Export limit exceeded: 346642 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346642 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-12306 | 1 Unifiedtransform | 1 Unifiedtransform | 2026-04-15 | 4.3 Medium |
| Multiple access control vulnerabilities in Unifiedtransform version 2.0 and potentially earlier versions allow unauthorized access to personal information of students and teachers. The vulnerabilities include both function-level access control issues in list viewing endpoints and object-level access control issues in profile viewing endpoints. A malicious student user can access personal information of other students and teachers through these vulnerabilities. At the time of publication of the CVE no patch is available. | ||||
| CVE-2023-38399 | 2026-04-15 | 8.6 High | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Averta Phlox Portfolio allows PHP Local File Inclusion.This issue affects Phlox Portfolio: from n/a through 2.3.1. | ||||
| CVE-2024-12309 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.3 Medium |
| The Rate My Post – Star Rating Plugin by FeedbackWP plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.4 via the get_post_status() due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to vote on unpublished scheduled posts. | ||||
| CVE-2023-38417 | 2026-04-15 | 4.3 Medium | ||
| Improper input validation for some Intel(R) PROSet/Wireless WiFi software before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | ||||
| CVE-2024-12325 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.1 Medium |
| The Waymark plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘content’ parameter in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2024-1233 | 1 Redhat | 3 Jboss Enterprise Application Platform, Jboss Enterprise Application Platform Eus, Jbosseapxp | 2026-04-15 | 7.3 High |
| A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery (SSRF) vulnerability. | ||||
| CVE-2024-12346 | 1 Talentera | 1 Talentera | 2026-04-15 | 3.5 Low |
| A vulnerability has been found in Talentera up to 20241128 and classified as problematic. This vulnerability affects unknown code of the file /app/control/byt_cv_manager. The manipulation of the argument redirect_url leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The provided PoC only works in Mozilla Firefox. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-67568 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in xtemos Basel basel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Basel: from n/a through <= 5.9.1. | ||||
| CVE-2024-12373 | 2026-04-15 | N/A | ||
| A denial-of-service vulnerability exists in the Rockwell Automation Power Monitor 1000. The vulnerability results in a buffer-overflow, potentially causing denial-of-service. | ||||
| CVE-2025-67569 | 2 Scriptsbundle, Wordpress | 2 Adforest, Wordpress | 2026-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in scriptsbundle AdForest adforest allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AdForest: from n/a through <= 6.0.11. | ||||
| CVE-2024-12543 | 2026-04-15 | N/A | ||
| User Enumeration and Data Integrity in Barcode functionality in OpenText Content Management versions 24.3-25.1on Windows and Linux allows a malicous authenticated attacker to potentially alter barcode attributes. | ||||
| CVE-2023-38551 | 1 Ivanti | 1 Connect Secure | 2026-04-15 | N/A |
| A CRLF Injection vulnerability in Ivanti Connect Secure (9.x, 22.x) allows an authenticated high-privileged user to inject malicious code on a victim’s browser, thereby leading to cross-site scripting attack. | ||||
| CVE-2024-12405 | 2026-04-15 | 6.1 Medium | ||
| The Export Customers Data plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 't' parameter in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2024-12408 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.1 Medium |
| The WP on AWS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $_POST data in all versions up to, and including, 5.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2023-38654 | 2026-04-15 | 8.2 High | ||
| Improper input validation for some some Intel(R) PROSet/Wireless WiFi software for Windows before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | ||||
| CVE-2024-12413 | 2026-04-15 | 5.3 Medium | ||
| The MarketKing — Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions like 'marketking_delete_team_member', 'marketkingrejectuser', 'marketking_save_profile_settings', and many more in all versions up to, and including, 2.0.00. This makes it possible for unauthenticated attackers to delete users, update settings, approve users, and more. | ||||
| CVE-2023-39161 | 2026-04-15 | 5.4 Medium | ||
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in WP Discussion Board Discussion Board allows Content Spoofing, Cross-Site Scripting (XSS).This issue affects Discussion Board: from n/a through 2.4.8. | ||||
| CVE-2023-39163 | 2026-04-15 | 8.6 High | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Averta Phlox Shop allows PHP Local File Inclusion.This issue affects Phlox Shop: from n/a through 2.0.0. | ||||
| CVE-2024-12423 | 2026-04-15 | 6.1 Medium | ||
| The Contact Form 7 Redirect & Thank You Page plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'post' parameter in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2024-12435 | 2026-04-15 | 6.1 Medium | ||
| The Compare Products for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘s_feature’ parameter in all versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||