🛡️ CVE Intelligence Center
Common Vulnerabilities & Exposures — Security Intelligence Database
| CVE ID | Severity | CVSS | Description | Status | Published |
|---|---|---|---|---|---|
| CVE-2026-3005 | Medium | 6.4 |
The List category posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'catlist' sho…
|
— | Apr 9, 2026 |
| CVE-2026-5357 | Medium | 6.4 |
The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sid' parameter of the 'w…
|
— | Apr 9, 2026 |
| CVE-2026-4336 | Medium | 6.4 |
The Ultimate FAQ Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via FAQ content in all vers…
|
— | Apr 9, 2026 |
| CVE-2026-4429 | Medium | 6.4 |
The OSM – OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'marker_name' and 'fil…
|
— | Apr 9, 2026 |
| CVE-2026-5742 | Medium | 6.4 |
The UsersWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.2.60. Th…
|
— | Apr 9, 2026 |
| CVE-2026-5823 | Medium | 6.3 |
A weakness has been identified in itsourcecode Construction Management System 1.0. Affected by this issue is some unknow…
|
— | Apr 9, 2026 |
| CVE-2026-5831 | Medium | 6.3 |
A security flaw has been discovered in Agions taskflow-ai up to 2.1.8. This impacts an unknown function of the file src/…
|
— | Apr 9, 2026 |
| CVE-2023-54358 | Medium | 6.1 |
WordPress adivaha Travel Plugin 2.3 contains a reflected cross-site scripting vulnerability that allows unauthenticated …
|
— | Apr 9, 2026 |
| CVE-2023-54360 | Medium | 6.1 |
Joomla JLex Review 6.0.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicio…
|
— | Apr 9, 2026 |
| CVE-2023-54361 | Medium | 6.1 |
Joomla iProperty Real Estate 4.1.1 contains a reflected cross-site scripting vulnerability that allows attackers to inje…
|
— | Apr 9, 2026 |
| CVE-2023-54362 | Medium | 6.1 |
Joomla VirtueMart Shopping-Cart 4.0.12 contains a reflected cross-site scripting vulnerability that allows attackers to …
|
— | Apr 9, 2026 |
| CVE-2023-54363 | Medium | 6.1 |
Joomla Solidres 2.13.3 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to …
|
— | Apr 9, 2026 |
| CVE-2023-54364 | Medium | 6.1 |
Joomla HikaShop 4.7.4 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to i…
|
— | Apr 9, 2026 |
| CVE-2026-21904 | Medium | 6.1 |
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Network…
|
— | Apr 9, 2026 |
| CVE-2026-35622 | Medium | 5.9 |
OpenClaw before 2026.3.22 contains an improper authentication verification vulnerability in Google Chat app-url webhook …
|
— | Apr 9, 2026 |
| CVE-2026-33773 | Medium | 5.8 |
An Incorrect Initialization of Resource vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS…
|
— | Apr 9, 2026 |
| CVE-2026-33776 | Medium | 5.5 |
A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved allows a local user w…
|
— | Apr 9, 2026 |
| CVE-2026-33786 | Medium | 5.5 |
An Improper Check for Unusual or Exceptional Conditions vulnerability in the chassis control daemon (chassisd) of Junipe…
|
— | Apr 9, 2026 |
| CVE-2026-33787 | Medium | 5.5 |
An Improper Check for Unusual or Exceptional Conditions vulnerability in the chassis control daemon (chassisd) of Junipe…
|
— | Apr 9, 2026 |
| CVE-2026-4124 | Medium | 5.4 |
The Ziggeo plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.1.1. The …
|
— | Apr 9, 2026 |