Export limit exceeded: 344866 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344866 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-49313 | 2026-04-15 | N/A | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ovatheme BRW ova-brw allows PHP Local File Inclusion.This issue affects BRW: from n/a through <= 1.8.6. | ||||
| CVE-2025-49312 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeRevolution Echo RSS Feed Post Generator Plugin for WordPress rss-feed-post-generator-echo allows Reflected XSS.This issue affects Echo RSS Feed Post Generator Plugin for WordPress: from n/a through <= 5.4.8.1. | ||||
| CVE-2025-49314 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ovatheme BRW ova-brw allows Stored XSS.This issue affects BRW: from n/a through <= 1.8.6. | ||||
| CVE-2025-49316 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saleswonder Team: Tobias WP2LEADS wp2leads allows Reflected XSS.This issue affects WP2LEADS: from n/a through <= 3.5.0. | ||||
| CVE-2025-49318 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPtouch WPtouch wptouch allows Stored XSS.This issue affects WPtouch: from n/a through <= 4.3.60. | ||||
| CVE-2025-24720 | 2 Wordpress, Wow-company | 2 Wordpress, Sticky Buttons | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Sticky Buttons sticky-buttons allows Cross Site Request Forgery.This issue affects Sticky Buttons: from n/a through <= 4.1.1. | ||||
| CVE-2025-49320 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in fraudlabspro FraudLabs Pro for WooCommerce fraudlabs-pro-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FraudLabs Pro for WooCommerce: from n/a through <= 2.22.11. | ||||
| CVE-2025-49324 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in PickPlugins Job Board Manager job-board-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Job Board Manager: from n/a through <= 2.1.60. | ||||
| CVE-2025-49325 | 2026-04-15 | N/A | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Automattic Newspack Newsletters newspack-newsletters allows Phishing.This issue affects Newspack Newsletters: from n/a through <= 3.13.0. | ||||
| CVE-2025-49322 | 2026-04-15 | 5.9 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SeedProd 404 Page by SeedProd allows Stored XSS. This issue affects 404 Page by SeedProd: from n/a through n/a. | ||||
| CVE-2025-49327 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ruben Garcia ShortLinks Pro shortlinkspro allows SQL Injection.This issue affects ShortLinks Pro: from n/a through <= 1.0.7. | ||||
| CVE-2025-49331 | 2026-04-15 | N/A | ||
| Deserialization of Untrusted Data vulnerability in impleCode eCommerce Product Catalog ecommerce-product-catalog allows Object Injection.This issue affects eCommerce Product Catalog: from n/a through <= 3.4.3. | ||||
| CVE-2025-49332 | 1 Codepeople | 1 Wp Time Slots Booking Form | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in codepeople WP Time Slots Booking Form wp-time-slots-booking-form allows Cross Site Request Forgery.This issue affects WP Time Slots Booking Form: from n/a through <= 1.2.30. | ||||
| CVE-2025-49333 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wp.insider Simple Membership simple-membership allows Stored XSS.This issue affects Simple Membership: from n/a through <= 4.6.3. | ||||
| CVE-2025-6947 | 1 Watchguard | 2 Firebox, Fireware | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS via the SIP Proxy module. This vulnerability requires an authenticated administrator session to a locally managed Firebox. This issue affects Firebox: from 12.0 through 12.11.2. | ||||
| CVE-2025-24740 | 2 Thimpress, Wordpress | 2 Learnpress, Wordpress | 2026-04-15 | N/A |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in ThimPress LearnPress learnpress.This issue affects LearnPress: from n/a through <= 4.2.7.1. | ||||
| CVE-2025-49335 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Server-Side Request Forgery (SSRF) vulnerability in minnur External Media external-media allows Server Side Request Forgery.This issue affects External Media: from n/a through <= 1.0.36. | ||||
| CVE-2024-4029 | 1 Redhat | 7 Build Keycloak, Jboss Data Grid, Jboss Enterprise Application Platform and 4 more | 2026-04-15 | 4.1 Medium |
| A vulnerability was found in Wildfly’s management interface. Due to the lack of limitation of sockets for the management interface, it may be possible to cause a denial of service hitting the nofile limit as there is no possibility to configure or set a maximum number of connections. | ||||
| CVE-2025-49336 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pondol Pondol BBS pondol-bbs allows Stored XSS.This issue affects Pondol BBS: from n/a through <= 1.1.8.4. | ||||
| CVE-2025-58951 | 2 Smartcmsmarket, Wordpress | 2 Advance Seat Reservation Management For Woocommerce, Wordpress | 2026-04-15 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in smartcms Advance Seat Reservation Management for WooCommerce scw-seat-reservation allows SQL Injection.This issue affects Advance Seat Reservation Management for WooCommerce: from n/a through <= 3.1. | ||||