🛡️ CVE Intelligence Center
Common Vulnerabilities & Exposures — Security Intelligence Database
| CVE ID | Severity | CVSS | Description | Status | Published |
|---|---|---|---|---|---|
| CVE-2026-40459 | High | 8.8 |
PAC4J is vulnerable to LDAP Injection in multiple methods. A low-privileged remote attacker can inject crafted LDAP synt…
|
— | Apr 17, 2026 |
| CVE-2026-40516 | High | 8.3 |
OpenHarness before commit bd4df81 contains a server-side request forgery vulnerability in the web_fetch and web_search t…
|
— | Apr 17, 2026 |
| CVE-2025-36568 | High | 7.8 |
Dell PowerProtect Data Domain BoostFS for client of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release versio…
|
— | Apr 17, 2026 |
| CVE-2026-40515 | High | 7.5 |
OpenHarness before commit bd4df81 contains a permission bypass vulnerability that allows attackers to read sensitive fil…
|
— | Apr 17, 2026 |
| CVE-2026-4659 | High | 7.5 |
The Unlimited Elements for Elementor plugin for WordPress is vulnerable to Arbitrary File Read via the Repeater JSON/CSV…
|
— | Apr 17, 2026 |
| CVE-2026-6490 | High | 7.3 |
A weakness has been identified in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. Impacted is an unknown f…
|
— | Apr 17, 2026 |
| CVE-2026-6483 | High | 7.2 |
A vulnerability was found in Wavlink WL-WN530H4 20220721. This vulnerability affects the function strcat/snprintf of the…
|
— | Apr 17, 2026 |
| CVE-2026-23776 | High | 7.2 |
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5,…
|
✅ Patch | Apr 17, 2026 |
| CVE-2026-5231 | High | 7.2 |
The WP Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'utm_source' parameter in al…
|
— | Apr 17, 2026 |
| CVE-2026-6421 | High | 7.0 |
A vulnerability has been found in Mobatek MobaXterm Home Edition up to 26.1. This affects an unknown part in the library…
|
— | Apr 17, 2026 |
| CVE-2026-4817 | Medium | 6.5 |
The MasterStudy LMS WordPress Plugin for Online Courses and Education plugin for WordPress is vulnerable to Time-based B…
|
— | Apr 17, 2026 |
| CVE-2026-3488 | Medium | 6.5 |
The WP Statistics plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 14.1…
|
— | Apr 17, 2026 |
| CVE-2026-6080 | Medium | 6.5 |
The Tutor LMS plugin for WordPress is vulnerable to SQL Injection in versions up to and including 3.9.8. This is due to …
|
— | Apr 17, 2026 |
| CVE-2026-4666 | Medium | 6.5 |
The wpForo Forum plugin for WordPress is vulnerable to unauthorized modification of data due to the use of `extract($arg…
|
— | Apr 17, 2026 |
| CVE-2026-2434 | Medium | 6.4 |
The Pz-LinkCard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blogcard' shortcode attribute…
|
— | Apr 17, 2026 |
| CVE-2026-5162 | Medium | 6.4 |
The Royal Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Instagram Feed …
|
— | Apr 17, 2026 |
| CVE-2026-6488 | Medium | 6.3 |
A vulnerability was identified in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. This vulnerability affec…
|
— | Apr 17, 2026 |
| CVE-2026-6497 | Medium | 6.3 |
A vulnerability was determined in prasathmani TinyFileManager up to 2.6. Affected by this vulnerability is an unknown fu…
|
— | Apr 17, 2026 |
| CVE-2026-6489 | Medium | 6.3 |
A security flaw has been discovered in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. This issue affects …
|
— | Apr 17, 2026 |
| CVE-2026-6496 | Medium | 5.4 |
A vulnerability was found in prasathmani TinyFileManager up to 2.6. Affected is an unknown function of the file /fileman…
|
— | Apr 17, 2026 |