bozdoz Leaflet Map leaflet-map allows Stored XSS.This issue affects Leaflet Map: from n/a through <= 3.4.4.

Vendor: bozdoz
Product: Leaflet Map
Published: Apr 08, 2026
Source: NVD
CVE-2026-39645 MEDIUM - 5.4

Server-Side Request Forgery (SSRF) vulnerability in Global Payments GlobalPayments WooCommerce global-payments-woocommerce allows Server Side Request Forgery.This issue affects GlobalPayments WooCommerce: from n/a through <= 1.18.0.

Vendor: Global Payments
Product: GlobalPayments WooCommerce
Published: Apr 08, 2026
Source: NVD
CVE-2026-39644 MEDIUM - 5.3

Missing Authorization vulnerability in Roxnor Wp Ultimate Review wp-ultimate-review allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wp Ultimate Review: from n/a through <= 2.3.8.

Vendor: Roxnor
Product: Wp Ultimate Review
Published: Apr 08, 2026
Source: NVD
CVE-2026-39643 MEDIUM - 5.3

Missing Authorization vulnerability in Payment Plugins Payment Plugins for PayPal WooCommerce pymntpl-paypal-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payment Plugins for PayPal WooCommerce: from n/a through <= 2.0.13.

Vendor: Payment Plugins
Product: Payment Plugins for PayPal WooCommerce
Published: Apr 08, 2026
Source: NVD
CVE-2026-39641 MEDIUM - 6.5

Cross-Site Request Forgery (CSRF) vulnerability in Skywarrior Blackfyre blackfyre allows Cross Site Request Forgery.This issue affects Blackfyre: from n/a through <= 2.5.4.

Vendor: Skywarrior
Product: Blackfyre
Published: Apr 08, 2026
Source: NVD
CVE-2026-39640 CRITICAL - 9.6

Cross-Site Request Forgery (CSRF) vulnerability in mndpsingh287 Theme Editor theme-editor allows Code Injection.This issue affects Theme Editor: from n/a through <= 3.2.

Vendor: mndpsingh287
Product: Theme Editor
Published: Apr 08, 2026
Source: NVD
CVE-2026-39639 MEDIUM - 6.5

Missing Authorization vulnerability in redpixelstudios RPS Include Content rps-include-content allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RPS Include Content: from n/a through <= 1.2.2.

Vendor: redpixelstudios
Product: RPS Include Content
Published: Apr 08, 2026
Source: NVD
CVE-2026-39638 MEDIUM - 5.9

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum Qubely qubely allows Stored XSS.This issue affects Qubely: from n/a through <= 1.8.14.

Vendor: Themeum
Product: Qubely
Published: Apr 08, 2026
Source: NVD
CVE-2026-39637 MEDIUM - 5.3

Missing Authorization vulnerability in SpabRice Mogi mogi allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mogi: from n/a through <= 1.2.3.

Vendor: SpabRice
Product: Mogi
Published: Apr 08, 2026
Source: NVD
CVE-2026-39636 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in livemesh Livemesh Addons for Elementor addons-for-elementor allows Stored XSS.This issue affects Livemesh Addons for Elementor: from n/a through <= 9.0.

Vendor: livemesh
Product: Livemesh Addons for Elementor
Published: Apr 08, 2026
Source: NVD
CVE-2026-39635 MEDIUM - 5.4

Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Magazine grandmagazine allows Cross Site Request Forgery.This issue affects Grand Magazine: from n/a through <= 3.5.5.

Vendor: ThemeGoods
Product: Grand Magazine
Published: Apr 08, 2026
Source: NVD
CVE-2026-39634 MEDIUM - 5.4

Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Portfolio grandportfolio allows Cross Site Request Forgery.This issue affects Grand Portfolio: from n/a through <= 3.3.

Vendor: ThemeGoods
Product: Grand Portfolio
Published: Apr 08, 2026
Source: NVD
CVE-2026-39633 MEDIUM - 6.5

Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Car Rental grandcarrental allows Cross Site Request Forgery.This issue affects Grand Car Rental: from n/a through <= 3.6.9.

Vendor: ThemeGoods
Product: Grand Car Rental
Published: Apr 08, 2026
Source: NVD
CVE-2026-39632 MEDIUM - 6.5

Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Blog grandblog allows Cross Site Request Forgery.This issue affects Grand Blog: from n/a through <= 3.1.

Vendor: ThemeGoods
Product: Grand Blog
Published: Apr 08, 2026
Source: NVD
CVE-2026-39631 MEDIUM - 4.9

Missing Authorization vulnerability in Ronik@UnlimitedWP WPSchoolPress wpschoolpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPSchoolPress: from n/a through <= 2.2.35.

Vendor: Ronik@UnlimitedWP
Product: WPSchoolPress
Published: Apr 08, 2026
Source: NVD
CVE-2026-39630 MEDIUM - 6.4

Server-Side Request Forgery (SSRF) vulnerability in Getty Images Getty Images getty-images allows Server Side Request Forgery.This issue affects Getty Images: from n/a through <= 4.1.0.

Vendor: Getty Images
Product: Getty Images
Published: Apr 08, 2026
Source: NVD