Export limit exceeded: 346125 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346125 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-10056 | 2026-04-22 | N/A | ||
| This CVE has the been REJECTED and will not be published by the CNA. | ||||
| CVE-2013-10045 | 2026-04-22 | N/A | ||
| This CVE has the been REJECTED and will not be published by the CNA. | ||||
| CVE-2013-10041 | 2026-04-22 | N/A | ||
| This CVE has the been REJECTED and will not be published by the CNA. | ||||
| CVE-2011-10031 | 2026-04-22 | N/A | ||
| This CVE has the been REJECTED and will not be published by the CNA. | ||||
| CVE-2010-20124 | 2026-04-22 | N/A | ||
| This CVE has the been REJECTED and will not be published by the CNA. | ||||
| CVE-2010-20118 | 2026-04-22 | N/A | ||
| This CVE has the been REJECTED and will not be published by the CNA. | ||||
| CVE-2010-20117 | 2026-04-22 | N/A | ||
| This CVE has the been REJECTED and will not be published by the CNA. | ||||
| CVE-2010-20116 | 2026-04-22 | N/A | ||
| This CVE has the been REJECTED and will not be published by the CNA. | ||||
| CVE-2010-20110 | 2026-04-22 | N/A | ||
| This CVE has the been REJECTED and will not be published by the CNA. | ||||
| CVE-2009-20012 | 2026-04-22 | N/A | ||
| This CVE has the been REJECTED and will not be published by the CNA. | ||||
| CVE-2008-20003 | 2026-04-22 | N/A | ||
| This CVE has the been REJECTED and will not be published by the CNA. | ||||
| CVE-2008-20002 | 2026-04-22 | N/A | ||
| This CVE has the been REJECTED and will not be published by the CNA. | ||||
| CVE-2005-20001 | 2026-04-22 | N/A | ||
| This CVE has the been REJECTED and will not be published by the CNA. | ||||
| CVE-2000-5001 | 2026-04-22 | N/A | ||
| This CVE has the been REJECTED and will not be published by the CNA. | ||||
| CVE-2026-33558 | 1 Apache | 2 Kafka, Kafka Clients | 2026-04-22 | 5.3 Medium |
| Information exposure vulnerability has been identified in Apache Kafka. The NetworkClient component will output entire requests and responses information in the DEBUG log level in the logs. By default, the log level is set to INFO level. If the DEBUG level is enabled, the sensitive information will be exposed via the requests and responses output log. The entire lists of impacted requests and responses are: * AlterConfigsRequest * AlterUserScramCredentialsRequest * ExpireDelegationTokenRequest * IncrementalAlterConfigsRequest * RenewDelegationTokenRequest * SaslAuthenticateRequest * createDelegationTokenResponse * describeDelegationTokenResponse * SaslAuthenticateResponse This issue affects Apache Kafka: from any version supported the listed API above through v3.9.1, v4.0.0. We advise the Kafka users to upgrade to v3.9.2, v4.0.1, or later to avoid this vulnerability. | ||||
| CVE-2010-3765 | 2 Mozilla, Redhat | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2026-04-22 | 9.8 Critical |
| Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware. | ||||
| CVE-2025-10735 | 1 Wordpress | 1 Wordpress | 2026-04-22 | 4 Medium |
| The Block For Mailchimp – Easy Mailchimp Form Integration plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.1.12 via the mcbSubmit_Form_Data(). This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | ||||
| CVE-2025-9045 | 2 Hashthemes, Wordpress | 2 Easy Elementor Addons, Wordpress | 2026-04-22 | 6.4 Medium |
| The Easy Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widget parameters in versions less than, or equal to, 2.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-9130 | 1 Wordpress | 1 Wordpress | 2026-04-22 | 6.4 Medium |
| The Unify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin for WordPress's unify_checkout shortcode in all versions up to, and including, 3.4.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-9885 | 2 Laudanumsoft, Wordpress | 2 Mpwizard, Wordpress | 2026-04-22 | 4.3 Medium |
| The MPWizard – Create Mercado Pago Payment Links plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation in the '/includes/admin/class-mpwizard-table.php' file. This makes it possible for unauthenticated attackers to delete arbitrary posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||