🛡️ CVE Intelligence Center
Common Vulnerabilities & Exposures — Security Intelligence Database
| CVE ID | Severity | CVSS | Description | Status | Published |
|---|---|---|---|---|---|
| CVE-2026-4895 | Medium | 6.4 |
The GreenShift - Animation and Page Builder Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting in …
|
— | Apr 11, 2026 |
| CVE-2026-5226 | Medium | 6.1 |
The Optimole – Optimize Images in Real Time plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL…
|
— | Apr 11, 2026 |
| CVE-2026-3358 | Medium | 5.4 |
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized private course e…
|
— | Apr 11, 2026 |
| CVE-2026-4979 | Medium | 5.0 |
The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP plugin for WordPre…
|
— | Apr 11, 2026 |
| CVE-2026-5991 | High | 8.8 |
A vulnerability was found in Tenda F451 1.0.0.7. Affected by this issue is the function formWrlExtraSet of the file /gof…
|
— | Apr 10, 2026 |
| CVE-2026-6014 | High | 8.8 |
A flaw has been found in D-Link DIR-513 1.10. This issue affects the function formAdvanceSetup of the file /goform/formA…
|
— | Apr 10, 2026 |
| CVE-2026-6013 | High | 8.8 |
A vulnerability was detected in D-Link DIR-513 1.10. This vulnerability affects the function formSetRoute of the file /g…
|
— | Apr 10, 2026 |
| CVE-2026-6012 | High | 8.8 |
A security vulnerability has been detected in D-Link DIR-513 1.10. This affects the function formSetPassword of the file…
|
— | Apr 10, 2026 |
| CVE-2026-6016 | High | 8.8 |
A vulnerability was found in Tenda AC9 15.03.02.13. The affected element is the function decodePwd of the file /goform/W…
|
— | Apr 10, 2026 |
| CVE-2026-5992 | High | 8.8 |
A vulnerability was determined in Tenda F451 1.0.0.7. This affects the function fromP2pListFilter of the file /goform/P2…
|
— | Apr 10, 2026 |
| CVE-2026-5990 | High | 8.8 |
A vulnerability has been found in Tenda F451 1.0.0.7. Affected by this vulnerability is the function fromSafeEmailFilter…
|
— | Apr 10, 2026 |
| CVE-2026-5989 | High | 8.8 |
A flaw has been found in Tenda F451 1.0.0.7. Affected is the function fromRouteStatic of the file /goform/RouteStatic. E…
|
— | Apr 10, 2026 |
| CVE-2026-35666 | High | 8.8 |
OpenClaw before 2026.3.22 contains an allowlist bypass vulnerability in system.run approvals that fails to unwrap /usr/b…
|
✅ Patch | Apr 10, 2026 |
| CVE-2026-35663 | High | 8.8 |
OpenClaw before 2026.3.25 contains a privilege escalation vulnerability allowing non-admin operators to self-request bro…
|
✅ Patch | Apr 10, 2026 |
| CVE-2026-6015 | High | 8.8 |
A vulnerability has been found in Tenda AC9 15.03.02.13. Impacted is the function formQuickIndex of the file /goform/Qui…
|
— | Apr 10, 2026 |
| CVE-2026-35669 | High | 8.8 |
OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in gateway-authenticated plugin HTTP routes that…
|
✅ Patch | Apr 10, 2026 |
| CVE-2026-35643 | High | 8.8 |
OpenClaw before 2026.3.22 contains an unvalidated WebView JavascriptInterface vulnerability allowing attackers to inject…
|
✅ Patch | Apr 10, 2026 |
| CVE-2026-4351 | High | 8.1 |
The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite via path traversal in all versions up to,…
|
— | Apr 10, 2026 |
| CVE-2026-35653 | High | 8.1 |
OpenClaw before 2026.3.24 contains an incorrect authorization vulnerability in the POST /reset-profile endpoint that all…
|
⚡ Exploit ✅ Patch | Apr 10, 2026 |
| CVE-2026-35660 | High | 8.1 |
OpenClaw before 2026.3.23 contains an insufficient access control vulnerability in the Gateway agent /reset endpoint tha…
|
✅ Patch | Apr 10, 2026 |