NVD Vulnerabilities

Severity Distribution

Publication Trend

Vulnerability Database

CVE ID	Description	Published	Base Score	Attack Vector	Severity	Actions
CVE-2026-40745	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bdthemes Element Pack Elementor Addons bdthemes-...	2026-04-15	7.6	NETWORK	HIGH	NVD
CVE-2026-40744	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Beaver Builder Beaver Builder beaver-builder-lit...	2026-04-15	N/A	None	None	NVD
CVE-2026-40742	Missing Authorization vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Exploiting Incorrectly Configured Access Control Securi...	2026-04-15	5.3	NETWORK	MEDIUM	NVD
CVE-2026-40740	Missing Authorization vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affe...	2026-04-15	N/A	None	None	NVD
CVE-2026-40737	Authorization Bypass Through User-Controlled Key vulnerability in VillaTheme COMPE compe-woo-compare-products allows Exploiting Incorrectly Configured...	2026-04-15	5.3	NETWORK	MEDIUM	NVD
CVE-2026-40734	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zahlan Categories Images categories-images allow...	2026-04-15	N/A	None	None	NVD
CVE-2026-40730	Missing Authorization vulnerability in ThemeGrill ThemeGrill Demo Importer themegrill-demo-importer allows Exploiting Incorrectly Configured Access Co...	2026-04-15	N/A	None	None	NVD
CVE-2026-40729	Missing Authorization vulnerability in bPlugins 3D viewer – Embed 3D Models 3d-viewer allows Exploiting Incorrectly Configured Access Control Security...	2026-04-15	N/A	None	None	NVD
CVE-2026-40728	Missing Authorization vulnerability in BlockArt Magazine Blocks magazine-blocks allows Exploiting Incorrectly Configured Access Control Security Level...	2026-04-15	4.3	NETWORK	MEDIUM	NVD
CVE-2026-33805	@fastify/reply-from v12.6.1 and earlier and @fastify/http-proxy v11.4.3 and earlier process the client's Connection header after the proxy has added i...	2026-04-15	9.0	NETWORK	CRITICAL	NVD
CVE-2026-30778	The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information of MySQL/PostgreSQL. This issue affects Apache SkyWal...	2026-04-15	N/A	None	None	NVD
CVE-2026-28741	Mattermost versions 10.11.x <= 10.11.12, 11.5.x <= 11.5.0, 11.4.x <= 11.4.2, 11.3.x <= 11.3.2 fail to validate CSRF tokens on an authentication endpoi...	2026-04-15	6.8	NETWORK	MEDIUM	NVD
CVE-2026-27769	Mattermost versions 10.11.x <= 10.11.12 fail to validate whether users were correctly owned by the correct Connected Workspace which allows a maliciou...	2026-04-15	2.7	NETWORK	LOW	NVD
CVE-2026-5598	Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all (core modules). Non-constant time comparisons risk privat...	2026-04-15	10.0	NETWORK	CRITICAL	NVD
CVE-2026-5588	: Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix on all (pkix modules). PKIX draf...	2026-04-15	6.3	NETWORK	MEDIUM	NVD

Loading vulnerability details...

Description

EPSS Score

N/A

Exploit Prediction Scoring System

Dates

Published:

Last Modified:

CVSS v3.1 metrics not available for this vulnerability.

CVSS v4.0 metrics not available for this vulnerability.

CVSS v2.0 metrics not available for this vulnerability.

Weakness Information (CWE)

No CWE information available for this vulnerability.

Affected Products

No affected product information available for this vulnerability.

References

No references available for this vulnerability.