🛡️ CVE Intelligence Center
Common Vulnerabilities & Exposures — Security Intelligence Database
| CVE ID | Severity | CVSS | Description | Status | Published |
|---|---|---|---|---|---|
| CVE-2026-3581 | Medium | 5.3 |
The Basic Google Maps Placemarks plugin for WordPress is vulnerable to authorization bypass in versions up to, and inclu…
|
— | Apr 16, 2026 |
| CVE-2026-0718 | Medium | 5.3 |
The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vulnerable to unauthor…
|
— | Apr 16, 2026 |
| CVE-2026-4160 | Medium | 5.3 |
The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulne…
|
— | Apr 16, 2026 |
| CVE-2026-40500 | Medium | 6.8 |
ProcessWire CMS version 3.0.255 and prior contain a server-side request forgery vulnerability in the admin panel's 'Add …
|
— | Apr 15, 2026 |
| CVE-2026-1636 | Medium | 6.7 |
A potential DLL hijacking vulnerability was reported in Lenovo Service Bridge that, under certain conditions, could allo…
|
— | Apr 15, 2026 |
| CVE-2026-20202 | Medium | 6.6 |
In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.26…
|
— | Apr 15, 2026 |
| CVE-2026-4135 | Medium | 6.6 |
During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix, that during ins…
|
— | Apr 15, 2026 |
| CVE-2026-20081 | Medium | 6.5 |
Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitr…
|
— | Apr 15, 2026 |
| CVE-2026-20078 | Medium | 6.5 |
Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitr…
|
— | Apr 15, 2026 |
| CVE-2025-15470 | Medium | 6.5 |
The Eleganzo theme for WordPress is vulnerable to arbitrary directory deletion due to insufficient path validation in th…
|
— | Apr 15, 2026 |
| CVE-2026-6385 | Medium | 6.5 |
A flaw was found in FFmpeg. A remote attacker could exploit this vulnerability by providing a specially crafted MPEG-PS/…
|
— | Apr 15, 2026 |
| CVE-2026-3659 | Medium | 6.4 |
The WP Circliful plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute of t…
|
— | Apr 15, 2026 |
| CVE-2026-3998 | Medium | 6.4 |
The WM JqMath plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style' shortcode attribute of t…
|
— | Apr 15, 2026 |
| CVE-2026-4005 | Medium | 6.4 |
The Coachific Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'userhash' shortcode a…
|
— | Apr 15, 2026 |
| CVE-2026-4011 | Medium | 6.4 |
The Power Charts Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the [p…
|
— | Apr 15, 2026 |
| CVE-2026-5717 | Medium | 6.4 |
The VI: Include Post By plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class_container' attr…
|
— | Apr 15, 2026 |
| CVE-2026-1852 | Medium | 6.1 |
The Product Pricing Table by WooBeWoo plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions u…
|
— | Apr 15, 2026 |
| CVE-2026-20170 | Medium | 6.1 |
A vulnerability in the Desktop Agent functionality of Cisco Webex Contact Center could have allowed an unauthenticated, …
|
— | Apr 15, 2026 |
| CVE-2026-20059 | Medium | 6.1 |
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote a…
|
— | Apr 15, 2026 |
| CVE-2026-40919 | Medium | 6.1 |
A flaw was found in GIMP. This vulnerability, a buffer overflow in the `file-seattle-filmworks` plugin, can be exploited…
|
— | Apr 15, 2026 |