| medium |
IR Trends Q1 2026: Phishing reemerges as top initial access vector, as attacks targeting public administration persist |
advisory |
vendor-blogs |
|
phishing |
2026-04-22 |
| unknown |
The AI era demands a different kind of CISO |
news |
general-news |
|
|
2026-04-22 |
| unknown |
Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug |
news |
general-news |
|
|
2026-04-22 |
| high |
CVE-2026-6846 — A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a speciall… |
vulnerability |
nvd |
CVE-2026-6846 |
|
2026-04-22 |
| medium |
CVE-2026-6845 — A flaw was found in binutils, specifically within the `readelf` utility. This vulnerability allows a… |
vulnerability |
nvd |
CVE-2026-6845 |
|
2026-04-22 |
| medium |
CVE-2026-6844 — A flaw was found in the `readelf` utility of the binutils package. A local attacker could exploit tw… |
vulnerability |
nvd |
CVE-2026-6844 |
|
2026-04-22 |
| medium |
CVE-2026-6843 — A flaw was found in nano. A local user could exploit a format string vulnerability in the `statuslin… |
vulnerability |
nvd |
CVE-2026-6843 |
ransomware |
2026-04-22 |
| medium |
CVE-2026-6396 — The Fast & Fancy Filter – 3F plugin for WordPress is vulnerable to Cross-Site Request Forgery in ver… |
vulnerability |
nvd |
CVE-2026-6396 |
|
2026-04-22 |
| medium |
CVE-2026-6294 — The Google PageRank Display plugin for WordPress is vulnerable to Cross-Site Request Forgery in vers… |
vulnerability |
nvd |
CVE-2026-6294 |
ransomware |
2026-04-22 |
| medium |
CVE-2026-6246 — The Simple Random Posts Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting… |
vulnerability |
nvd |
CVE-2026-6246 |
|
2026-04-22 |
| medium |
CVE-2026-6236 — The Posts map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' short… |
vulnerability |
nvd |
CVE-2026-6236 |
|
2026-04-22 |
| critical |
CVE-2026-6235 — The Sendmachine for WordPress plugin for WordPress is vulnerable to authorization bypass via the 'ma… |
vulnerability |
nvd |
CVE-2026-6235 |
|
2026-04-22 |
| medium |
CVE-2026-6041 — The Buzz Comments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Custom… |
vulnerability |
nvd |
CVE-2026-6041 |
|
2026-04-22 |
| medium |
CVE-2026-5820 — The Zypento Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table o… |
vulnerability |
nvd |
CVE-2026-5820 |
|
2026-04-22 |
| medium |
CVE-2026-5767 — The SlideShowPro SC plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin… |
vulnerability |
nvd |
CVE-2026-5767 |
|
2026-04-22 |
| medium |
CVE-2026-5748 — The Text Snippets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's… |
vulnerability |
nvd |
CVE-2026-5748 |
|
2026-04-22 |
| medium |
CVE-2026-4353 — The CI HUB Connector plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id'… |
vulnerability |
nvd |
CVE-2026-4353 |
|
2026-04-22 |
| medium |
CVE-2026-4280 — The Breaking News WP plugin for WordPress is vulnerable to Local File Inclusion in all versions up t… |
vulnerability |
nvd |
CVE-2026-4280 |
|
2026-04-22 |
| medium |
CVE-2026-4279 — The Bread & Butter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'breadb… |
vulnerability |
nvd |
CVE-2026-4279 |
|
2026-04-22 |
| medium |
CVE-2026-4142 — The Sentence To SEO (keywords, description and tags) plugin for WordPress is vulnerable to Stored Cr… |
vulnerability |
nvd |
CVE-2026-4142 |
|
2026-04-22 |
| medium |
CVE-2026-4140 — The Ni WooCommerce Order Export plugin for WordPress is vulnerable to Cross-Site Request Forgery in… |
vulnerability |
nvd |
CVE-2026-4140 |
|
2026-04-22 |
| medium |
CVE-2026-4139 — The mCatFilter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up t… |
vulnerability |
nvd |
CVE-2026-4139 |
|
2026-04-22 |
| medium |
CVE-2026-4138 — The DX Unanswered Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all v… |
vulnerability |
nvd |
CVE-2026-4138 |
|
2026-04-22 |
| medium |
CVE-2026-4133 — The TextP2P Texting Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all v… |
vulnerability |
nvd |
CVE-2026-4133 |
|
2026-04-22 |
| high |
CVE-2026-4132 — The HTTP Headers plugin for WordPress is vulnerable to External Control of File Name or Path leading… |
vulnerability |
