NVD Vulnerabilities

Severity Distribution

Publication Trend

Vulnerability Database

CVE ID	Description	Published	Base Score	Attack Vector	Severity	Actions
CVE-2026-40324	Hot Chocolate is an open-source GraphQL server. Prior to versions 12.22.7, 13.9.16, 14.3.1, and 15.1.14, Hot Chocolate's recursive descent parser `Utf...	2026-04-18	9.1	NETWORK	CRITICAL	NVD
CVE-2026-40323	SP1 is a zero‑knowledge virtual machine that proves the correct execution of programs compiled for the RISC-V architecture. In versions 6.0.0 through ...	2026-04-18	8.9	NETWORK	HIGH	NVD
CVE-2026-2262	The Easy Appointments plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.12.21 via the `/wp-...	2026-04-18	7.5	NETWORK	HIGH	NVD
CVE-2026-40486	Kimai is an open-source time tracking application. In versions 2.52.0 and below, the User Preferences API endpoint (PATCH /api/users/{id}/preferences)...	2026-04-17	4.3	NETWORK	MEDIUM	NVD
CVE-2026-40481	monetr is a budgeting application for recurring expenses. In versions 1.12.3 and below, the public Stripe webhook endpoint buffers the entire request ...	2026-04-17	8.2	NETWORK	HIGH	NVD
CVE-2026-40479	Kimai is an open-source time tracking application. In versions 1.16.3 through 2.52.0, the escapeForHtml() function in KimaiEscape.js does not escape d...	2026-04-17	5.4	NETWORK	MEDIUM	NVD
CVE-2026-2434	The Pz-LinkCard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blogcard' shortcode attributes in all versions up to, and i...	2026-04-17	6.4	NETWORK	MEDIUM	NVD
CVE-2026-5720	miniupnpd contains an integer underflow vulnerability in SOAPAction header parsing that allows remote attackers to cause a denial of service or inform...	2026-04-17	7.1	ADJACENT	HIGH	NVD
CVE-2026-40478	Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.RELEASE and prior contain a security bypass vulner...	2026-04-17	9.0	NETWORK	CRITICAL	NVD
CVE-2026-40477	Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.RELEASE and prior contain a security bypass vulner...	2026-04-17	9.0	NETWORK	CRITICAL	NVD
CVE-2026-40476	graphql-go is a Go implementation of GraphQL. In versions 15.31.4 and below, the OverlappingFieldsCanBeMerged validation rule performs O(n²) pairwise ...	2026-04-17	6.9	NETWORK	MEDIUM	NVD
CVE-2026-40474	wger is a free, open-source workout and fitness manager. In versions 2.5 and below, the GymConfigUpdateView declares permission_required = 'config.cha...	2026-04-17	7.6	NETWORK	HIGH	NVD
CVE-2026-40353	wger is a free, open-source workout and fitness manager. In versions 2.5 and below, the attribution_link property in AbstractLicenseModel constructs H...	2026-04-17	5.1	NETWORK	MEDIUM	NVD
CVE-2026-40352	FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password change endpoint is vulnerable to NoSQL injection. An authenticat...	2026-04-17	8.8	NETWORK	HIGH	NVD
CVE-2026-40351	FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password-based login endpoint uses TypeScript type assertion without runt...	2026-04-17	9.8	NETWORK	CRITICAL	NVD

Loading vulnerability details...

Description

EPSS Score

N/A

Exploit Prediction Scoring System

Dates

Published:

Last Modified:

CVSS v3.1 metrics not available for this vulnerability.

CVSS v4.0 metrics not available for this vulnerability.

CVSS v2.0 metrics not available for this vulnerability.

Weakness Information (CWE)

No CWE information available for this vulnerability.

Affected Products

No affected product information available for this vulnerability.

References

No references available for this vulnerability.