0.0

CVE-2026-40737 - WordPress COMPE plugin <= 1.1.4 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in VillaTheme COMPE compe-woo-compare-products allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects COMPE: from n/a through <= 1.1.4.

๐Ÿ“… Published: April 15, 2026, 10:21 a.m. ๐Ÿ”„ Last Modified: April 15, 2026, 10:21 a.m.

0.0

CVE-2026-40734 - WordPress Categories Images plugin <= 3.3.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zahlan Categories Images categories-images allows DOM-Based XSS.This issue affects Categories Images: from n/a through <= 3.3.1.

๐Ÿ“… Published: April 15, 2026, 10:21 a.m. ๐Ÿ”„ Last Modified: April 15, 2026, 10:21 a.m.

0.0

CVE-2026-40730 - WordPress ThemeGrill Demo Importer plugin <= 2.0.0.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in ThemeGrill ThemeGrill Demo Importer themegrill-demo-importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ThemeGrill Demo Importer: from n/a through <= 2.0.0.6.

๐Ÿ“… Published: April 15, 2026, 10:21 a.m. ๐Ÿ”„ Last Modified: April 15, 2026, 10:21 a.m.

0.0

CVE-2026-40729 - WordPress 3D viewer โ€“ Embed 3D Models plugin <= 1.8.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in bPlugins 3D viewer โ€“ Embed 3D Models 3d-viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 3D viewer โ€“ Embed 3D Models: from n/a through <= 1.8.5.

๐Ÿ“… Published: April 15, 2026, 10:21 a.m. ๐Ÿ”„ Last Modified: April 15, 2026, 10:21 a.m.

0.0

CVE-2026-40728 - WordPress Magazine Blocks plugin <= 1.8.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in BlockArt Magazine Blocks magazine-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Magazine Blocks: from n/a through <= 1.8.3.

๐Ÿ“… Published: April 15, 2026, 10:21 a.m. ๐Ÿ”„ Last Modified: April 15, 2026, 10:21 a.m.

6.8

CVSS3.1

CVE-2026-28741 - CSRF Protection Bypass Allows Updating a User's Authentication Method

Mattermost versions 10.11.x <= 10.11.12, 11.5.x <= 11.5.0, 11.4.x <= 11.4.2, 11.3.x <= 11.3.2 fail to validate CSRF tokens on an authentication endpoint which allows an attacker to update a user's authentication method via a CSRF attack by tricking a user into visiting a malicious page. Mattermost โ€ฆ

๐Ÿ“… Published: April 15, 2026, 10:13 a.m. ๐Ÿ”„ Last Modified: April 15, 2026, 10:13 a.m.

9

CVSS4.0

CVE-2026-33805 - @fastify/reply-from vulnerable to connection header abuse enabling stripping of proxy-added headers

@fastify/reply-from v12.6.1 and earlier and @fastify/http-proxy v11.4.3 and earlier process the client's Connection header after the proxy has added its own headers via rewriteRequestHeaders. This allows attackers to retroactively strip proxy-added headers from upstream requests by listing them in โ€ฆ

๐Ÿ“… Published: April 15, 2026, 10:13 a.m. ๐Ÿ”„ Last Modified: April 15, 2026, 10:13 a.m.

2.7

CVSS3.1

CVE-2026-27769 - Connected Workspaces: Malicious remote server can manipulate arbitrary user's status

Mattermost versions 10.11.x <= 10.11.12 fail to validate whether users were correctly owned by the correct Connected Workspace which allows a malicious remote server connected using the Conntexted Workspaces feature to change the displayed status of local users via the Connected Workspaces API.. Maโ€ฆ

๐Ÿ“… Published: April 15, 2026, 10:11 a.m. ๐Ÿ”„ Last Modified: April 15, 2026, 10:11 a.m.

9.1

CVSS3.1

CVE-2026-33807 - @fastify/express vulnerable to middleware path doubling causing authentication bypass in child plugโ€ฆ

@fastify/express v4.0.4 and earlier contains a path handling bug in the onRegister function that causes middleware paths to be doubled when inherited by child plugins. When a child plugin is registered with a prefix that matches a middleware path, the middleware path is prefixed a second time, causโ€ฆ

๐Ÿ“… Published: April 15, 2026, 9:52 a.m. ๐Ÿ”„ Last Modified: April 15, 2026, 9:55 a.m.

7.5

CVSS3.1

CVE-2024-33618 -

Uncontrolled Resource Consumption in Bosch VMS Central Server in Bosch VMS 12.0.1 allows attackers to consume excessive amounts of disk space via network interface.

๐Ÿ“… Published: April 15, 2026, 9:51 a.m. ๐Ÿ”„ Last Modified: April 15, 2026, 9:51 a.m.
Total resulsts: 344668
Page 2 of 34,467
ยซ previous page ยป next page
Filters