🛡️ CVE Intelligence Center
Common Vulnerabilities & Exposures — Security Intelligence Database
| CVE ID | Severity | CVSS | Description | Status | Published |
|---|---|---|---|---|---|
| CVE-2026-3599 | High | 7.5 |
The Riaxe Product Customizer plugin for WordPress is vulnerable to SQL Injection via the 'options' parameter keys within…
|
— | Apr 16, 2026 |
| CVE-2026-6351 | High | 7.5 |
MailGates/MailAudit developed by Openfind has a CRLF Injection vulnerability, allowing unauthenticated remote attackers …
|
— | Apr 16, 2026 |
| CVE-2026-3489 | High | 7.5 |
The DirectoryPress – Business Directory And Classified Ad Listing plugin for WordPress is vulnerable to SQL Injection vi…
|
— | Apr 16, 2026 |
| CVE-2026-5050 | High | 7.5 |
The Payment Gateway for Redsys & WooCommerce Lite plugin for WordPress is vulnerable to Improper Verification of Cryptog…
|
— | Apr 16, 2026 |
| CVE-2026-3876 | High | 7.2 |
The Prismatic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'prismatic_encoded' pseudo-short…
|
— | Apr 16, 2026 |
| CVE-2026-5617 | High | 8.8 |
The Login as User plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.3…
|
— | Apr 15, 2026 |
| CVE-2026-34632 | High | 8.2 |
Adobe Photoshop Installer was affected by an Uncontrolled Search Path Element vulnerability that could have resulted in …
|
— | Apr 15, 2026 |
| CVE-2026-4145 | High | 7.8 |
During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix that could allow…
|
— | Apr 15, 2026 |
| CVE-2026-22676 | High | 7.8 |
Barracuda RMM versions prior to 2025.2.2 contain a privilege escalation vulnerability that allows local attackers to gai…
|
— | Apr 15, 2026 |
| CVE-2026-6384 | High | 7.3 |
A flaw was found in gimp. This buffer overflow vulnerability in the GIF image loading component's `ReadJeffsImage` funct…
|
— | Apr 15, 2026 |
| CVE-2026-4134 | High | 7.3 |
During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix, that during ins…
|
— | Apr 15, 2026 |
| CVE-2026-5694 | High | 7.2 |
The Quick Interest Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'loan-amount' and 'l…
|
— | Apr 15, 2026 |
| CVE-2026-20205 | High | 7.2 |
In Splunk MCP Server app versions below 1.0.3 , a user who holds a role with access to the Splunk `_internal` index or p…
|
— | Apr 15, 2026 |
| CVE-2026-3643 | High | 7.2 |
The Accessibly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API in all versions up to,…
|
— | Apr 15, 2026 |
| CVE-2026-2834 | High | 7.2 |
The Age Verification & Identity Verification by Token of Trust plugin for WordPress is vulnerable to Stored Cross-Site S…
|
— | Apr 15, 2026 |
| CVE-2026-0827 | High | 7.1 |
During an internal security assessment, a potential vulnerability was discovered in Lenovo Diagnostics and the HardwareS…
|
— | Apr 15, 2026 |
| CVE-2026-20204 | High | 7.1 |
In Splunk Enterprise versions below 10.2.1, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.26…
|
— | Apr 15, 2026 |
| CVE-2026-32171 | High | 8.8 |
Insufficiently protected credentials in Azure Logic Apps allows an authorized attacker to elevate privileges over a netw…
|
— | Apr 14, 2026 |
| CVE-2026-25654 | High | 8.8 |
A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3). Affected products do not properly validate u…
|
— | Apr 14, 2026 |
| CVE-2026-27668 | High | 8.8 |
A vulnerability has been identified in RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) (All versions < V5.8). U…
|
— | Apr 14, 2026 |