🛡️ CVE Intelligence Center
Common Vulnerabilities & Exposures — Security Intelligence Database
| CVE ID | Severity | CVSS | Description | Status | Published |
|---|---|---|---|---|---|
| CVE-2026-3499 | High | 8.8 |
The Product Feed PRO for WooCommerce by AdTribes – Product Feeds for WooCommerce plugin for WordPress is vulnerable to C…
|
— | Apr 8, 2026 |
| CVE-2026-3243 | High | 8.8 |
The Advanced Members for ACF plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path…
|
— | Apr 8, 2026 |
| CVE-2026-1342 | High | 8.5 |
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 …
|
— | Apr 8, 2026 |
| CVE-2026-4788 | High | 8.4 |
IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.37 stores sensitive information in log files that could be read by a loc…
|
— | Apr 8, 2026 |
| CVE-2026-5436 | High | 8.1 |
The MW WP Form plugin for WordPress is vulnerable to Arbitrary File Move/Read in all versions up to and including 5.1.1.…
|
— | Apr 8, 2026 |
| CVE-2026-30814 | High | 8.0 |
A stack-based buffer overflow in the tmpServer module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attac…
|
— | Apr 8, 2026 |
| CVE-2026-30818 | High | 8.0 |
An OS command injection vulnerability in the dnsmasq module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent…
|
— | Apr 8, 2026 |
| CVE-2026-30815 | High | 8.0 |
An OS command injection vulnerability in the OpenVPN module
of TP-Link Archer AX53 v1.0 allows an authenticated adjacent…
|
— | Apr 8, 2026 |
| CVE-2026-5726 | High | 7.8 |
ASDA-Soft Stack-based Buffer Overflow Vulnerability
|
— | Apr 8, 2026 |
| CVE-2026-40029 | High | 7.8 |
parseusbs before 1.9 contains an OS command injection vulnerability in parseUSBs.py where LNK file paths are passed unsa…
|
— | Apr 8, 2026 |
| CVE-2026-40031 | High | 7.8 |
MemProcFS before 5.17 contains multiple unsafe library-loading patterns that enable DLL and shared-library hijacking acr…
|
— | Apr 8, 2026 |
| CVE-2026-40032 | High | 7.8 |
UAC (Unix-like Artifacts Collector) before 3.3.0-rc1 contains a command injection vulnerability in the placeholder subst…
|
— | Apr 8, 2026 |
| CVE-2026-40030 | High | 7.8 |
parseusbs before 1.9 contains an OS command injection vulnerability where the volume listing path argument (-v flag) is …
|
— | Apr 8, 2026 |
| CVE-2026-40036 | High | 7.5 |
Unfurl before 2026.04 contains an unbounded zlib decompression vulnerability in parse_compressed.py that allows remote a…
|
— | Apr 8, 2026 |
| CVE-2026-3396 | High | 7.5 |
WCAPF – WooCommerce Ajax Product Filter plugin is vulnerable to time-based SQL Injection via the 'post-author' parameter…
|
— | Apr 8, 2026 |
| CVE-2026-35525 | High | 7.5 |
LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.3, for {% include %},…
|
⚡ Exploit | Apr 8, 2026 |
| CVE-2025-50654 | High | 7.5 |
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper validation of the id parameter in th…
|
— | Apr 8, 2026 |
| CVE-2025-50653 | High | 7.5 |
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name and mem paramet…
|
— | Apr 8, 2026 |
| CVE-2025-50650 | High | 7.5 |
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to inadequate validation of input size in the ro…
|
— | Apr 8, 2026 |
| CVE-2025-50652 | High | 7.5 |
An issue in D-Link DI-8003 16.07.26A1 related to improper handling of the id parameter in the /saveparm_usb.asp endpoint…
|
— | Apr 8, 2026 |