Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
6.6 MEDIUM
CVE-2026-4135 — Lenovo Software Fix Elevation of Privilege Vulnerability

During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix, that during installation could allow a local authenticated user to perform an arbitrary file w…

| Authorization
Apr 15, 2026 Apr 15, 2026
Apr 15, 2026
Apr 15, 2026
7.3 HIGH
CVE-2026-4134 — Lenovo Software Fix Privilege Escalation Vulnerability

During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix, that during installation could allow a local authenticated user to execute code with elevated …

| Authentication
Apr 15, 2026 Apr 15, 2026
Apr 15, 2026
Apr 15, 2026
0.0 NA
CVE-2026-25219 — Apache Airflow: Sensitive Azure Service Bus connection string (and possibly other provide…

The `access_key` and `connection_string` connection properties were not marked as sensitive names in secrets masker. This means that user with read permission could see the values in Connection UI, a…

| Information Disclosure
Apr 15, 2026 Apr 15, 2026
Apr 15, 2026
Apr 15, 2026
6.7 MEDIUM
CVE-2026-1636 — Lenovo Service Bridge Elevation of Privilege

A potential DLL hijacking vulnerability was reported in Lenovo Service Bridge that, under certain conditions, could allow a local authenticated user to execute code with elevated privileges.

| Misconfiguration
Apr 15, 2026 Apr 15, 2026
Apr 15, 2026
Apr 15, 2026
7.1 HIGH
CVE-2026-0827 — Lenovo Diagnostics/HardwareScanAddin Privilege Escalation Vulnerability

During an internal security assessment, a potential vulnerability was discovered in Lenovo Diagnostics and the HardwareScanAddin used in Lenovo Vantage that, during installation or when using hardwar…

| Path Traversal
Apr 15, 2026 Apr 15, 2026
Apr 15, 2026
Apr 15, 2026
6.5 MEDIUM
CVE-2026-3590 — Race Condition in Guest Magic Link Authentication Allows Token Reuse

Mattermost versions 10.11.x <= 10.11.12, 11.5.x <= 11.5.0, 11.4.x <= 11.4.2, 11.3.x <= 11.3.2 fail to enforce atomic single-use consumption of guest magic link tokens, which allows an attacker with a…

Remote | Authentication
Apr 15, 2026 Apr 15, 2026
Apr 15, 2026
Apr 15, 2026
6.1 MEDIUM
CVE-2026-1852 — Product Pricing Table by WooBeWoo <= 1.1.0 - Cross-Site Request Forgery to Stored XSS and…

The Product Pricing Table by WooBeWoo plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing or incorrect nonce validatio…

Remote | Cross-Site Request Forgery
Apr 15, 2026 Apr 15, 2026
Apr 15, 2026
Apr 15, 2026
0.0 NA
CVE-2026-40786 — WordPress MyRewards plugin <= 5.7.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Long Watch Studio MyRewards woorewards allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MyRewards: from n/a through <=…

| Authorization
Apr 15, 2026 Apr 15, 2026
Apr 15, 2026
Apr 15, 2026
8.1 HIGH
CVE-2026-40784 — WordPress FluentBoards plugin <= 1.91.2 - Insecure Direct Object References (IDOR) vulner…

Authorization Bypass Through User-Controlled Key vulnerability in Mahmudul Hasan Arif FluentBoards fluent-boards allows Exploiting Incorrectly Configured Access Control Security Levels.This issue aff…

Remote | Authorization
Apr 15, 2026 Apr 15, 2026
Apr 15, 2026
Apr 15, 2026
0.0 NA
CVE-2026-40778 — WordPress Majestic Support plugin <= 1.1.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Majestic Support Majestic Support majestic-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Majestic Support: …

| Authorization
Apr 15, 2026 Apr 15, 2026
Apr 15, 2026
Apr 15, 2026
8.1 HIGH
CVE-2026-40764 — WordPress Contact Form by WPForms plugin <= 1.10.0.2 - Cross Site Request Forgery (CSRF) …

Cross-Site Request Forgery (CSRF) vulnerability in Syed Balkhi Contact Form by WPForms wpforms-lite allows Cross Site Request Forgery.This issue affects Contact Form by WPForms: from n/a through <= 1…

Remote | Cross-Site Request Forgery
Apr 15, 2026 Apr 15, 2026
Apr 15, 2026
Apr 15, 2026
0.0 NA
CVE-2026-40763 — WordPress Royal Elementor Addons plugin <= 1.7.1056 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Royal Elemento…

| Authorization
Apr 15, 2026 Apr 15, 2026
Apr 15, 2026
Apr 15, 2026
7.6 HIGH
CVE-2026-40745 — WordPress Element Pack Elementor Addons plugin <= 8.4.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Blind SQL Injection.This…

Remote | Injection
Apr 15, 2026 Apr 15, 2026
Apr 15, 2026
Apr 15, 2026
0.0 NA
CVE-2026-40744 — WordPress Beaver Builder plugin <= 2.10.1.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Beaver Builder Beaver Builder beaver-builder-lite-version allows Blind SQL Injection.This issue a…

| Injection
Apr 15, 2026 Apr 15, 2026
Apr 15, 2026
Apr 15, 2026
5.3 MEDIUM
CVE-2026-40742 — WordPress Nelio AB Testing plugin <= 8.2.8 - Sensitive Data Exposure vulnerability

Missing Authorization vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nelio AB Testing: fr…

Remote | Authorization
Apr 15, 2026 Apr 15, 2026
Apr 15, 2026
Apr 15, 2026
0.0 NA
CVE-2026-40740 — WordPress Tutor LMS plugin <= 3.9.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through <= 3.9.7.

| Authorization
Apr 15, 2026 Apr 15, 2026
Apr 15, 2026
Apr 15, 2026
5.3 MEDIUM
CVE-2026-40737 — WordPress COMPE plugin <= 1.1.4 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in VillaTheme COMPE compe-woo-compare-products allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affect…

Remote | Authorization
Apr 15, 2026 Apr 15, 2026
Apr 15, 2026
Apr 15, 2026
0.0 NA
CVE-2026-40734 — WordPress Categories Images plugin <= 3.3.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zahlan Categories Images categories-images allows DOM-Based XSS.This issue affects Categories Ima…

| Cross-Site Scripting
Apr 15, 2026 Apr 15, 2026
Apr 15, 2026
Apr 15, 2026
0.0 NA
CVE-2026-40730 — WordPress ThemeGrill Demo Importer plugin <= 2.0.0.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in ThemeGrill ThemeGrill Demo Importer themegrill-demo-importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ThemeGri…

| Authorization
Apr 15, 2026 Apr 15, 2026
Apr 15, 2026
Apr 15, 2026
0.0 NA
CVE-2026-40729 — WordPress 3D viewer – Embed 3D Models plugin <= 1.8.5 - Broken Access Control vulnerabili…

Missing Authorization vulnerability in bPlugins 3D viewer – Embed 3D Models 3d-viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 3D viewer – Embed 3D M…

| Authorization
Apr 15, 2026 Apr 15, 2026
Apr 15, 2026
Apr 15, 2026
Showing 20 of 6479 Results