Export limit exceeded: 347172 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347172 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-25461 | 2 Purethemes, Wordpress | 2 Listeo, Wordpress | 2026-04-24 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in purethemes Listeo Core listeo-core allows Reflected XSS.This issue affects Listeo Core: from n/a through <= 2.0.21. | ||||
| CVE-2026-25462 | 2 Avalex, Wordpress | 2 Avalex, Wordpress | 2026-04-24 | 6.5 Medium |
| Missing Authorization vulnerability in avalex avalex avalex allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects avalex: from n/a through <= 3.1.3. | ||||
| CVE-2026-25464 | 2 Tielabs, Wordpress | 2 Jannah, Wordpress | 2026-04-24 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in TieLabs Jannah jannah allows PHP Local File Inclusion.This issue affects Jannah: from n/a through <= 7.6.4. | ||||
| CVE-2026-27040 | 2 Aa-team, Wordpress | 2 Wzone, Wordpress | 2026-04-24 | 8.8 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AA-Team WZone woozone allows Path Traversal.This issue affects WZone: from n/a through <= 14.0.31. | ||||
| CVE-2026-27044 | 2 Totalsuite, Wordpress | 2 Total Poll Lite, Wordpress | 2026-04-24 | 9.9 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in TotalSuite Total Poll Lite totalpoll-lite allows Remote Code Inclusion.This issue affects Total Poll Lite: from n/a through <= 4.12.0. | ||||
| CVE-2026-27048 | 2 Elated-themes, Wordpress | 2 The Aisle Core, Wordpress | 2026-04-24 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes The Aisle Core theaisle-core allows PHP Local File Inclusion.This issue affects The Aisle Core: from n/a through <= 2.0.5. | ||||
| CVE-2026-27077 | 2 Mikado-themes, Wordpress | 2 Multioffice, Wordpress | 2026-04-24 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes MultiOffice multioffice allows PHP Local File Inclusion.This issue affects MultiOffice: from n/a through <= 1.2. | ||||
| CVE-2026-27079 | 2 Mikado-themes, Wordpress | 2 Amfissa, Wordpress | 2026-04-24 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Amfissa amfissa allows PHP Local File Inclusion.This issue affects Amfissa: from n/a through <= 1.1. | ||||
| CVE-2026-27081 | 2 Mikado-themes, Wordpress | 2 Rosebud, Wordpress | 2026-04-24 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Rosebud rosebud allows PHP Local File Inclusion.This issue affects Rosebud: from n/a through <= 1.4. | ||||
| CVE-2026-4822 | 1 Enter Software | 1 Iperius Backup | 2026-04-24 | 7 High |
| A vulnerability was detected in Enter Software Iperius Backup up to 8.7.3. Affected is an unknown function of the file C:\ProgramData\IperiusBackup\Jobs\ of the component Backup Service. Performing a manipulation results in creation of temporary file with insecure permissions. The attack is only possible with local access. A high degree of complexity is needed for the attack. The exploitability is told to be difficult. The exploit is now public and may be used. Upgrading to version 8.7.4 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product. | ||||
| CVE-2026-4823 | 1 Enter Software | 1 Iperius Backup | 2026-04-24 | 2.5 Low |
| A flaw has been found in Enter Software Iperius Backup up to 8.7.3. Affected by this vulnerability is an unknown functionality of the component NTLM2 Handler. Executing a manipulation can lead to information disclosure. The attack is restricted to local execution. Attacks of this nature are highly complex. The exploitation appears to be difficult. The exploit has been published and may be used. Upgrading to version 8.7.4 addresses this issue. Upgrading the affected component is advised. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product. | ||||
| CVE-2026-4824 | 1 Enter Software | 1 Iperius Backup | 2026-04-24 | 7 High |
| A vulnerability has been found in Enter Software Iperius Backup up to 8.7.3. Affected by this issue is some unknown functionality of the component Backup Job Configuration File Handler. The manipulation leads to improper privilege management. The attack must be carried out locally. The attack is considered to have high complexity. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 8.7.4 can resolve this issue. It is advisable to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product. | ||||
| CVE-2026-4845 | 1 Dameng100 | 1 Muucmf | 2026-04-24 | 4.3 Medium |
| A flaw has been found in dameng100 muucmf 1.9.5.20260309. Impacted is an unknown function of the file /admin/Member/index.html. This manipulation of the argument Search causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-4848 | 1 Dameng100 | 1 Muucmf | 2026-04-24 | 4.3 Medium |
| A vulnerability was determined in dameng100 muucmf 1.9.5.20260309. This affects an unknown function of the file /admin/extend/list.html. Executing a manipulation of the argument Name can lead to cross site scripting. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-4877 | 1 Itsourcecode | 1 Payroll Management System | 2026-04-24 | 4.3 Medium |
| A security flaw has been discovered in itsourcecode Payroll Management System up to 1.0. This affects an unknown function of the file /index.php. Performing a manipulation of the argument page results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2026-4907 | 1 Page-replica | 1 Page Replica | 2026-04-24 | 6.3 Medium |
| A vulnerability was identified in Page-Replica Page Replica up to e4a7f52e75093ee318b4d5a9a9db6751050d2ad0. The impacted element is the function sitemap.fetch of the file /sitemap of the component Endpoint. The manipulation of the argument url leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-4954 | 1 Mingsoft | 1 Mcms | 2026-04-24 | 6.3 Medium |
| A security vulnerability has been detected in mingSoft MCMS up to 5.5.0. Impacted is the function list of the file net/mingsoft/cms/action/web/ContentAction.java of the component Web Content List Endpoint. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2026-4956 | 1 Shenzhen Ruiming Technology | 1 Streamax Crocus | 2026-04-24 | 7.3 High |
| A vulnerability was detected in Shenzhen Ruiming Technology Streamax Crocus 1.3.44. The affected element is an unknown function of the file /DevicePrint.do?Action=ReadTask of the component Parameter Handler. The manipulation of the argument State results in sql injection. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-4847 | 1 Dameng100 | 1 Muucmf | 2026-04-24 | 4.3 Medium |
| A vulnerability was found in dameng100 muucmf 1.9.5.20260309. The impacted element is an unknown function of the file /admin/config/list.html. Performing a manipulation of the argument Name results in cross site scripting. The attack can be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-32495 | 2 Linksoftwarellc, Wordpress | 2 Wp Terms Popup, Wordpress | 2026-04-24 | 7.5 High |
| Missing Authorization vulnerability in Link Software LLC WP Terms Popup wp-terms-popup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Terms Popup: from n/a through <= 2.10.0. | ||||