Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12686
Total
851
Critical
3660
High
3983
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2024-53412 | HIGH | 8.4 | Command injection in the connect function in NietThijmen ShoppingCart 0.0.2 allows an attacker to execute arbitrary shell commands and achieve remote code execution via injection … | Apr 15, 2026 |
| CVE-2026-4145 | HIGH | 7.8 | During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix that could allow a local authenticated user to perform arbitrary code … | Apr 15, 2026 |
| CVE-2026-4135 | MEDIUM | 6.6 | During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix, that during installation could allow a local authenticated user to perform … | Apr 15, 2026 |
| CVE-2026-4134 | HIGH | 7.3 | During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix, that during installation could allow a local authenticated user to execute … | Apr 15, 2026 |
| CVE-2026-25219 | MEDIUM | 6.5 | The `access_key` and `connection_string` connection properties were not marked as sensitive names in secrets masker. This means that user with read permission could see the … | Apr 15, 2026 |
| CVE-2026-1636 | MEDIUM | 6.7 | A potential DLL hijacking vulnerability was reported in Lenovo Service Bridge that, under certain conditions, could allow a local authenticated user to execute code with … | Apr 15, 2026 |
| CVE-2026-0827 | HIGH | 7.1 | During an internal security assessment, a potential vulnerability was discovered in Lenovo Diagnostics and the HardwareScanAddin used in Lenovo Vantage that, during installation or when … | Apr 15, 2026 |
| CVE-2026-3590 | MEDIUM | 6.5 | Mattermost versions 10.11.x <= 10.11.12, 11.5.x <= 11.5.0, 11.4.x <= 11.4.2, 11.3.x <= 11.3.2 fail to enforce atomic single-use consumption of guest magic link tokens, … | Apr 15, 2026 |
| CVE-2026-1852 | MEDIUM | 6.1 | The Product Pricing Table by WooBeWoo plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is … | Apr 15, 2026 |
| CVE-2026-40786 | UNKNOWN | — | Missing Authorization vulnerability in Long Watch Studio MyRewards woorewards allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MyRewards: from n/a through <= 5.7.3. | Apr 15, 2026 |
| CVE-2026-40784 | HIGH | 8.1 | Authorization Bypass Through User-Controlled Key vulnerability in Mahmudul Hasan Arif FluentBoards fluent-boards allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FluentBoards: from n/a … | Apr 15, 2026 |
| CVE-2026-40778 | UNKNOWN | — | Missing Authorization vulnerability in Majestic Support Majestic Support majestic-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Majestic Support: from n/a through <= … | Apr 15, 2026 |
| CVE-2026-40764 | HIGH | 8.1 | Cross-Site Request Forgery (CSRF) vulnerability in Syed Balkhi Contact Form by WPForms wpforms-lite allows Cross Site Request Forgery.This issue affects Contact Form by WPForms: from … | Apr 15, 2026 |
| CVE-2026-40763 | UNKNOWN | — | Missing Authorization vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Royal Elementor Addons: from n/a … | Apr 15, 2026 |
| CVE-2026-40745 | HIGH | 7.6 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Blind SQL Injection.This issue … | Apr 15, 2026 |
| CVE-2026-40744 | UNKNOWN | — | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Beaver Builder Beaver Builder beaver-builder-lite-version allows Blind SQL Injection.This issue affects … | Apr 15, 2026 |
| CVE-2026-40742 | MEDIUM | 5.3 | Missing Authorization vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nelio AB Testing: from n/a … | Apr 15, 2026 |
| CVE-2026-40740 | UNKNOWN | — | Missing Authorization vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through <= 3.9.7. | Apr 15, 2026 |
| CVE-2026-40737 | MEDIUM | 5.3 | Authorization Bypass Through User-Controlled Key vulnerability in VillaTheme COMPE compe-woo-compare-products allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects COMPE: from n/a through <= … | Apr 15, 2026 |
| CVE-2026-40734 | UNKNOWN | — | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zahlan Categories Images categories-images allows DOM-Based XSS.This issue affects Categories Images: from n/a … | Apr 15, 2026 |
| CVE-2026-40730 | UNKNOWN | — | Missing Authorization vulnerability in ThemeGrill ThemeGrill Demo Importer themegrill-demo-importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ThemeGrill Demo Importer: from n/a through … | Apr 15, 2026 |
| CVE-2026-40729 | UNKNOWN | — | Missing Authorization vulnerability in bPlugins 3D viewer – Embed 3D Models 3d-viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 3D viewer – … | Apr 15, 2026 |
| CVE-2026-40728 | MEDIUM | 4.3 | Missing Authorization vulnerability in BlockArt Magazine Blocks magazine-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Magazine Blocks: from n/a through <= 1.8.3. | Apr 15, 2026 |
| CVE-2026-33805 | UNKNOWN | — | @fastify/reply-from v12.6.1 and earlier and @fastify/http-proxy v11.4.3 and earlier process the client's Connection header after the proxy has added its own headers via rewriteRequestHeaders. This … | Apr 15, 2026 |
| CVE-2026-30778 | UNKNOWN | — | The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information of MySQL/PostgreSQL. This issue affects Apache SkyWalking: from 9.7.0 through 10.3.0. Users are recommended to … | Apr 15, 2026 |