Export limit exceeded: 344767 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344767 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-28394 | 1 Advancedplugins | 1 Reportsstatistics | 2026-04-15 | 9.8 Critical |
| An issue in Advanced Plugins reportsstatistics v1.3.20 and before allows a remote attacker to execute arbitrary code via the Sales Reports, Statistics, Custom Fields & Export module. | ||||
| CVE-2024-29907 | 2026-04-15 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Active Websight SEO Backlink Monitor allows Reflected XSS.This issue affects SEO Backlink Monitor: from n/a through 1.5.0. | ||||
| CVE-2024-2840 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.4 Medium |
| The Enhanced Media Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via media upload functionality in all versions up to, and including, 2.8.9 due to the plugin allowing 'dfxp' files to be uploaded. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-2845 | 2026-04-15 | 6.4 Medium | ||
| The BetterDocs – Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer For Elementor & Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-2848 | 1 Cyberchimps | 1 Responsive | 2026-04-15 | 7.5 High |
| The Responsive theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_footer_text_callback function in all versions up to, and including, 5.0.2. This makes it possible for unauthenticated attackers to inject arbitrary HTML content into the site's footer. | ||||
| CVE-2024-8602 | 2026-04-15 | N/A | ||
| When the XML is read from the codes in the PDF and parsed using a DocumentBuilder, the default settings of the DocumentBuilder allow for an XXE (XML External Entity) attack. Further information on this can be found on the website of the Open Worldwide Application Security Project (OWASP). An attacker could theoretically leverage this by delivering a manipulated PDF file to the target, and depending on the environment, various actions can be executed. These actions include: * Reading files from the operating system * Crashing the thread handling the parsing or causing it to enter an infinite loop * Executing HTTP requests * Loading additional DTDs or XML files * Under certain conditions, executing OS commands | ||||
| CVE-2024-28607 | 2026-04-15 | 2.9 Low | ||
| The ip-utils package through 2.4.0 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via a falsy isPrivate return value. | ||||
| CVE-2024-29908 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kienso Co-marquage service-public.Fr allows Stored XSS.This issue affects Co-marquage service-public.Fr: from n/a through 0.5.71. | ||||
| CVE-2024-28627 | 1 Flipsnack | 1 Flipsnack | 2026-04-15 | 7.5 High |
| An issue in Flipsnack v.18/03/2024 allows a local attacker to obtain sensitive information via the reader.gz.js file. | ||||
| CVE-2024-28698 | 2026-04-15 | 9.8 Critical | ||
| Directory Traversal vulnerability in Marimer LLC CSLA .Net before 8.0 allows a remote attacker to execute arbitrary code via a crafted script to the MobileFormatter component. | ||||
| CVE-2024-29910 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alordiel Dropdown Multisite selector allows Stored XSS.This issue affects Dropdown Multisite selector: from n/a through 0.9.2. | ||||
| CVE-2024-28716 | 1 Openstack | 1 Solum-yoga-eom | 2026-04-15 | 7.5 High |
| An issue in OpenStack Storlets yoga-eom allows a remote attacker to execute arbitrary code via the gateway.py component. | ||||
| CVE-2024-28726 | 1 Dlink | 1 Dwr-2000m Firmware | 2026-04-15 | 8 High |
| An issue in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to execute arbitrary code via a crafted payload to the Diagnostics function. | ||||
| CVE-2024-28734 | 1 Unit4 | 1 Financials | 2026-04-15 | 6.1 Medium |
| Cross Site Scripting vulnerability in Unit4 Financials by Coda prior to 2023Q4 allows a remote attacker to run arbitrary code via a crafted GET request using the cols parameter. | ||||
| CVE-2024-28744 | 1 Furunosystems | 2 Acera 9010-08 Firmware, Acera 9010-24 Firmware | 2026-04-15 | 8.8 High |
| The password is empty in the initial configuration of ACERA 9010-08 firmware v02.04 and earlier, and ACERA 9010-24 firmware v02.04 and earlier. An unauthenticated attacker may log in to the product with no password, and obtain and/or alter information such as network configuration and user information. The products are affected only when running in non MS mode with the initial configuration. | ||||
| CVE-2024-29912 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Baptiste Placé iCalendrier allows Stored XSS.This issue affects iCalendrier: from n/a through 1.80. | ||||
| CVE-2024-28747 | 1 Ifm | 2 Smart Plc Ac14xx Firmware, Smart Plc Ac4xxs Firmware | 2026-04-15 | 9.8 Critical |
| An unauthenticated remote attacker can use the hard-coded credentials to access the SmartSPS devices with high privileges. | ||||
| CVE-2024-8675 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| The Soumettre.fr plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the soumettre_disconnect_gateway function in all versions up to, and including, 2.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to disconnect the gateway and delete the API key. | ||||
| CVE-2024-28759 | 2026-04-15 | 4.3 Medium | ||
| A crafted network packet may cause a buffer overrun in Wind River VxWorks 7 through 23.09. | ||||
| CVE-2024-29914 | 2 Motopress, Wordpress | 2 Stratum, Wordpress | 2026-04-15 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MotoPress Stratum allows Stored XSS.This issue affects Stratum: from n/a through 1.3.15. | ||||