|
1151
|
8.5 |
HIGH
Network
|
-
|
-
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Beaver Builder Beaver Builder beaver-builder-lite-version allows Blind SQL Injection.This issue a…
|
CWE-89
SQL Injection
|
CVE-2026-40744
|
2026-04-17 00:17 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1152
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through <= 3.9.7.
|
CWE-862
Missing Authorization
|
CVE-2026-40740
|
2026-04-17 00:17 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1153
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zahlan Categories Images categories-images allows DOM-Based XSS.This issue affects Categories Ima…
|
CWE-79
Cross-site Scripting
|
CVE-2026-40734
|
2026-04-17 00:17 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1154
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in bPlugins 3D viewer – Embed 3D Models 3d-viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 3D viewer – Embed 3D M…
|
CWE-862
Missing Authorization
|
CVE-2026-40729
|
2026-04-17 00:17 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1155
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'eeb_mailto' shortcode in all versions up to, and including, 2.…
|
CWE-79
Cross-site Scripting
|
CVE-2026-2840
|
2026-04-17 00:17 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1156
|
5.7 |
MEDIUM
Network
|
-
|
-
|
monetr is a budgeting application focused on planning for recurring expenses. Prior to 1.12.3, a transaction integrity flaw allows an authenticated tenant user to soft-delete synced non-manual transa…
|
CWE-285
Improper Authorization
|
CVE-2026-39901
|
2026-04-16 23:57 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1157
|
- |
|
-
|
-
|
Mercure is a protocol for pushing data updates to web browsers and other HTTP clients in a battery-efficient way. Prior to 0.22.0, a cache key collision vulnerability in TopicSelectorStore allows an …
|
CWE-1289
Improper Validation of Unsafe Equivalence in Input
|
CVE-2026-39972
|
2026-04-16 23:45 |
2026-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1158
|
- |
|
-
|
-
|
ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to 5.0.4-beta-1f46165, ClearanceKit's Endpoint Security event handler only checked the sour…
|
CWE-863
Incorrect Authorization
|
CVE-2026-40191
|
2026-04-16 23:45 |
2026-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1159
|
7.5 |
HIGH
Network
|
adobe
|
coldfusion
|
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerabilit…
|
CWE-20
Improper Input Validation
|
CVE-2026-27282
|
2026-04-16 23:43 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1160
|
9.3 |
CRITICAL
Adjacent
|
adobe
|
coldfusion
|
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitati…
|
CWE-20
Improper Input Validation
|
CVE-2026-27304
|
2026-04-16 23:42 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
