CVE-2026-3783
5.3 MEDIUM 5.3When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname …
CVE Vulnerability Database
Complete database of CVE vulnerabilities. Track critical security threats, exploits and patches. Updated daily from NVD NIST.
CVE-2026-1965
6.5 MEDIUM 6.5libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests …
libcurl
Details
CVE-2026-3906
4.3 MEDIUM 4.3WordPress core is vulnerable to unauthorized access in versions 6.9 through 6.9.1. The Notes feature (block-level collaboration annotations) was introduced in WordPress 6.9 to allow editorial comments directly on posts …
WordPress
Details
CVE-2026-3492
6.4 MEDIUM 6.4The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.9.28.1. This is due to a compound failure involving missing authorization …
WordPress
Details
CVE-2026-3231
7.2 HIGH 7.2The Checkout Field Editor (Checkout Manager) for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom radio and checkboxgroup field values submitted through the WooCommerce Block Checkout …
WordPress
Details
CVE-2026-1993
8.8 HIGH 8.8The ExactMetrics – Google Analytics Dashboard for WordPress plugin is vulnerable to Improper Privilege Management in versions 7.1.0 through 9.0.2. This is due to the `update_settings()` function accepting arbitrary plugin …
Google
Details
CVE-2026-1992
8.8 HIGH 8.8The ExactMetrics – Google Analytics Dashboard for WordPress plugin is vulnerable to Insecure Direct Object Reference in versions 8.6.0 through 9.0.2. This is due to the `store_settings()` method in the …
Google
Details
CVE-2026-1454
7.2 HIGH 7.2The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0.1 via form field submissions. …
WordPress
Details
CVE-2026-3903
4.3 MEDIUM 4.3The Modular DS: Monitor, update, and backup multiple websites plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.1. This is due to …
WordPress
Details
CVE-2026-2918
6.4 MEDIUM 6.4The Happy Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.21.0 via the `ha_condition_update` AJAX action. This is …
WordPress
Details
Statistics
Total
26727
Critical
2347
High
8904