NVD Vulnerabilities

Severity Distribution

Publication Trend

Vulnerability Database

CVE ID	Description	Published	Base Score	Attack Vector	Severity	Actions
CVE-2026-3505	Allocation of resources without limits or throttling vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpg on all (pg modules).This issue aff...	2026-04-15	8.7	NETWORK	HIGH	NVD
CVE-2026-33808	Impact@fastify/express v4.0.4 and earlier fails to normalize URLs before passing them to Express middleware when Fastify router normalization options ...	2026-04-15	9.1	NETWORK	CRITICAL	NVD
CVE-2026-33807	@fastify/express v4.0.4 and earlier contains a path handling bug in the onRegister function that causes middleware paths to be doubled when inherited ...	2026-04-15	9.1	NETWORK	CRITICAL	NVD
CVE-2026-0636	Improper neutralization of special elements used in an LDAP query ('LDAP injection') vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov ...	2026-04-15	5.5	NETWORK	MEDIUM	NVD
CVE-2025-14813	Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all (core modules). This vulnerab...	2026-04-15	9.3	LOCAL	CRITICAL	NVD
CVE-2024-33618	Uncontrolled Resource Consumption in Bosch VMS Central Server in Bosch VMS 12.0.1 allows attackers to consume excessive amounts of disk space via ne...	2026-04-15	7.5	NETWORK	HIGH	NVD
CVE-2026-5717	The VI: Include Post By plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class_container' attribute of the 'include-post-by-...	2026-04-15	6.4	NETWORK	MEDIUM	NVD
CVE-2026-5694	The Quick Interest Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'loan-amount' and 'loan-period' parameters in all ...	2026-04-15	7.2	NETWORK	HIGH	NVD
CVE-2026-5617	The Login as User plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.3. This is due to the handle_re...	2026-04-15	8.8	NETWORK	HIGH	NVD
CVE-2026-4091	The OPEN-BRAIN plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5.0. This is due to missing no...	2026-04-15	6.1	NETWORK	MEDIUM	NVD
CVE-2026-4011	The Power Charts Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the [pc] shortcode in all versions u...	2026-04-15	6.4	NETWORK	MEDIUM	NVD
CVE-2026-4005	The Coachific Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'userhash' shortcode attribute in all versions up to...	2026-04-15	6.4	NETWORK	MEDIUM	NVD
CVE-2026-4002	The Petje.af plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 2.1.8. This is due to missing nonce ...	2026-04-15	4.3	NETWORK	MEDIUM	NVD
CVE-2026-3998	The WM JqMath plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style' shortcode attribute of the [jqmath] shortcode in all v...	2026-04-15	6.4	NETWORK	MEDIUM	NVD
CVE-2026-3659	The WP Circliful plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute of the [circliful] shortcode and v...	2026-04-15	6.4	NETWORK	MEDIUM	NVD

Loading vulnerability details...

Description

EPSS Score

N/A

Exploit Prediction Scoring System

Dates

Published:

Last Modified:

CVSS v3.1 metrics not available for this vulnerability.

CVSS v4.0 metrics not available for this vulnerability.

CVSS v2.0 metrics not available for this vulnerability.

Weakness Information (CWE)

No CWE information available for this vulnerability.

Affected Products

No affected product information available for this vulnerability.

References

No references available for this vulnerability.