Export limit exceeded: 347453 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347453 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-39629 | 2 Kutethemes, Wordpress | 2 Uminex, Wordpress | 2026-04-24 | 5.3 Medium |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutethemes Uminex uminex allows Code Injection.This issue affects Uminex: from n/a through <= 1.0.9. | ||||
| CVE-2026-39637 | 2 Spabrice, Wordpress | 2 Mogi, Wordpress | 2026-04-24 | 5.3 Medium |
| Missing Authorization vulnerability in SpabRice Mogi mogi allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mogi: from n/a through <= 1.2.3. | ||||
| CVE-2026-39638 | 2 Themeum, Wordpress | 2 Qubely, Wordpress | 2026-04-24 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum Qubely qubely allows Stored XSS.This issue affects Qubely: from n/a through <= 1.8.14. | ||||
| CVE-2026-39643 | 2 Payment Plugins, Wordpress | 2 Payment Plugins For Paypal Woocommerce, Wordpress | 2026-04-24 | 5.3 Medium |
| Missing Authorization vulnerability in Payment Plugins Payment Plugins for PayPal WooCommerce pymntpl-paypal-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payment Plugins for PayPal WooCommerce: from n/a through <= 2.0.13. | ||||
| CVE-2026-39630 | 2 Getty Images, Wordpress | 2 Getty Images, Wordpress | 2026-04-24 | 6.4 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in Getty Images Getty Images getty-images allows Server Side Request Forgery.This issue affects Getty Images: from n/a through <= 4.1.0. | ||||
| CVE-2026-39632 | 2 Themegoods, Wordpress | 2 Grand Blog, Wordpress | 2026-04-24 | 6.5 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Blog grandblog allows Cross Site Request Forgery.This issue affects Grand Blog: from n/a through <= 3.1. | ||||
| CVE-2026-39634 | 2 Themegoods, Wordpress | 2 Grand Portfolio, Wordpress | 2026-04-24 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Portfolio grandportfolio allows Cross Site Request Forgery.This issue affects Grand Portfolio: from n/a through <= 3.3. | ||||
| CVE-2026-39636 | 2 Livemesh, Wordpress | 2 Livemesh Addons For Elementor, Wordpress | 2026-04-24 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in livemesh Livemesh Addons for Elementor addons-for-elementor allows Stored XSS.This issue affects Livemesh Addons for Elementor: from n/a through <= 9.0. | ||||
| CVE-2026-23349 | 1 Linux | 1 Linux Kernel | 2026-04-24 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: HID: pidff: Fix condition effect bit clearing As reported by MPDarkGuy on discord, NULL pointer dereferences were happening because not all the conditional effects bits were cleared. Properly clear all conditional effect bits from ffbit | ||||
| CVE-2026-39681 | 2 Apustheme, Wordpress | 2 Homeo, Wordpress | 2026-04-24 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusTheme Homeo homeo allows PHP Local File Inclusion.This issue affects Homeo: from n/a through <= 1.2.59. | ||||
| CVE-2026-39677 | 2 Creatives Planet, Wordpress | 2 Emphires, Wordpress | 2026-04-24 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Creatives_Planet Emphires emphires allows PHP Local File Inclusion.This issue affects Emphires: from n/a through <= 3.9. | ||||
| CVE-2026-39669 | 2 Nitropack, Wordpress | 2 Nitropack, Wordpress | 2026-04-24 | 5.3 Medium |
| Missing Authorization vulnerability in NitroPack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NitroPack: from n/a through 1.19.3. | ||||
| CVE-2026-39679 | 2 Apustheme, Wordpress | 2 Freeio, Wordpress | 2026-04-24 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusTheme Freeio freeio allows PHP Local File Inclusion.This issue affects Freeio: from n/a through <= 1.3.21. | ||||
| CVE-2026-39673 | 2 Shrikantkale, Wordpress | 2 Izooto, Wordpress | 2026-04-24 | 5.3 Medium |
| Missing Authorization vulnerability in shrikantkale iZooto izooto-web-push allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iZooto: from n/a through <= 3.7.20. | ||||
| CVE-2026-39663 | 2 Themetechmount, Wordpress | 2 Truebooker, Wordpress | 2026-04-24 | 5.3 Medium |
| Missing Authorization vulnerability in themetechmount TrueBooker truebooker-appointment-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TrueBooker: from n/a through <= 1.1.5. | ||||
| CVE-2026-39665 | 2 Vladimir Prelovac, Wordpress | 2 Seo Friendly Images, Wordpress | 2026-04-24 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vladimir Prelovac SEO Friendly Images seo-image allows DOM-Based XSS.This issue affects SEO Friendly Images: from n/a through <= 3.0.5. | ||||
| CVE-2026-39666 | 2 Telepathy, Wordpress | 2 Hello Bar Popup Builder, Wordpress | 2026-04-24 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in telepathy Hello Bar Popup Builder hellobar allows DOM-Based XSS.This issue affects Hello Bar Popup Builder: from n/a through <= 1.5.1. | ||||
| CVE-2026-39674 | 2 Manoj Kumar, Wordpress | 2 Mk Google Directions, Wordpress | 2026-04-24 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Manoj Kumar MK Google Directions google-distance-calculator allows DOM-Based XSS.This issue affects MK Google Directions: from n/a through <= 3.1.1. | ||||
| CVE-2026-39668 | 2 G5theme, Wordpress | 2 Book Previewer For Woocommerce, Wordpress | 2026-04-24 | 5.3 Medium |
| Missing Authorization vulnerability in g5theme Book Previewer for Woocommerce book-previewer-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Book Previewer for Woocommerce: from n/a through <= 1.0.6. | ||||
| CVE-2026-39670 | 2 Brecht, Wordpress | 2 Visual Link Preview, Wordpress | 2026-04-24 | 6 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in Brecht Visual Link Preview visual-link-preview allows Server Side Request Forgery.This issue affects Visual Link Preview: from n/a through <= 2.3.0. | ||||