NVD Vulnerabilities

Severity Distribution

Publication Trend

Vulnerability Database

CVE ID	Description	Published	Base Score	Attack Vector	Severity	Actions
CVE-2026-4002	The Petje.af plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 2.1.8. This is due to missing nonce ...	2026-04-15	4.3	NETWORK	MEDIUM	NVD
CVE-2026-3998	The WM JqMath plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style' shortcode attribute of the [jqmath] shortcode in all v...	2026-04-15	6.4	NETWORK	MEDIUM	NVD
CVE-2026-3659	The WP Circliful plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute of the [circliful] shortcode and v...	2026-04-15	6.4	NETWORK	MEDIUM	NVD
CVE-2026-3649	The Katalogportal PDF Sync plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.0.0. The katalogportal_po...	2026-04-15	5.3	NETWORK	MEDIUM	NVD
CVE-2026-3643	The Accessibly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API in all versions up to, and including, 3.0.3. The plu...	2026-04-15	7.2	NETWORK	HIGH	NVD
CVE-2026-3642	The e-shot™ form builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.0.2. The eshot_form_builder...	2026-04-15	5.3	NETWORK	MEDIUM	NVD
CVE-2026-3461	The Visa Acceptance Solutions plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.1.0. This is due to ...	2026-04-15	9.8	NETWORK	CRITICAL	NVD
CVE-2026-1782	The MetForm Pro plugin for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 3.9.7 This is due to the paymen...	2026-04-15	5.3	NETWORK	MEDIUM	NVD
CVE-2025-52641	HCL AION is affected by a vulnerability where certain system behaviours may allow exploration of internal filesystem structures. Exposure of such info...	2026-04-15	2.9	LOCAL	LOW	NVD
CVE-2025-40899	A Stored Cross-Site Scripting vulnerability was discovered in the Assets and Nodes functionality due to improper validation of an input parameter. An ...	2026-04-15	8.9	NETWORK	HIGH	NVD
CVE-2025-40897	An access control vulnerability was discovered in the Threat Intelligence functionality due to a specific access restriction not being properly enforc...	2026-04-15	8.1	NETWORK	HIGH	NVD
CVE-2026-5088	Apache::API::Password versions through v0.5.2 for Perl can generate insecure random values for salts. The _make_salt and _make_salt_bcrypt methods wi...	2026-04-15	7.5	NETWORK	HIGH	NVD
CVE-2026-6293	The Inquiry Form to Posts or Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to Stored Cross-Site Scripting in version ...	2026-04-15	4.3	NETWORK	MEDIUM	NVD
CVE-2026-40719	Deadwood in MaraDNS 3.5.0036 allows attackers to exhaust connection slots via a zone whose authoritative nameserver address cannot be resolved.	2026-04-15	7.5	NETWORK	HIGH	NVD
CVE-2026-5160	Versions of the package github.com/yuin/goldmark/renderer/html before 1.7.17 are vulnerable to Cross-site Scripting (XSS) due to improper ordering of ...	2026-04-15	6.1	NETWORK	MEDIUM	NVD

Loading vulnerability details...

Description

EPSS Score

N/A

Exploit Prediction Scoring System

Dates

Published:

Last Modified:

CVSS v3.1 metrics not available for this vulnerability.

CVSS v4.0 metrics not available for this vulnerability.

CVSS v2.0 metrics not available for this vulnerability.

Weakness Information (CWE)

No CWE information available for this vulnerability.

Affected Products

No affected product information available for this vulnerability.

References

No references available for this vulnerability.