🛡️ CVE Intelligence Center
Common Vulnerabilities & Exposures — Security Intelligence Database
| CVE ID | Severity | CVSS | Description | Status | Published |
|---|---|---|---|---|---|
| CVE-2026-6348 | High | 8.8 |
WinMatrix agent developed by Simopro Technology has a Missing Authentication vulnerability, allowing authenticated local…
|
— | Apr 16, 2026 |
| CVE-2026-33083 | High | 8.8 |
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection…
|
⚡ Exploit | Apr 16, 2026 |
| CVE-2026-40502 | High | 8.8 |
OpenHarness prior to commit dd1d235 contains a command injection vulnerability that allows remote gateway users with cha…
|
— | Apr 16, 2026 |
| CVE-2026-3489 | High | 7.5 |
The DirectoryPress – Business Directory And Classified Ad Listing plugin for WordPress is vulnerable to SQL Injection vi…
|
— | Apr 16, 2026 |
| CVE-2026-5050 | High | 7.5 |
The Payment Gateway for Redsys & WooCommerce Lite plugin for WordPress is vulnerable to Improper Verification of Cryptog…
|
— | Apr 16, 2026 |
| CVE-2026-40246 | High | 7.5 |
free5GC is an open-source implementation of the 5G core network. In versions 1.4.2 and below of the UDR service, the han…
|
⚡ Exploit | Apr 16, 2026 |
| CVE-2026-3599 | High | 7.5 |
The Riaxe Product Customizer plugin for WordPress is vulnerable to SQL Injection via the 'options' parameter keys within…
|
— | Apr 16, 2026 |
| CVE-2026-40247 | High | 7.5 |
free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the han…
|
⚡ Exploit | Apr 16, 2026 |
| CVE-2026-6351 | High | 7.5 |
MailGates/MailAudit developed by Openfind has a CRLF Injection vulnerability, allowing unauthenticated remote attackers …
|
— | Apr 16, 2026 |
| CVE-2026-3876 | High | 7.2 |
The Prismatic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'prismatic_encoded' pseudo-short…
|
— | Apr 16, 2026 |
| CVE-2026-3773 | Medium | 6.5 |
The Accessibility Suite by Ability, Inc plugin for WordPress is vulnerable to SQL Injection via the 'scan_id' parameter …
|
— | Apr 16, 2026 |
| CVE-2026-40503 | Medium | 6.5 |
OpenHarness prior to commit dd1d235 contains a path traversal vulnerability that allows remote gateway users with chat a…
|
— | Apr 16, 2026 |
| CVE-2026-3299 | Medium | 6.4 |
The WP YouTube Lyte plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'lyte' shortcode …
|
— | Apr 16, 2026 |
| CVE-2026-3875 | Medium | 6.4 |
The BetterDocs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'betterdocs_feedback_form' shor…
|
— | Apr 16, 2026 |
| CVE-2026-3878 | Medium | 6.4 |
The WP Docs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpdocs_options[icon_size]' parame…
|
— | Apr 16, 2026 |
| CVE-2026-5070 | Medium | 6.4 |
The Vantage theme for WordPress is vulnerable to Stored Cross-Site Scripting via Gallery block text content in versions …
|
— | Apr 16, 2026 |
| CVE-2026-1572 | Medium | 6.4 |
The Livemesh Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data and Stored Cro…
|
— | Apr 16, 2026 |
| CVE-2025-13364 | Medium | 6.4 |
The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnera…
|
— | Apr 16, 2026 |
| CVE-2026-2840 | Medium | 6.4 |
The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to Stored Cross-Site Sc…
|
— | Apr 16, 2026 |
| CVE-2026-3885 | Medium | 6.4 |
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the…
|
— | Apr 16, 2026 |