Total CVEs

145,712

Critical Severity

4,267

High Severity

15,730

Last 7 Days

2,296
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 24,261 - 24,280 of 42,117 CVEs
CVE-2026-39629 MEDIUM - 5.3

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutethemes Uminex uminex allows Code Injection.This issue affects Uminex: from n/a through <= 1.0.9.

Vendor: kutethemes
Product: Uminex
Published: Apr 08, 2026
Source: NVD
CVE-2026-39628 MEDIUM - 5.3

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutethemes DukaMarket dukamarket allows Code Injection.This issue affects DukaMarket: from n/a through <= 1.3.0.

Vendor: kutethemes
Product: DukaMarket
Published: Apr 08, 2026
Source: NVD
CVE-2026-39627 MEDIUM - 4.3

Missing Authorization vulnerability in wproyal Ashe ashe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ashe: from n/a through <= 2.266.

Vendor: wproyal
Product: Ashe
Published: Apr 08, 2026
Source: NVD
CVE-2026-39626 MEDIUM - 5.3

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutethemes Armania armania allows Code Injection.This issue affects Armania: from n/a through <= 1.4.8.

Vendor: kutethemes
Product: Armania
Published: Apr 08, 2026
Source: NVD
CVE-2026-39625 MEDIUM - 5.3

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutethemes TechOne techone allows Code Injection.This issue affects TechOne: from n/a through <= 3.0.3.

Vendor: kutethemes
Product: TechOne
Published: Apr 08, 2026
Source: NVD
CVE-2026-39624 MEDIUM - 5.3

Missing Authorization vulnerability in kutethemes Biolife biolife allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Biolife: from n/a through <= 3.2.3.

Vendor: kutethemes
Product: Biolife
Published: Apr 08, 2026
Source: NVD
CVE-2026-39623 HIGH - 7.5

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in kutethemes Biolife biolife allows PHP Local File Inclusion.This issue affects Biolife: from n/a through <= 3.2.3.

Vendor: kutethemes
Product: Biolife
Published: Apr 08, 2026
Source: NVD
CVE-2026-39622 MEDIUM - 5.3

Missing Authorization vulnerability in acmethemes Education Base education-base allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Education Base: from n/a through <= 3.0.8.

Vendor: acmethemes
Product: Education Base
Published: Apr 08, 2026
Source: NVD
CVE-2026-39621 HIGH - 8.8

Cross-Site Request Forgery (CSRF) vulnerability in spicethemes SpicePress spicepress allows Upload a Web Shell to a Web Server.This issue affects SpicePress: from n/a through <= 2.3.2.5.

Vendor: spicethemes
Product: SpicePress
Published: Apr 08, 2026
Source: NVD
CVE-2026-39620 CRITICAL - 9.6

Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Appointment appointment allows Upload a Web Shell to a Web Server.This issue affects Appointment: from n/a through <= 3.5.5.

Vendor: priyanshumittal
Product: Appointment
Published: Apr 08, 2026
Source: NVD
CVE-2026-39619 CRITICAL - 9.6

Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Busiprof busiprof allows Upload a Web Shell to a Web Server.This issue affects Busiprof: from n/a through <= 2.5.2.

Vendor: priyanshumittal
Product: Busiprof
Published: Apr 08, 2026
Source: NVD
CVE-2026-39618 MEDIUM - 4.3

Cross-Site Request Forgery (CSRF) vulnerability in themearile NewsExo newsexo allows Cross Site Request Forgery.This issue affects NewsExo: from n/a through <= 7.1.

Vendor: themearile
Product: NewsExo
Published: Apr 08, 2026
Source: NVD
CVE-2026-39617 CRITICAL - 9.6

Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Bluestreet bluestreet allows Cross Site Request Forgery.This issue affects Bluestreet: from n/a through <= 1.7.3.

Vendor: priyanshumittal
Product: Bluestreet
Published: Apr 08, 2026
Source: NVD
CVE-2026-39616 MEDIUM - 5.3

Authorization Bypass Through User-Controlled Key vulnerability in dFactory Download Attachments download-attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Attachments: from n/a through <= 1.4.0.

Vendor: dFactory
Product: Download Attachments
Published: Apr 08, 2026
Source: NVD
CVE-2026-39615 MEDIUM - 5.9

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shahjada Download Manager download-manager allows Stored XSS.This issue affects Download Manager: from n/a through <= 3.3.53.

Vendor: Shahjada
Product: Download Manager
Published: Apr 08, 2026
Source: NVD
CVE-2026-39614 MEDIUM - 5.4

Missing Authorization vulnerability in ilGhera JW Player for WordPress jw-player-7-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JW Player for WordPress: from n/a through <= 2.3.6.

Vendor: ilGhera
Product: JW Player for WordPress
Published: Apr 08, 2026
Source: NVD
CVE-2026-39613 HIGH - 7.5

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in kutethemes Boutique kute-boutique allows PHP Local File Inclusion.This issue affects Boutique: from n/a through <= 2.3.3.

Vendor: kutethemes
Product: Boutique
Published: Apr 08, 2026
Source: NVD
CVE-2026-39612 MEDIUM - 5.3

Missing Authorization vulnerability in kutethemes KuteShop kuteshop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects KuteShop: from n/a through <= 4.2.9.

Vendor: kutethemes
Product: KuteShop
Published: Apr 08, 2026
Source: NVD
CVE-2026-39611 HIGH - 7.5

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in kutethemes KuteShop kuteshop allows PHP Local File Inclusion.This issue affects KuteShop: from n/a through <= 4.2.9.

Vendor: kutethemes
Product: KuteShop
Published: Apr 08, 2026
Source: NVD
CVE-2026-39610 MEDIUM - 5.3

Missing Authorization vulnerability in Pankaj Kumar WpXmas-Snow wpxmas-snow allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpXmas-Snow: from n/a through <= 1.1.

Vendor: Pankaj Kumar
Product: WpXmas-Snow
Published: Apr 08, 2026
Source: NVD