Search Results (37486 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-20849 1 Microsoft 23 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 20 more 2026-04-16 7.5 High
Reliance on untrusted inputs in a security decision in Windows Kerberos allows an authorized attacker to elevate privileges over a network.
CVE-2026-1004 2 Wordpress, Wpdevteam 2 Wordpress, Essential Addons For Elementor 2026-04-16 5.3 Medium
The Essential Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to and including 6.5.5 via the 'eael_product_quickview_popup' function. This makes it possible for unauthenticated attackers to retrieve WooCommerce product information for products with draft, pending, or private status, which should normally be restricted.
CVE-2026-22461 2 Webappick, Wordpress 2 Ctx Feed, Wordpress 2026-04-16 5.3 Medium
Missing Authorization vulnerability in WebAppick CTX Feed webappick-product-feed-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CTX Feed: from n/a through <= 6.6.18.
CVE-2026-24566 2 Inet, Wordpress 2 Inet Webkit, Wordpress 2026-04-16 6.5 Medium
Missing Authorization vulnerability in iNET iNET Webkit inet-webkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iNET Webkit: from n/a through <= 1.2.4.
CVE-2026-1478 1 Quatuor 2 Evaluaci N De Desempe O Edd , Evaluacion De Desempeno 2026-04-16 7.5 High
An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Id_usuario' and 'Id_evaluacion’ in ‘/evaluacion_hca_evalua.aspx’, could allow an attacker to extract sensitive information from the database through external channels, without the affected application returning the data directly, compromising the confidentiality of the stored information.
CVE-2026-24945 2 Themefic, Wordpress 2 Ultimate Addons For Contact Form 7, Wordpress 2026-04-16 5.3 Medium
Missing Authorization vulnerability in Themefic Ultimate Addons for Contact Form 7 ultimate-addons-for-contact-form-7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Addons for Contact Form 7: from n/a through <= 3.5.34.
CVE-2026-24957 2 Wordpress, Wpchill 2 Wordpress, Strong Testimonials 2026-04-16 6.5 Medium
Missing Authorization vulnerability in WP Chill Strong Testimonials strong-testimonials allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Strong Testimonials: from n/a through <= 3.2.20.
CVE-2026-24995 1 Wordpress 1 Wordpress 2026-04-16 4.3 Medium
Missing Authorization vulnerability in Iulia Cazan Latest Post Shortcode latest-post-shortcode allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Latest Post Shortcode: from n/a through <= 14.2.0.
CVE-2026-24997 1 Wordpress 1 Wordpress 2026-04-16 5.3 Medium
Missing Authorization vulnerability in Wired Impact Wired Impact Volunteer Management wired-impact-volunteer-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wired Impact Volunteer Management: from n/a through <= 2.8.
CVE-2026-25036 2 Wordpress, Wpchill 2 Wordpress, Passster 2026-04-16 6.5 Medium
Missing Authorization vulnerability in WP Chill Passster content-protector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Passster: from n/a through <= 4.2.25.
CVE-2026-23053 1 Linux 1 Linux Kernel 2026-04-16 7.0 High
In the Linux kernel, the following vulnerability has been resolved: NFS: Fix a deadlock involving nfs_release_folio() Wang Zhaolong reports a deadlock involving NFSv4.1 state recovery waiting on kthreadd, which is attempting to reclaim memory by calling nfs_release_folio(). The latter cannot make progress due to state recovery being needed. It seems that the only safe thing to do here is to kick off a writeback of the folio, without waiting for completion, or else kicking off an asynchronous commit.
CVE-2026-21519 1 Microsoft 25 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 22 more 2026-04-16 7.8 High
Access of resource using incompatible type ('type confusion') in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
CVE-2026-22422 2 Wordpress, Wpeverest 2 Wordpress, Everest Forms 2026-04-16 5.3 Medium
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in wpeverest Everest Forms everest-forms allows Code Injection.This issue affects Everest Forms: from n/a through <= 3.4.1.
CVE-2026-23545 2 Arubadev, Wordpress 2 Aruba Hispeed Cache, Wordpress 2026-04-16 6.5 Medium
Missing Authorization vulnerability in Aruba.it Dev Aruba HiSpeed Cache aruba-hispeed-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Aruba HiSpeed Cache: from n/a through <= 3.0.4.
CVE-2026-23547 2 Cmsmasters, Wordpress 2 Cmsmasters Content Composer, Wordpress 2026-04-16 7.1 High
Missing Authorization vulnerability in cmsmasters CMSMasters Content Composer cmsmasters-content-composer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CMSMasters Content Composer: from n/a through <= 2.5.8.
CVE-2026-23804 2 Bbr Plugins, Wordpress 2 Better Business Reviews, Wordpress 2026-04-16 5.4 Medium
Missing Authorization vulnerability in BBR Plugins Better Business Reviews better-business-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Better Business Reviews: from n/a through <= 0.1.1.
CVE-2026-23805 2 Wordpress, Yoren Chang 2 Wordpress, Media Search Enhanced 2026-04-16 7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yoren Chang Media Search Enhanced media-search-enhanced allows SQL Injection.This issue affects Media Search Enhanced: from n/a through <= 0.9.1.
CVE-2026-25318 2 Wisernotify Team, Wordpress 2 Wiserreview Product Reviews For Woocommerce, Wordpress 2026-04-16 4.3 Medium
Missing Authorization vulnerability in Wisernotify team WiserReview Product Reviews for WooCommerce wiser-review allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WiserReview Product Reviews for WooCommerce: from n/a through <= 2.9.
CVE-2026-25321 2 Psm Plugins, Wordpress 2 Supportcandy, Wordpress 2026-04-16 5.3 Medium
Missing Authorization vulnerability in PSM Plugins SupportCandy supportcandy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SupportCandy: from n/a through <= 3.4.4.
CVE-2026-25378 2 Neliosoftware, Wordpress 2 Nelio Ab Testing, Wordpress 2026-04-16 7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Blind SQL Injection.This issue affects Nelio AB Testing: from n/a through <= 8.2.4.