🛡️ CVE Intelligence Center
Common Vulnerabilities & Exposures — Security Intelligence Database
| CVE ID | Severity | CVSS | Description | Status | Published |
|---|---|---|---|---|---|
| CVE-2026-1636 | Medium | 6.7 |
A potential DLL hijacking vulnerability was reported in Lenovo Service Bridge that, under certain conditions, could allo…
|
— | Apr 15, 2026 |
| CVE-2026-4135 | Medium | 6.6 |
During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix, that during ins…
|
— | Apr 15, 2026 |
| CVE-2026-20202 | Medium | 6.6 |
In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.26…
|
— | Apr 15, 2026 |
| CVE-2026-20081 | Medium | 6.5 |
Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitr…
|
— | Apr 15, 2026 |
| CVE-2026-20078 | Medium | 6.5 |
Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitr…
|
— | Apr 15, 2026 |
| CVE-2026-6385 | Medium | 6.5 |
A flaw was found in FFmpeg. A remote attacker could exploit this vulnerability by providing a specially crafted MPEG-PS/…
|
— | Apr 15, 2026 |
| CVE-2025-15470 | Medium | 6.5 |
The Eleganzo theme for WordPress is vulnerable to arbitrary directory deletion due to insufficient path validation in th…
|
— | Apr 15, 2026 |
| CVE-2026-4011 | Medium | 6.4 |
The Power Charts Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the [p…
|
— | Apr 15, 2026 |
| CVE-2026-4005 | Medium | 6.4 |
The Coachific Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'userhash' shortcode a…
|
— | Apr 15, 2026 |
| CVE-2026-5717 | Medium | 6.4 |
The VI: Include Post By plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class_container' attr…
|
— | Apr 15, 2026 |
| CVE-2026-3659 | Medium | 6.4 |
The WP Circliful plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute of t…
|
— | Apr 15, 2026 |
| CVE-2026-3998 | Medium | 6.4 |
The WM JqMath plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style' shortcode attribute of t…
|
— | Apr 15, 2026 |
| CVE-2026-40919 | Medium | 6.1 |
A flaw was found in GIMP. This vulnerability, a buffer overflow in the `file-seattle-filmworks` plugin, can be exploited…
|
— | Apr 15, 2026 |
| CVE-2026-20059 | Medium | 6.1 |
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote a…
|
— | Apr 15, 2026 |
| CVE-2026-1852 | Medium | 6.1 |
The Product Pricing Table by WooBeWoo plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions u…
|
— | Apr 15, 2026 |
| CVE-2026-4091 | Medium | 6.1 |
The OPEN-BRAIN plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.…
|
— | Apr 15, 2026 |
| CVE-2026-20170 | Medium | 6.1 |
A vulnerability in the Desktop Agent functionality of Cisco Webex Contact Center could have allowed an unauthenticated, …
|
— | Apr 15, 2026 |
| CVE-2026-20136 | Medium | 6.0 |
A vulnerability in the CLI of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PI…
|
— | Apr 15, 2026 |
| CVE-2026-6245 | Medium | 5.5 |
A flaw was found in the System Security Services Daemon (SSSD). The pam_passkey_child_read_data() function within the PA…
|
— | Apr 15, 2026 |
| CVE-2026-20161 | Medium | 5.5 |
A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent could allow an authenticated, local attacker with low …
|
— | Apr 15, 2026 |