News & Sicurezza

Exploited in the Wild: Critical 9.3 CVSS Flaw Turns Tianxin Systems into Hacker Gateways A critical security vulnerability, tracked as CVE-2021-4473, has been identified in the Tianxin Internet Behavior Management System. With a severe CVSS score of 9.3, this flaw allows unauthenticated a ... Read more Published Date: Apr 08, 2026 (1 day, 1 hour ago) Vulnerabilities has been mentioned in this article. CVE-2021-4473 CVE-2026-35616 CVE-2026-5281 CVE-2026-3502 CVE-2026-33032 CVE-2025-24936 CVE-2025-20337 CVE-2024-50623

Critical Flowise RCE Vulnerability Actively Exploited, Thousands of Systems at Risk A critical Flowise RCE vulnerability is now being actively exploited. The flaw, tracked as CVE-2025-59528, carries a maximum severity rating and enables attackers to execute arbitrary code on affected ... Read more Published Date: Apr 08, 2026 (1 day, 1 hour ago) Vulnerabilities has been mentioned in this article. CVE-2026-4681 CVE-2025-59528 CVE-2025-8943 CVE-2025-26319

CVE ID :CVE-2026-39713 Published : April 8, 2026, 9:16 a.m. | 2 hours, 39 minutes ago Description :Missing Authorization vulnerability in mailercloud Mailercloud – Integrate webforms and synchronize website contacts mailercloud-integrate-webforms-synchronize-contacts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mailercloud – Integrate webforms and synchronize website contacts: from n/a through Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-39716 Published : April 8, 2026, 9:16 a.m. | 2 hours, 39 minutes ago Description :Missing Authorization vulnerability in CKThemes Flipmart flipmart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flipmart: from n/a through Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-39711 Published : April 8, 2026, 9:16 a.m. | 2 hours, 39 minutes ago Description :Insertion of Sensitive Information Into Sent Data vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows Retrieve Embedded Sensitive Data.This issue affects RT-Theme 18 | Extensions: from n/a through Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-39715 Published : April 8, 2026, 9:16 a.m. | 2 hours, 39 minutes ago Description :Missing Authorization vulnerability in AnyTrack AnyTrack Affiliate Link Manager anytrack-affiliate-link-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AnyTrack Affiliate Link Manager: from n/a through Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-39714 Published : April 8, 2026, 9:16 a.m. | 2 hours, 39 minutes ago Description :Missing Authorization vulnerability in G5Theme G5Plus April g5plus-april allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects G5Plus April: from n/a through Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-39712 Published : April 8, 2026, 9:16 a.m. | 2 hours, 39 minutes ago Description :Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in tagDiv tagDiv Composer td-composer allows Code Injection.This issue affects tagDiv Composer: from n/a through Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-39709 Published : April 8, 2026, 9:16 a.m. | 2 hours, 39 minutes ago Description :Insertion of Sensitive Information Into Sent Data vulnerability in thetechtribe The Tribal the-tech-tribe allows Retrieve Embedded Sensitive Data.This issue affects The Tribal: from n/a through Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-39707 Published : April 8, 2026, 9:16 a.m. | 2 hours, 39 minutes ago Description :Missing Authorization vulnerability in ZealousWeb Accept PayPal Payments using Contact Form 7 contact-form-7-paypal-extension allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accept PayPal Payments using Contact Form 7: from n/a through Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-39708 Published : April 8, 2026, 9:16 a.m. | 2 hours, 39 minutes ago Description :Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uicore UiCore Elements uicore-elements allows Stored XSS.This issue affects UiCore Elements: from n/a through Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-39710 Published : April 8, 2026, 9:16 a.m. | 2 hours, 39 minutes ago Description :Cross-Site Request Forgery (CSRF) vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows Cross Site Request Forgery.This issue affects RT-Theme 18 | Extensions: from n/a through Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...