🛡️ CVE Intelligence Center
Common Vulnerabilities & Exposures — Security Intelligence Database
| CVE ID | Severity | CVSS | Description | Status | Published |
|---|---|---|---|---|---|
| CVE-2026-4388 | High | 7.2 |
The Form Maker by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Matrix field (Text Box…
|
— | Apr 14, 2026 |
| CVE-2026-6227 | High | 7.2 |
The BackWPup plugin for WordPress is vulnerable to Local File Inclusion via the `block_name` parameter of the `/wp-json/…
|
— | Apr 14, 2026 |
| CVE-2026-3017 | High | 7.2 |
The Smart Post Show – Post Grid, Post Carousel & Slider, and List Category Posts plugin for WordPress is vulnerable to P…
|
— | Apr 14, 2026 |
| CVE-2026-32188 | High | 7.1 |
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
|
— | Apr 14, 2026 |
| CVE-2026-33892 | High | 7.1 |
A vulnerability has been identified in Industrial Edge Management Pro V1 (All versions >= V1.7.6 < V1.15.17), Industrial…
|
— | Apr 14, 2026 |
| CVE-2026-34256 | High | 7.1 |
Due to a missing authorization check in SAP ERP and SAP S/4HANA (Private Cloud and On-Premise), an authenticated attacke…
|
— | Apr 14, 2026 |
| CVE-2026-4345 | High | 7.1 |
A maliciously crafted HTML payload, stored in a design name and exported to CSV, can trigger a Stored Cross-site Scripti…
|
— | Apr 14, 2026 |
| CVE-2026-4369 | High | 7.1 |
A maliciously crafted HTML payload in an assembly variant name, when displayed during the delete confirmation dialog and…
|
— | Apr 14, 2026 |
| CVE-2026-4344 | High | 7.1 |
A maliciously crafted HTML payload in a component name, when displayed during the delete confirmation dialog and clicked…
|
— | Apr 14, 2026 |
| CVE-2026-32080 | High | 7.0 |
Use after free in Windows WalletService allows an authorized attacker to elevate privileges locally.
|
— | Apr 14, 2026 |
| CVE-2026-32224 | High | 7.0 |
Use after free in Windows Server Update Service allows an authorized attacker to elevate privileges locally.
|
— | Apr 14, 2026 |
| CVE-2026-32195 | High | 7.0 |
Stack-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
|
— | Apr 14, 2026 |
| CVE-2026-37980 | Medium | 6.9 |
A flaw was found in Keycloak, specifically in the organization selection login page. A remote attacker with `manage-real…
|
— | Apr 14, 2026 |
| CVE-2026-32223 | Medium | 6.8 |
Heap-based buffer overflow in Windows USB Print Driver allows an unauthorized attacker to elevate privileges with a phys…
|
— | Apr 14, 2026 |
| CVE-2026-32167 | Medium | 6.7 |
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized …
|
— | Apr 14, 2026 |
| CVE-2026-0390 | Medium | 6.7 |
Reliance on untrusted inputs in a security decision in Windows Boot Loader allows an authorized attacker to bypass a sec…
|
— | Apr 14, 2026 |
| CVE-2026-32176 | Medium | 6.7 |
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized …
|
— | Apr 14, 2026 |
| CVE-2026-2582 | Medium | 6.5 |
The The Germanized for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution via 'account_hold…
|
— | Apr 14, 2026 |
| CVE-2026-27677 | Medium | 6.5 |
Due to missing authorization checks in the SAP S/4HANA OData Service (Manage Reference Equipment), an attacker could upd…
|
— | Apr 14, 2026 |
| CVE-2026-27678 | Medium | 6.5 |
Due to missing authorization checks in the SAP S/4HANA backend OData Service (Manage Reference Structures), an attacker …
|
— | Apr 14, 2026 |