NVD Vulnerabilities

Severity Distribution

Publication Trend

Vulnerability Database

CVE ID	Description	Published	Base Score	Attack Vector	Severity	Actions
CVE-2025-52641	HCL AION is affected by a vulnerability where certain system behaviours may allow exploration of internal filesystem structures. Exposure of such info...	2026-04-15	2.9	LOCAL	LOW	NVD
CVE-2025-40899	A Stored Cross-Site Scripting vulnerability was discovered in the Assets and Nodes functionality due to improper validation of an input parameter. An ...	2026-04-15	8.9	NETWORK	HIGH	NVD
CVE-2025-40897	An access control vulnerability was discovered in the Threat Intelligence functionality due to a specific access restriction not being properly enforc...	2026-04-15	8.1	NETWORK	HIGH	NVD
CVE-2026-5088	Apache::API::Password versions through v0.5.2 for Perl can generate insecure random values for salts. The _make_salt and _make_salt_bcrypt methods wi...	2026-04-15	N/A	None	None	NVD
CVE-2026-6293	The Inquiry Form to Posts or Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to Stored Cross-Site Scripting in version ...	2026-04-15	4.3	NETWORK	MEDIUM	NVD
CVE-2026-40719	Deadwood in MaraDNS 3.5.0036 allows attackers to exhaust connection slots via a zone whose authoritative nameserver address cannot be resolved.	2026-04-15	7.5	NETWORK	HIGH	NVD
CVE-2026-5160	Versions of the package github.com/yuin/goldmark/renderer/html before 1.7.17 are vulnerable to Cross-site Scripting (XSS) due to improper ordering of ...	2026-04-15	6.1	NETWORK	MEDIUM	NVD
CVE-2026-5397	It has been identified that a vulnerability (CWE-427) exists in the UPS (Uninterruptible Power Supply) management application, whereby improper permis...	2026-04-15	7.8	LOCAL	HIGH	NVD
CVE-2026-26291	Stored cross-site scripting vulnerability exists in GROWI v7.4.6 and earlier. If this vulnerability is exploited, an arbitrary script may be executed ...	2026-04-15	4.8	NETWORK	MEDIUM	NVD
CVE-2026-6328	Improper input validation, Improper verification of cryptographic signature vulnerability in XQUIC Project XQUIC xquic on Linux (QUIC protocol impleme...	2026-04-15	8.3	NETWORK	HIGH	NVD
CVE-2026-4812	The Advanced Custom Fields (ACF) plugin for WordPress is vulnerable to Missing Authorization to Arbitrary Post/Page Disclosure in versions up to and i...	2026-04-15	5.3	NETWORK	MEDIUM	NVD
CVE-2026-40499	radare2 prior to version 6.1.4 contains a command injection vulnerability in the PDB parser's print_gvars() function that allows attackers to execute ...	2026-04-15	8.4	LOCAL	HIGH	NVD
CVE-2026-40105	XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 10.4-rc-1, through 16.10.15, 17.0.0...	2026-04-15	6.5	NETWORK	MEDIUM	NVD
CVE-2026-40104	XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 1.8-rc-1, 17.0.0-rc-1 and 17.5.0-rc-...	2026-04-15	6.9	NETWORK	MEDIUM	NVD
CVE-2026-40096	immich is a high performance self-hosted photo and video management solution. Versions prior to 2.7.3 contain an open redirect vulnerability in the sh...	2026-04-15	5.1	NETWORK	MEDIUM	NVD

Loading vulnerability details...

Description

EPSS Score

N/A

Exploit Prediction Scoring System

Dates

Published:

Last Modified:

CVSS v3.1 metrics not available for this vulnerability.

CVSS v4.0 metrics not available for this vulnerability.

CVSS v2.0 metrics not available for this vulnerability.

Weakness Information (CWE)

No CWE information available for this vulnerability.

Affected Products

No affected product information available for this vulnerability.

References

No references available for this vulnerability.