NVD Vulnerabilities

Severity Distribution

Publication Trend

Vulnerability Database

CVE ID	Description	Published	Base Score	Attack Vector	Severity	Actions
CVE-2026-3649	The Katalogportal PDF Sync plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.0.0. The katalogportal_po...	2026-04-15	5.3	NETWORK	MEDIUM	NVD
CVE-2026-3643	The Accessibly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API in all versions up to, and including, 3.0.3. The plu...	2026-04-15	7.2	NETWORK	HIGH	NVD
CVE-2026-3642	The e-shot™ form builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.0.2. The eshot_form_builder...	2026-04-15	5.3	NETWORK	MEDIUM	NVD
CVE-2026-3461	The Visa Acceptance Solutions plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.1.0. This is due to ...	2026-04-15	9.8	NETWORK	CRITICAL	NVD
CVE-2026-1782	The MetForm Pro plugin for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 3.9.7 This is due to the paymen...	2026-04-15	5.3	NETWORK	MEDIUM	NVD
CVE-2025-52641	HCL AION is affected by a vulnerability where certain system behaviours may allow exploration of internal filesystem structures. Exposure of such info...	2026-04-15	2.9	LOCAL	LOW	NVD
CVE-2025-40899	A Stored Cross-Site Scripting vulnerability was discovered in the Assets and Nodes functionality due to improper validation of an input parameter. An ...	2026-04-15	8.9	NETWORK	HIGH	NVD
CVE-2025-40897	An access control vulnerability was discovered in the Threat Intelligence functionality due to a specific access restriction not being properly enforc...	2026-04-15	8.1	NETWORK	HIGH	NVD
CVE-2026-5088	Apache::API::Password versions through v0.5.2 for Perl can generate insecure random values for salts. The _make_salt and _make_salt_bcrypt methods wi...	2026-04-15	N/A	None	None	NVD
CVE-2026-6293	The Inquiry Form to Posts or Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to Stored Cross-Site Scripting in version ...	2026-04-15	4.3	NETWORK	MEDIUM	NVD
CVE-2026-40719	Deadwood in MaraDNS 3.5.0036 allows attackers to exhaust connection slots via a zone whose authoritative nameserver address cannot be resolved.	2026-04-15	7.5	NETWORK	HIGH	NVD
CVE-2026-5160	Versions of the package github.com/yuin/goldmark/renderer/html before 1.7.17 are vulnerable to Cross-site Scripting (XSS) due to improper ordering of ...	2026-04-15	6.1	NETWORK	MEDIUM	NVD
CVE-2026-5397	It has been identified that a vulnerability (CWE-427) exists in the UPS (Uninterruptible Power Supply) management application, whereby improper permis...	2026-04-15	7.8	LOCAL	HIGH	NVD
CVE-2026-26291	Stored cross-site scripting vulnerability exists in GROWI v7.4.6 and earlier. If this vulnerability is exploited, an arbitrary script may be executed ...	2026-04-15	4.8	NETWORK	MEDIUM	NVD
CVE-2026-6328	Improper input validation, Improper verification of cryptographic signature vulnerability in XQUIC Project XQUIC xquic on Linux (QUIC protocol impleme...	2026-04-15	8.3	NETWORK	HIGH	NVD

Loading vulnerability details...

Description

EPSS Score

N/A

Exploit Prediction Scoring System

Dates

Published:

Last Modified:

CVSS v3.1 metrics not available for this vulnerability.

CVSS v4.0 metrics not available for this vulnerability.

CVSS v2.0 metrics not available for this vulnerability.

Weakness Information (CWE)

No CWE information available for this vulnerability.

Affected Products

No affected product information available for this vulnerability.

References

No references available for this vulnerability.