🛡️ CVE Intelligence Center
Common Vulnerabilities & Exposures — Security Intelligence Database
| CVE ID | Severity | CVSS | Description | Status | Published |
|---|---|---|---|---|---|
| CVE-2026-40915 | Medium | 5.5 |
A flaw was found in GIMP. A remote attacker could exploit an integer overflow vulnerability in the FITS image loader by …
|
— | Apr 15, 2026 |
| CVE-2026-40918 | Medium | 5.5 |
A flaw was found in GIMP. Processing a specially crafted PVR image file with large dimensions can lead to a denial of se…
|
— | Apr 15, 2026 |
| CVE-2026-1509 | Medium | 5.4 |
The Avada (Fusion) Builder plugin for WordPress is vulnerable to Arbitrary WordPress Action Execution in all versions up…
|
— | Apr 15, 2026 |
| CVE-2026-6383 | Medium | 5.4 |
A flaw was found in KubeVirt's Role-Based Access Control (RBAC) evaluation logic. The authorization mechanism improperly…
|
— | Apr 15, 2026 |
| CVE-2026-3649 | Medium | 5.3 |
The Katalogportal PDF Sync plugin for WordPress is vulnerable to Missing Authorization in all versions up to and includi…
|
— | Apr 15, 2026 |
| CVE-2026-3642 | Medium | 5.3 |
The e-shot™ form builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including…
|
— | Apr 15, 2026 |
| CVE-2026-1314 | Medium | 5.3 |
The 3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery plugin for WordPress is vulnerable to unauth…
|
— | Apr 15, 2026 |
| CVE-2026-1782 | Medium | 5.3 |
The MetForm Pro plugin for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 3…
|
— | Apr 15, 2026 |
| CVE-2026-4812 | Medium | 5.3 |
The Advanced Custom Fields (ACF) plugin for WordPress is vulnerable to Missing Authorization to Arbitrary Post/Page Disc…
|
— | Apr 15, 2026 |
| CVE-2026-20152 | Medium | 5.3 |
A vulnerability in the authentication service feature of Cisco AsyncOS Software for Cisco Secure Web Appliance could all…
|
— | Apr 15, 2026 |
| CVE-2026-40916 | Medium | 5.0 |
A flaw was found in GIMP. A stack buffer overflow vulnerability in the TIM image loader's 4BPP decoding path allows a lo…
|
— | Apr 15, 2026 |
| CVE-2026-40917 | Medium | 5.0 |
A flaw was found in GIMP. This vulnerability, a heap buffer over-read in the `icns_slurp()` function, occurs when proces…
|
— | Apr 15, 2026 |
| CVE-2009-0238 | Critical | 9.8 |
Microsoft Office — CVE-2009-0238
Microsoft Office Excel contains a remote code execution vulnerability that could allow …
|
— | Apr 14, 2026 |
| CVE-2026-25654 | High | 8.8 |
A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3). Affected products do not properly validate u…
|
— | Apr 14, 2026 |
| CVE-2026-33120 | High | 8.8 |
Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network.
|
— | Apr 14, 2026 |
| CVE-2026-32171 | High | 8.8 |
Insufficiently protected credentials in Azure Logic Apps allows an authorized attacker to elevate privileges over a netw…
|
— | Apr 14, 2026 |
| CVE-2026-27668 | High | 8.8 |
A vulnerability has been identified in RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) (All versions < V5.8). U…
|
— | Apr 14, 2026 |
| CVE-2026-27928 | High | 8.7 |
Improper input validation in Windows Hello allows an unauthorized attacker to bypass a security feature over a network.
|
— | Apr 14, 2026 |
| CVE-2026-34617 | High | 8.7 |
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability that could r…
|
— | Apr 14, 2026 |
| CVE-2026-27305 | High | 8.6 |
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Dir…
|
— | Apr 14, 2026 |