NVD Vulnerabilities

Severity Distribution

Publication Trend

Vulnerability Database

CVE ID	Description	Published	Base Score	Attack Vector	Severity	Actions
CVE-2026-4812	The Advanced Custom Fields (ACF) plugin for WordPress is vulnerable to Missing Authorization to Arbitrary Post/Page Disclosure in versions up to and i...	2026-04-15	5.3	NETWORK	MEDIUM	NVD
CVE-2026-40499	radare2 prior to version 6.1.4 contains a command injection vulnerability in the PDB parser's print_gvars() function that allows attackers to execute ...	2026-04-15	8.4	LOCAL	HIGH	NVD
CVE-2026-40105	XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 10.4-rc-1, through 16.10.15, 17.0.0...	2026-04-15	6.5	NETWORK	MEDIUM	NVD
CVE-2026-40104	XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 1.8-rc-1, 17.0.0-rc-1 and 17.5.0-rc-...	2026-04-15	6.9	NETWORK	MEDIUM	NVD
CVE-2026-40096	immich is a high performance self-hosted photo and video management solution. Versions prior to 2.7.3 contain an open redirect vulnerability in the sh...	2026-04-15	5.1	NETWORK	MEDIUM	NVD
CVE-2026-40091	SpiceDB is an open source database system for creating and managing security-critical application permissions. In versions 1.49.0 through 1.51.0, when...	2026-04-15	6.0	LOCAL	MEDIUM	NVD
CVE-2026-40090	Zarf is an Airgap Native Packager Manager for Kubernetes. Versions 0.23.0 through 0.74.1 contain an arbitrary file write vulnerability in the zarf pac...	2026-04-15	7.1	NETWORK	HIGH	NVD
CVE-2026-39984	Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Versions 2.0.5 and below contain an authorization bypass vulnerability in t...	2026-04-15	5.5	LOCAL	MEDIUM	NVD
CVE-2026-39971	Serendipity is a PHP-powered weblog engine. In versions 2.6-beta2 and below, the email sending functionality in include/functions.inc.php inserts $_SE...	2026-04-15	7.2	NETWORK	HIGH	NVD
CVE-2026-39963	Serendipity is a PHP-powered weblog engine. In versions 2.6-beta2 and below, the serendipity_setCookie() function in include/functions_config.inc.php...	2026-04-15	6.9	NETWORK	MEDIUM	NVD
CVE-2026-39884	mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Versions 3.4.0 and prior contain an argument injection vul...	2026-04-15	8.3	NETWORK	HIGH	NVD
CVE-2026-39842	OpenRemote is an open-source IoT platform. Versions 1.21.0 and below contain two interrelated expression injection vulnerabilities in the rules engine...	2026-04-15	9.9	NETWORK	CRITICAL	NVD
CVE-2026-33806	Impact: Fastify applications using schema.body.content for per-content-type body validation can have validation bypassed entirely by prepending a spa...	2026-04-15	7.5	NETWORK	HIGH	NVD
CVE-2026-2834	The Age Verification & Identity Verification by Token of Trust plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘description’...	2026-04-15	7.2	NETWORK	HIGH	NVD
CVE-2026-2396	The List View Google Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the event description in all versions up to, and i...	2026-04-15	4.4	NETWORK	MEDIUM	NVD

Loading vulnerability details...

Description

EPSS Score

N/A

Exploit Prediction Scoring System

Dates

Published:

Last Modified:

CVSS v3.1 metrics not available for this vulnerability.

CVSS v4.0 metrics not available for this vulnerability.

CVSS v2.0 metrics not available for this vulnerability.

Weakness Information (CWE)

No CWE information available for this vulnerability.

Affected Products

No affected product information available for this vulnerability.

References

No references available for this vulnerability.