🛡️ CVE Intelligence Center
Common Vulnerabilities & Exposures — Security Intelligence Database
| CVE ID | Severity | CVSS | Description | Status | Published |
|---|---|---|---|---|---|
| CVE-2026-3581 | Medium | 5.3 |
The Basic Google Maps Placemarks plugin for WordPress is vulnerable to authorization bypass in versions up to, and inclu…
|
— | Apr 16, 2026 |
| CVE-2026-0718 | Medium | 5.3 |
The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vulnerable to unauthor…
|
— | Apr 16, 2026 |
| CVE-2026-5617 | High | 8.8 |
The Login as User plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.3…
|
— | Apr 15, 2026 |
| CVE-2026-34632 | High | 8.2 |
Adobe Photoshop Installer was affected by an Uncontrolled Search Path Element vulnerability that could have resulted in …
|
— | Apr 15, 2026 |
| CVE-2026-4145 | High | 7.8 |
During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix that could allow…
|
— | Apr 15, 2026 |
| CVE-2026-22676 | High | 7.8 |
Barracuda RMM versions prior to 2025.2.2 contain a privilege escalation vulnerability that allows local attackers to gai…
|
— | Apr 15, 2026 |
| CVE-2026-6384 | High | 7.3 |
A flaw was found in gimp. This buffer overflow vulnerability in the GIF image loading component's `ReadJeffsImage` funct…
|
— | Apr 15, 2026 |
| CVE-2026-4134 | High | 7.3 |
During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix, that during ins…
|
— | Apr 15, 2026 |
| CVE-2026-20205 | High | 7.2 |
In Splunk MCP Server app versions below 1.0.3 , a user who holds a role with access to the Splunk `_internal` index or p…
|
— | Apr 15, 2026 |
| CVE-2026-2834 | High | 7.2 |
The Age Verification & Identity Verification by Token of Trust plugin for WordPress is vulnerable to Stored Cross-Site S…
|
— | Apr 15, 2026 |
| CVE-2026-3643 | High | 7.2 |
The Accessibly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API in all versions up to,…
|
— | Apr 15, 2026 |
| CVE-2026-5694 | High | 7.2 |
The Quick Interest Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'loan-amount' and 'l…
|
— | Apr 15, 2026 |
| CVE-2026-20204 | High | 7.1 |
In Splunk Enterprise versions below 10.2.1, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.26…
|
— | Apr 15, 2026 |
| CVE-2026-0827 | High | 7.1 |
During an internal security assessment, a potential vulnerability was discovered in Lenovo Diagnostics and the HardwareS…
|
— | Apr 15, 2026 |
| CVE-2026-40500 | Medium | 6.8 |
ProcessWire CMS version 3.0.255 and prior contain a server-side request forgery vulnerability in the admin panel's 'Add …
|
— | Apr 15, 2026 |
| CVE-2026-1636 | Medium | 6.7 |
A potential DLL hijacking vulnerability was reported in Lenovo Service Bridge that, under certain conditions, could allo…
|
— | Apr 15, 2026 |
| CVE-2026-20202 | Medium | 6.6 |
In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.26…
|
— | Apr 15, 2026 |
| CVE-2026-4135 | Medium | 6.6 |
During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix, that during ins…
|
— | Apr 15, 2026 |
| CVE-2025-15470 | Medium | 6.5 |
The Eleganzo theme for WordPress is vulnerable to arbitrary directory deletion due to insufficient path validation in th…
|
— | Apr 15, 2026 |
| CVE-2026-20078 | Medium | 6.5 |
Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitr…
|
— | Apr 15, 2026 |