🛡️ CVE Intelligence Center
Common Vulnerabilities & Exposures — Security Intelligence Database
| CVE ID | Severity | CVSS | Description | Status | Published |
|---|---|---|---|---|---|
| CVE-2026-40459 | High | 8.8 |
PAC4J is vulnerable to LDAP Injection in multiple methods. A low-privileged remote attacker can inject crafted LDAP synt…
|
— | Apr 17, 2026 |
| CVE-2026-3464 | High | 8.8 |
The WP Customer Area plugin for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file pat…
|
— | Apr 17, 2026 |
| CVE-2026-40516 | High | 8.3 |
OpenHarness before commit bd4df81 contains a server-side request forgery vulnerability in the web_fetch and web_search t…
|
— | Apr 17, 2026 |
| CVE-2025-36568 | High | 7.8 |
Dell PowerProtect Data Domain BoostFS for client of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release versio…
|
— | Apr 17, 2026 |
| CVE-2026-40515 | High | 7.5 |
OpenHarness before commit bd4df81 contains a permission bypass vulnerability that allows attackers to read sensitive fil…
|
— | Apr 17, 2026 |
| CVE-2026-4659 | High | 7.5 |
The Unlimited Elements for Elementor plugin for WordPress is vulnerable to Arbitrary File Read via the Repeater JSON/CSV…
|
— | Apr 17, 2026 |
| CVE-2026-6490 | High | 7.3 |
A weakness has been identified in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. Impacted is an unknown f…
|
— | Apr 17, 2026 |
| CVE-2026-6483 | High | 7.2 |
A vulnerability was found in Wavlink WL-WN530H4 20220721. This vulnerability affects the function strcat/snprintf of the…
|
— | Apr 17, 2026 |
| CVE-2026-5231 | High | 7.2 |
The WP Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'utm_source' parameter in al…
|
— | Apr 17, 2026 |
| CVE-2026-23776 | High | 7.2 |
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5,…
|
✅ Patch | Apr 17, 2026 |
| CVE-2026-6421 | High | 7.0 |
A vulnerability has been found in Mobatek MobaXterm Home Edition up to 26.1. This affects an unknown part in the library…
|
— | Apr 17, 2026 |
| CVE-2026-33083 | High | 8.8 |
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection…
|
⚡ Exploit | Apr 16, 2026 |
| CVE-2023-3634 | High | 8.8 |
In products of the MSE6 product-family by Festo a remote authenticated, low privileged attacker could use functions of u…
|
— | Apr 16, 2026 |
| CVE-2026-33121 | High | 8.8 |
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection…
|
⚡ Exploit | Apr 16, 2026 |
| CVE-2026-33207 | High | 8.8 |
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection…
|
⚡ Exploit | Apr 16, 2026 |
| CVE-2026-3614 | High | 8.8 |
The AcyMailing plugin for WordPress is vulnerable to privilege escalation in all versions From 9.11.0 up to, and includi…
|
— | Apr 16, 2026 |
| CVE-2026-33084 | High | 8.8 |
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection…
|
⚡ Exploit | Apr 16, 2026 |
| CVE-2026-1620 | High | 8.8 |
The Livemesh Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and …
|
— | Apr 16, 2026 |
| CVE-2025-14868 | High | 8.8 |
The Career Section plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to Path Traversal and Arbitr…
|
— | Apr 16, 2026 |
| CVE-2026-6348 | High | 8.8 |
WinMatrix agent developed by Simopro Technology has a Missing Authentication vulnerability, allowing authenticated local…
|
— | Apr 16, 2026 |