Daily CVE Alert — 2026-04-05 | Critical & High Severity

Cybersecurity

2026.04.05

Daily CVE Alert — 2026-04-05 | Critical & High Severity

Date: 2026-04-05 Analyst: Phil (Cybersecurity Analyst) Severity Filter: Critical (CVSS 9.0+) and High (CVSS 7.0–8.9)

目次

Critical CVEs (CVSS 9.0+)
High CVEs (CVSS 7.0–8.9)

Critical CVEs (CVSS 9.0+)

CVE ID | CVSS | Vendor/Product | Type | Description
CVE-2016-20052 | 9.8 | See NVD | Network | Snews CMS 1.7 contains an unrestricted file upload vulnerability that allows una
CVE-2018-25254 | 9.8 | See NVD | Network | NICO-FTP 3.0.1.19 contains a structured exception handler buffer overflow vulner

High CVEs (CVSS 7.0–8.9)

CVE ID | CVSS | Vendor/Product | Type | Description
CVE-2026-3666 | 8.8 | See NVD | Network | The wpForo Forum plugin for WordPress is vulnerable to arbitrary file deletion i
CVE-2018-25251 | 8.4 | See NVD | Local | Snes9K 0.0.9z contains a buffer overflow vulnerability in the Netplay Socket Por
CVE-2018-25255 | 8.4 | See NVD | Local | 10-Strike LANState 8.8 contains a local buffer overflow vulnerability in structu
CVE-2026-4896 | 8.1 | See NVD | Network | The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Lis
CVE-2016-20055 | 7.8 | See NVD | Local | IObit Advanced SystemCare 10.0.2 contains an unquoted service path vulnerability
CVE-2016-20056 | 7.8 | See NVD | Local | Spy Emergency build 23.0.205 contains an unquoted service path vulnerability in
CVE-2016-20057 | 7.8 | See NVD | Local | NETGATE Registry Cleaner build 16.0.205 contains an unquoted service path vulner
CVE-2016-20058 | 7.8 | See NVD | Local | Netgate AMITI Antivirus build 23.0.305 contains an unquoted service path vulnera
CVE-2016-20059 | 7.8 | See NVD | Local | IObit Malware Fighter 4.3.1 contains an unquoted service path vulnerability in t
CVE-2016-20060 | 7.8 | See NVD | Local | Hotspot Shield 6.0.3 contains an unquoted service path vulnerability in the hshl
CVE-2016-20061 | 7.8 | See NVD | Local | sheed AntiVirus 2.3 contains an unquoted service path vulnerability in the ShavP
CVE-2026-1233 | 7.5 | See NVD | Network | The Text to Speech for WP (AI Voices by Mementor) plugin for WordPress is vulner
CVE-2018-25241 | 7.5 | See NVD | Network | Microsoft VPN Browser+ 1.1.0.0 contains a denial of service vulnerability that a
CVE-2018-25245 | 7.5 | See NVD | Network | Microsoft 7 Tik 1.0.1.0 contains a denial of service vulnerability that allows a
CVE-2026-5425 | 7.2 | See NVD | Network | The Widgets for Social Photo Feed plugin for WordPress is vulnerable to Stored C
CVE-2026-2936 | 7.2 | See NVD | Network | The Visitor Traffic Real Time Statistics plugin for WordPress is vulnerable to S
CVE-2018-25248 | 7.2 | See NVD | Network | MyBB Downloads Plugin 2.0.3 contains a persistent cross-site scripting vulnerabi
CVE-2018-25250 | 7.2 | See NVD | Network | MyBB Last User's Threads in Profile Plugin 1.2 contains a persistent cross-
CVE-2026-3445 | 7.1 | See NVD | Network | The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User

— *Sources: NVD (nvd.nist.gov), CISA KEV*

タイトルとURLをコピーしました