Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
13465
Total
886
Critical
3905
High
4244
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2025-15064 | MEDIUM | 6.4 | The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via … | Apr 04, 2026 |
| CVE-2025-13368 | MEDIUM | 6.4 | The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Pricing Widget's 'onClick Event' setting in … | Apr 04, 2026 |
| CVE-2026-2949 | MEDIUM | 6.4 | The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Icon Box widget in versions up … | Apr 04, 2026 |
| CVE-2026-2924 | MEDIUM | 6.4 | The Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'imageLoad' parameter in versions … | Apr 04, 2026 |
| CVE-2026-3571 | MEDIUM | 6.5 | The Pie Register – User Registration, Profiles & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability … | Apr 04, 2026 |
| CVE-2026-35616 | CRITICAL | 9.8 | A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests. | Apr 04, 2026 |
| CVE-2026-34780 | HIGH | 8.3 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From versions 39.0.0-alpha.1 to before 39.8.0, 40.0.0-alpha.1 to before 40.7.0, and … | Apr 04, 2026 |
| CVE-2026-34955 | HIGH | 8.8 | PraisonAI is a multi-agent teams system. Prior to version 4.5.97, SubprocessSandbox in all modes (BASIC, STRICT, NETWORK_ISOLATED) calls subprocess.run() with shell=True and relies solely on … | Apr 04, 2026 |
| CVE-2026-34779 | MEDIUM | 6.5 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8, on macOS, app.moveToApplicationsFolder() … | Apr 04, 2026 |
| CVE-2026-34778 | MEDIUM | 5.9 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0, a service worker … | Apr 04, 2026 |
| CVE-2026-34777 | MEDIUM | 5.4 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0, when an iframe … | Apr 04, 2026 |
| CVE-2026-34776 | MEDIUM | 5.3 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0, on macOS and … | Apr 04, 2026 |
| CVE-2026-34775 | MEDIUM | 6.8 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.4, 40.8.4, and 41.0.0, the nodeIntegrationInWorker webPreference … | Apr 04, 2026 |
| CVE-2026-34774 | HIGH | 8.1 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 39.8.1, 40.7.0, and 41.0.0, apps that use offscreen … | Apr 04, 2026 |
| CVE-2026-34773 | MEDIUM | 4.7 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0, on Windows, app.setAsDefaultProtocolClient(protocol) … | Apr 04, 2026 |
| CVE-2026-34772 | MEDIUM | 5.8 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, apps that allow … | Apr 04, 2026 |
| CVE-2026-34771 | HIGH | 7.5 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, apps that register … | Apr 04, 2026 |
| CVE-2026-34770 | HIGH | 7.0 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8, apps that use … | Apr 04, 2026 |
| CVE-2026-34769 | HIGH | 7.7 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, an undocumented commandLineSwitches … | Apr 04, 2026 |
| CVE-2026-34768 | LOW | 3.9 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8, on Windows, app.setLoginItemSettings({openAtLogin: … | Apr 04, 2026 |
| CVE-2026-34767 | MEDIUM | 5.9 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.3, 40.8.3, and 41.0.3, apps that register … | Apr 04, 2026 |
| CVE-2026-34766 | LOW | 3.3 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, the select-usb-device event … | Apr 04, 2026 |
| CVE-2026-35468 | MEDIUM | 5.3 | nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, two peer-facing consensus request handlers … | Apr 03, 2026 |
| CVE-2026-34954 | HIGH | 8.6 | PraisonAI is a multi-agent teams system. Prior to version 1.5.95, FileTools.download_file() in praisonaiagents validates the destination path but performs no validation on the url parameter, … | Apr 03, 2026 |
| CVE-2026-34953 | CRITICAL | 9.1 | PraisonAI is a multi-agent teams system. Prior to version 4.5.97, OAuthManager.validate_token() returns True for any token not found in its internal store, which is empty … | Apr 03, 2026 |