Export limit exceeded: 347283 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347283 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-42514 | 1 Cdac-noida | 1 E-sushrut Hospital Management Information System Hmis | 2026-04-29 | N/A |
| This vulnerability exists in e-Sushrut due to exposure of OTPs in plaintext within API responses. A remote attacker could exploit this vulnerability by intercepting API responses containing valid OTPs. Successful exploitation of this vulnerability could allow an attacker to impersonate the target user and gain unauthorized access to user accounts on the targeted system. | ||||
| CVE-2025-14359 | 1 Wordpress | 1 Wordpress | 2026-04-29 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in brandexponents Oshine allows PHP Local File Inclusion. This issue affects Oshine: from n/a before 7.3.0. | ||||
| CVE-2026-42421 | 1 Openclaw | 1 Openclaw | 2026-04-29 | 5.4 Medium |
| OpenClaw before 2026.4.8 contains a session management vulnerability where existing WebSocket sessions survive shared gateway token rotation. Attackers can maintain unauthorized access to WebSocket connections after token rotation by exploiting the failure to disconnect existing shared-token sessions. | ||||
| CVE-2025-14821 | 2 Libssh, Redhat | 5 Libssh, Enterprise Linux, Hardened Images and 2 more | 2026-04-29 | 7.8 High |
| A flaw was found in libssh. This vulnerability allows local man-in-the-middle attacks, security downgrades of SSH (Secure Shell) connections, and manipulation of trusted host information, posing a significant risk to the confidentiality, integrity, and availability of SSH communications via an insecure default configuration on Windows systems where the library automatically loads configuration files from the C:\etc directory, which can be created and modified by unprivileged local users. | ||||
| CVE-2026-42646 | 2026-04-29 | 7.6 High | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Steve Burge TaxoPress simple-tags allows Blind SQL Injection.This issue affects TaxoPress: from n/a through <= 3.44.0. | ||||
| CVE-2024-46382 | 2 Linlinjava, Litemall Project | 2 Litemall, Litemall | 2026-04-29 | 6.5 Medium |
| A SQL injection vulnerability in linlinjava litemall 1.8.0 allows a remote attacker to obtain sensitive information via the goodsId, goodsSn, and name parameters in AdminOrderController.java. | ||||
| CVE-2025-31421 | 1 Wordpress | 1 Wordpress | 2026-04-29 | 5.8 Medium |
| Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Oblak Studio Srbtranslatin srbtranslatin allows Retrieve Embedded Sensitive Data.This issue affects Srbtranslatin: from n/a through <= 3.2.0. | ||||
| CVE-2025-31420 | 1 Wordpress | 1 Wordpress | 2026-04-29 | 7.6 High |
| Incorrect Privilege Assignment vulnerability in Tomdever wpForo Forum wpforo allows Privilege Escalation.This issue affects wpForo Forum: from n/a through <= 2.4.2. | ||||
| CVE-2024-37418 | 3 Andymoyle, Church Admin Project, Wordpress | 3 Church Admin, Church Admin, Wordpress | 2026-04-29 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 4.4.6. | ||||
| CVE-2024-31280 | 2 Andymoyle, Church Admin Project | 2 Church Admin, Church Admin | 2026-04-29 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 4.1.5. | ||||
| CVE-2023-41652 | 2 Carrcommunications, Davidfcarr | 2 Rsvpmaker, Rsvpmarker | 2026-04-29 | 8.2 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Carr RSVPMaker rsvpmaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 10.6.6. | ||||
| CVE-2023-40215 | 1 Superwhite | 1 Demon Image Annotation | 2026-04-29 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Demonisblack demon image annotation allows SQL Injection.This issue affects demon image annotation: from n/a through 5.1. | ||||
| CVE-2023-40207 | 1 Rednao | 1 Donations Made Easy - Smart Donations | 2026-04-29 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RedNao Donations Made Easy – Smart Donations allows SQL Injection.This issue affects Donations Made Easy – Smart Donations: from n/a through 4.0.12. | ||||
| CVE-2023-38391 | 1 Themesgrove | 1 Onepage Builder | 2026-04-29 | 6.7 Medium |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themesgrove Onepage Builder allows SQL Injection.This issue affects Onepage Builder: from n/a through 2.4.1. | ||||
| CVE-2023-37966 | 1 Solwininfotech | 1 User Activity Log | 2026-04-29 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Solwin Infotech User Activity Log user-activity-log allows SQL Injection.This issue affects User Activity Log: from n/a through 1.6.2. | ||||
| CVE-2023-31077 | 1 Myrecorp | 1 Export Wp Page To Static Html\/css | 2026-04-29 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in ReCorp Export WP Page to Static HTML/CSS plugin <= 2.1.9 versions. | ||||
| CVE-2023-28748 | 1 Appjetty | 1 Copy Or Move Comments | 2026-04-29 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in biztechc Copy or Move Comments allows SQL Injection.This issue affects Copy or Move Comments: from n/a through 5.0.4. | ||||
| CVE-2022-46849 | 1 Weblizar | 1 Responsive Coming Soon \& Maintenance Mode | 2026-04-29 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Weblizar Coming Soon Page – Responsive Coming Soon & Maintenance Mode allows SQL Injection.This issue affects Coming Soon Page – Responsive Coming Soon & Maintenance Mode: from n/a through 1.5.9. | ||||
| CVE-2025-67223 | 1 Arandasoft | 1 Aranda File Server | 2026-04-29 | 7.5 High |
| The Aranda File Server (AFS) component in Aranda Software Aranda Service Desk before 8.3.12 stores daily activity logs with predictable names in a publicly accessible directory, which allows unauthenticated remote attackers to obtain direct virtual paths of uploaded files and bypass access controls to download sensitive documents containing PII. | ||||
| CVE-2025-60887 | 1 Cista | 1 Cista | 2026-04-29 | 5.3 Medium |
| An issue was discovered in Cista v0.15 and below. Insecure deserialization of untrusted input under certain conditions may lead to leaking of stack/heap addresses which may be used to bypass ASLR. Classes with pointer-like mechanics under the cista::raw namespace are prone to reference tampering, where Cista does not perform sufficient checks to safeguard against self-referencing pointers and referencing other data within the payload. The leak occurs if the deserialized values are observable by the attacker. | ||||