Total CVEs

145,743

Critical Severity

4,268

High Severity

15,733

Last 7 Days

2,319
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 24,321 - 24,340 of 42,148 CVEs
CVE-2026-39588 MEDIUM - 5.3

Missing Authorization vulnerability in nmerii NM Gift Registry and Wishlist Lite nm-gift-registry-and-wishlist-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NM Gift Registry and Wishlist Lite: from n/a through <= 5.13.

Vendor: nmerii
Product: NM Gift Registry and Wishlist Lite
Published: Apr 08, 2026
Source: NVD
CVE-2026-39586 MEDIUM - 5.3

Insertion of Sensitive Information Into Sent Data vulnerability in Ateeq Rafeeq RepairBuddy computer-repair-shop allows Retrieve Embedded Sensitive Data.This issue affects RepairBuddy: from n/a through <= 4.1132.

Vendor: Ateeq Rafeeq
Product: RepairBuddy
Published: Apr 08, 2026
Source: NVD
CVE-2026-39585 MEDIUM - 5.3

Missing Authorization vulnerability in Arraytics Booktics booktics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booktics: from n/a through <= 1.0.16.

Vendor: Arraytics
Product: Booktics
Published: Apr 08, 2026
Source: NVD
CVE-2026-39575 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ronald Huereca Custom Query Blocks post-type-archive-mapping allows DOM-Based XSS.This issue affects Custom Query Blocks: from n/a through <= 5.5.0.

Vendor: Ronald Huereca
Product: Custom Query Blocks
Published: Apr 08, 2026
Source: NVD
CVE-2026-39572 MEDIUM - 4.0

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in magepeopleteam Bus Ticket Booking with Seat Reservation bus-ticket-booking-with-seat-reservation allows Retrieve Embedded Sensitive Data.This issue affects Bus Ticket Booking with Seat Reservation: from n/a t...

Vendor: magepeopleteam
Product: Bus Ticket Booking with Seat Reservation
Published: Apr 08, 2026
Source: NVD
CVE-2026-39571 MEDIUM - 5.3

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Themefic Instantio instantio allows Retrieve Embedded Sensitive Data.This issue affects Instantio: from n/a through <= 3.3.30.

Vendor: Themefic
Product: Instantio
Published: Apr 08, 2026
Source: NVD
CVE-2026-39570 MEDIUM - 5.3

Insertion of Sensitive Information Into Sent Data vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-list allows Retrieve Embedded Sensitive Data.This issue affects 12 Step Meeting List: from n/a through <= 3.19.9.

Vendor: AA Web Servant
Product: 12 Step Meeting List
Published: Apr 08, 2026
Source: NVD
CVE-2026-39569 MEDIUM - 6.5

Missing Authorization vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-list allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 12 Step Meeting List: from n/a through <= 3.19.9.

Vendor: AA Web Servant
Product: 12 Step Meeting List
Published: Apr 08, 2026
Source: NVD
CVE-2026-39566 MEDIUM - 4.0

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Designinvento DirectoryPress directorypress allows Retrieve Embedded Sensitive Data.This issue affects DirectoryPress: from n/a through <= 3.6.26.

Vendor: Designinvento
Product: DirectoryPress
Published: Apr 08, 2026
Source: NVD
CVE-2026-39565 MEDIUM - 4.3

Missing Authorization vulnerability in magepeopleteam WpTravelly tour-booking-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpTravelly: from n/a through <= 2.1.7.

Vendor: magepeopleteam
Product: WpTravelly
Published: Apr 08, 2026
Source: NVD
CVE-2026-39564 MEDIUM - 5.3

Insertion of Sensitive Information Into Sent Data vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Retrieve Embedded Sensitive Data.This issue affects Sunshine Photo Cart: from n/a through < 3.6.2.

Vendor: sunshinephotocart
Product: Sunshine Photo Cart
Published: Apr 08, 2026
Source: NVD
CVE-2026-39563 MEDIUM - 5.3

Missing Authorization vulnerability in ILLID Share This Image share-this-image allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Share This Image: from n/a through <= 2.12.

Vendor: ILLID
Product: Share This Image
Published: Apr 08, 2026
Source: NVD
CVE-2026-39562 MEDIUM - 5.3

Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Invoicing by Sprout Invoices: from n/a through <= 20.8.10.

Vendor: BoldGrid
Product: Client Invoicing by Sprout Invoices
Published: Apr 08, 2026
Source: NVD
CVE-2026-39561 MEDIUM - 5.3

Missing Authorization vulnerability in WP Chill Revive.so revive-so allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Revive.so: from n/a through <= 2.0.7.

Vendor: WP Chill
Product: Revive.so
Published: Apr 08, 2026
Source: NVD
CVE-2026-39544 HIGH - 7.5

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themeStek LabtechCO labtechco allows PHP Local File Inclusion.This issue affects LabtechCO: from n/a through <= 8.3.

Vendor: themeStek
Product: LabtechCO
Published: Apr 08, 2026
Source: NVD
CVE-2026-39543 MEDIUM - 5.3

Missing Authorization vulnerability in Themefic Tourfic tourfic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tourfic: from n/a through <= 2.21.4.

Vendor: Themefic
Product: Tourfic
Published: Apr 08, 2026
Source: NVD
CVE-2026-39542 MEDIUM - 5.3

Insertion of Sensitive Information Into Sent Data vulnerability in Doofinder Doofinder for WooCommerce doofinder-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects Doofinder for WooCommerce: from n/a through <= 2.10.13.

Vendor: Doofinder
Product: Doofinder for WooCommerce
Published: Apr 08, 2026
Source: NVD
CVE-2026-39541 MEDIUM - 5.9

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Hydra Booking hydra-booking allows Stored XSS.This issue affects Hydra Booking: from n/a through <= 1.1.38.

Vendor: Themefic
Product: Hydra Booking
Published: Apr 08, 2026
Source: NVD
CVE-2026-39538 HIGH - 7.5

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Mikado Core mikado-core allows PHP Local File Inclusion.This issue affects Mikado Core: from n/a through <= 1.6.

Vendor: Mikado-Themes
Product: Mikado Core
Published: Apr 08, 2026
Source: NVD
CVE-2026-39536 MEDIUM - 5.3

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WP Chill RSVP and Event Management rsvp allows Retrieve Embedded Sensitive Data.This issue affects RSVP and Event Management: from n/a through <= 2.7.16.

Vendor: WP Chill
Product: RSVP and Event Management
Published: Apr 08, 2026
Source: NVD