nvd |
CVE-2026-4132 |
rce |
2026-04-22 |
| medium |
CVE-2026-4131 — The WP Responsive Popup + Optin plugin for WordPress is vulnerable to Cross-Site Request Forgery in… |
vulnerability |
nvd |
CVE-2026-4131 |
|
2026-04-22 |
| medium |
CVE-2026-4128 — The TP Restore Categories And Taxonomies plugin for WordPress is vulnerable to Missing Authorization… |
vulnerability |
nvd |
CVE-2026-4128 |
|
2026-04-22 |
| medium |
CVE-2026-4126 — The Table Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versio… |
vulnerability |
nvd |
CVE-2026-4126 |
|
2026-04-22 |
| medium |
CVE-2026-4125 — The WPMK Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' sho… |
vulnerability |
nvd |
CVE-2026-4125 |
|
2026-04-22 |
| medium |
CVE-2026-4121 — The Kcaptcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to… |
vulnerability |
nvd |
CVE-2026-4121 |
|
2026-04-22 |
| critical |
CVE-2026-4119 — The Create DB Tables plugin for WordPress is vulnerable to authorization bypass in all versions up t… |
vulnerability |
nvd |
CVE-2026-4119 |
|
2026-04-22 |
| medium |
CVE-2026-4118 — The Call To Action Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all ve… |
vulnerability |
nvd |
CVE-2026-4118 |
|
2026-04-22 |
| medium |
CVE-2026-4117 — The CalJ plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and incl… |
vulnerability |
nvd |
CVE-2026-4117 |
|
2026-04-22 |
| medium |
CVE-2026-4090 — The Inquiry Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up… |
vulnerability |
nvd |
CVE-2026-4090 |
|
2026-04-22 |
| medium |
CVE-2026-4089 — The Twittee Text Tweet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id… |
vulnerability |
nvd |
CVE-2026-4089 |
|
2026-04-22 |
| medium |
CVE-2026-4088 — The Switch CTA Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wppw_c… |
vulnerability |
nvd |
CVE-2026-4088 |
|
2026-04-22 |
| medium |
CVE-2026-4085 — The Easy Social Photos Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via… |
vulnerability |
nvd |
CVE-2026-4085 |
|
2026-04-22 |
| medium |
CVE-2026-4082 — The ER Swiffy Insert plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the [swif… |
vulnerability |
nvd |
CVE-2026-4082 |
|
2026-04-22 |
| medium |
CVE-2026-4076 — The Slider Bootstrap Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via… |
vulnerability |
nvd |
CVE-2026-4076 |
|
2026-04-22 |
| medium |
CVE-2026-4074 — The Quran Live Multilanguage plugin for WordPress is vulnerable to Stored Cross-Site Scripting via t… |
vulnerability |
nvd |
CVE-2026-4074 |
|
2026-04-22 |
| medium |
CVE-2026-3362 — The Short Comment Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '… |
vulnerability |
nvd |
CVE-2026-3362 |
|
2026-04-22 |
| unknown |
CVE-2026-31433 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix potencial OOB in get_… |
vulnerability |
nvd |
CVE-2026-31433 |
|
2026-04-22 |
| unknown |
CVE-2026-31432 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix OOB write in QUERY_IN… |
vulnerability |
nvd |
CVE-2026-31432 |
|
2026-04-22 |
| unknown |
CVE-2026-31431 — In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to o… |
vulnerability |
nvd |
CVE-2026-31431 |
|
2026-04-22 |
| medium |
CVE-2026-2719 — The Private WP suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Exce… |
vulnerability |
nvd |
CVE-2026-2719 |
|
2026-04-22 |
| medium |
CVE-2026-2717 — The HTTP Headers plugin for WordPress is vulnerable to CRLF Injection in all versions up to, and inc… |
vulnerability |
nvd |
CVE-2026-2717 |
|
2026-04-22 |
| medium |
CVE-2026-2714 — The Institute Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '… |
vulnerability |
nvd |
CVE-2026-2714 |
|
2026-04-22 |
| medium |
CVE-2026-1845 — The Real Estate Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin sett… |
vulnerability |
nvd |
CVE-2026-1845 |
|
2026-04-22 |
| medium |
CVE-2026-1379 — The HTTP Headers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin setting… |
vulnerability |
nvd |
CVE-2026-1379 |
|
2026-04-22 |
| unknown |
CVE-2025-14821 Libssh: libssh: insecure default configuration leads to local man-in-the-middle attacks on windows |
advisory |
vendor-blogs |
|
|
2026-04-22 |