Export limit exceeded: 345071 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345071 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-31839 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in digireturn DN Footer Contacts dn-footer-contacts allows Cross Site Request Forgery.This issue affects DN Footer Contacts: from n/a through <= 1.8.1. | ||||
| CVE-2025-31841 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in Frank P. Walentynowicz FPW Category Thumbnails fpw-category-thumbnails allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FPW Category Thumbnails: from n/a through <= 1.9.5. | ||||
| CVE-2025-31842 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Insertion of Sensitive Information Into Sent Data vulnerability in viralloops Viral Loops WP Integration viral-loops-wp-integration allows Retrieve Embedded Sensitive Data.This issue affects Viral Loops WP Integration: from n/a through <= 3.4.0. | ||||
| CVE-2025-46471 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gnanavelshenll WP Custom Post Popup custom-post-popup allows DOM-Based XSS.This issue affects WP Custom Post Popup: from n/a through <= 1.0.1. | ||||
| CVE-2025-31843 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in Wilson OpenAI Tools for WordPress & WooCommerce openai-tools-for-wp-wc allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects OpenAI Tools for WordPress & WooCommerce: from n/a through <= 2.2.1. | ||||
| CVE-2025-31844 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor Alam Magical Blocks magical-blocks allows Stored XSS.This issue affects Magical Blocks: from n/a through <= 1.0.12. | ||||
| CVE-2025-31845 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Rohit Choudhary Theme Duplicator theme-duplicator allows Cross Site Request Forgery.This issue affects Theme Duplicator: from n/a through <= 1.1. | ||||
| CVE-2025-31846 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in Jeroen Schmit Theater for WordPress theatre allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Theater for WordPress: from n/a through <= 0.18.7. | ||||
| CVE-2025-31847 | 2 Themelooks, Wordpress | 2 Mfolio Lite, Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themelooks mFolio Lite mfolio-lite allows DOM-Based XSS.This issue affects mFolio Lite: from n/a through <= 1.2.3. | ||||
| CVE-2025-46477 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Carlo La Pera WP Customize Login Page wp-customize-login-page allows Stored XSS.This issue affects WP Customize Login Page: from n/a through <= 1.6.5. | ||||
| CVE-2025-31848 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in WPFactory Adverts adverts-click-tracker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Adverts: from n/a through <= 1.4. | ||||
| CVE-2025-46478 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in metaloha Dropdown Content dropdown-content allows Stored XSS.This issue affects Dropdown Content: from n/a through <= 1.0.2. | ||||
| CVE-2025-31849 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fbtemplates Nemesis All-in-One nemesis-all-in-one allows Stored XSS.This issue affects Nemesis All-in-One: from n/a through <= 1.1.3. | ||||
| CVE-2025-40743 | 1 Siemens | 4 Sinumerik 828d, Sinumerik 840d Sl, Sinumerik Mc and 1 more | 2026-04-15 | 8.3 High |
| A vulnerability has been identified in SINUMERIK 828D PPU.4 (All versions < V4.95 SP5), SINUMERIK 828D PPU.5 (All versions < V5.25 SP1), SINUMERIK 840D sl (All versions < V4.95 SP5), SINUMERIK MC (All versions < V1.25 SP1), SINUMERIK MC V1.15 (All versions < V1.15 SP5), SINUMERIK ONE (All versions < V6.25 SP1), SINUMERIK ONE V6.15 (All versions < V6.15 SP5). The affected application improperly validates authentication for its VNC access service, allowing access with insufficient password verification. This could allow an attacker to gain unauthorized remote access and potentially compromise system confidentiality, integrity, or availability. | ||||
| CVE-2025-46481 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Deserialization of Untrusted Data vulnerability in Michael Cannon Flickr Shortcode Importer flickr-shortcode-importer allows Object Injection.This issue affects Flickr Shortcode Importer: from n/a through <= 2.2.3. | ||||
| CVE-2025-31850 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RedefiningTheWeb PDF Generator Addon for Elementor Page Builder pdf-generator-addon-for-elementor-page-builder allows Stored XSS.This issue affects PDF Generator Addon for Elementor Page Builder: from n/a through <= 2.1.0. | ||||
| CVE-2025-40744 | 1 Siemens | 1 Solid Edge Se2025 | 2026-04-15 | 7.5 High |
| A vulnerability has been identified in Solid Edge SE2025 (All versions < V225.0 Update 11). Affected applications do not properly validate client certificates to connect to License Service endpoint. This could allow an unauthenticated remote attacker to perform man in the middle attacks. | ||||
| CVE-2025-46482 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MyThemeShop WP Quiz wp-quiz allows Stored XSS.This issue affects WP Quiz: from n/a through <= 2.0.10. | ||||
| CVE-2025-31852 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in N-Media Bulk Product Sync sync-wc-google allows Cross Site Request Forgery.This issue affects Bulk Product Sync: from n/a through <= 8.6. | ||||
| CVE-2025-40757 | 1 Siemens | 2 Apogee Pxc, Talon Tc | 2026-04-15 | 5.3 Medium |
| A vulnerability has been identified in APOGEE PXC Series (BACnet) (All versions), APOGEE PXC Series (P2 Ethernet) (All versions), TALON TC Series (BACnet) (All versions). Affected devices connected to the network allow unrestricted access to sensitive files, such as databases. This could allow an attacker to download encrypted .db file containing passwords. | ||||