Export limit exceeded: 344880 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344880 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-22488 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in IdeaBox Creations Dashboard Welcome for Beaver Builder dashboard-welcome-for-beaver-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dashboard Welcome for Beaver Builder: from n/a through <= 1.0.8. | ||||
| CVE-2026-22489 | 2 Wordpress, Wptexture | 2 Wordpress, Image Slider Slideshow | 2026-04-15 | N/A |
| Authorization Bypass Through User-Controlled Key vulnerability in Wptexture Image Slider Slideshow image-slider-slideshow allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Slider Slideshow: from n/a through <= 1.8. | ||||
| CVE-2025-28961 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Deserialization of Untrusted Data vulnerability in Md Yeasin Ul Haider URL Shortener exact-links allows Object Injection.This issue affects URL Shortener: from n/a through <= 3.0.7. | ||||
| CVE-2025-8506 | 1 495300897 | 1 Wx-shop | 2026-04-15 | 3.5 Low |
| A vulnerability was found in 495300897 wx-shop up to de1b66331368695779cfc6e4d11a64caddf8716e and classified as problematic. This issue affects some unknown processing of the file /user/editUI. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. | ||||
| CVE-2026-22492 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in Nawawi Jamili Docket Cache docket-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Docket Cache: from n/a through <= 24.07.04. | ||||
| CVE-2025-28962 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in stefanoai Advanced Google Universal Analytics advanced-google-universal-analytics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Google Universal Analytics: from n/a through <= 1.0.3. | ||||
| CVE-2026-22535 | 1 Efacec | 3 Qc 120, Qc 60, Qc 90 | 2026-04-15 | N/A |
| An attacker with the ability to interact through the network and with access credentials, could, thanks to the unsecured (unencrypted) MQTT communications protocol, write on the server topics of the board that controls the MQTT communications | ||||
| CVE-2026-22537 | 1 Efacec | 3 Qc 120, Qc 60, Qc 90 | 2026-04-15 | N/A |
| The lack of hardening of the system allows the user used to manage and maintain the charger to consult different files containing clear-text credentials or valuable information for an attacker. | ||||
| CVE-2026-22539 | 1 Efacec | 3 Qc 120, Qc 60, Qc 90 | 2026-04-15 | N/A |
| As the service interaction is performed without authentication, an attacker with some knowledge of the protocol could obtain information about the charger via OCPP v1.6. | ||||
| CVE-2026-22540 | 1 Efacec | 3 Qc 120, Qc 60, Qc 90 | 2026-04-15 | N/A |
| The massive sending of ARP requests causes a denial of service on one board of the charger that allows control of the EV interfaces. Since the board must be operating correctly for the charger to also function correctly. | ||||
| CVE-2020-36834 | 2026-04-15 | 6.3 Medium | ||
| The Discount Rules for WooCommerce plugin for WordPress is vulnerable to missing authorization via several AJAX actions in versions up to, and including, 2.0.2 due to missing capability checks on various functions. This makes it possible for subscriber-level attackers to execute various actions and perform a wide variety of actions such as modifying rules and saving configurations. | ||||
| CVE-2026-22541 | 1 Efacec | 3 Qc 120, Qc 60, Qc 90 | 2026-04-15 | N/A |
| The massive sending of ICMP requests causes a denial of service on one of the boards from the EVCharger that allows control the EV interfaces. Since the board must be operating correctly for the charger to also function correctly. | ||||
| CVE-2026-22542 | 1 Efacec | 3 Qc 120, Qc 60, Qc 90 | 2026-04-15 | N/A |
| An attacker with access to the system's internal network can cause a denial of service on the system by making two concurrent connections through the Telnet service. | ||||
| CVE-2026-22543 | 1 Efacec | 3 Qc 120, Qc 60, Qc 90 | 2026-04-15 | N/A |
| The credentials required to access the device's web server are sent in base64 within the HTTP headers. Since base64 is not considered a strong cipher, an attacker could intercept the web request handling the login and obtain the credentials | ||||
| CVE-2026-22544 | 2026-04-15 | N/A | ||
| An attacker with a network connection could detect credentials in clear text. | ||||
| CVE-2025-28963 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Server-Side Request Forgery (SSRF) vulnerability in Md Yeasin Ul Haider URL Shortener exact-links allows Server Side Request Forgery.This issue affects URL Shortener: from n/a through <= 3.0.7. | ||||
| CVE-2025-28964 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in mangup Personal Favicon personal-favicon allows Stored XSS.This issue affects Personal Favicon: from n/a through <= 2.0. | ||||
| CVE-2025-28966 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in dilemma123 Recent Posts Slider Responsive recent-posts-slider-responsive allows Stored XSS.This issue affects Recent Posts Slider Responsive: from n/a through <= 1.0.1. | ||||
| CVE-2025-28967 | 2026-04-15 | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Steve Truman Contact Us page - Contact people LITE contact-us-page-contact-people allows SQL Injection.This issue affects Contact Us page - Contact people LITE: from n/a through <= 3.7.4. | ||||
| CVE-2025-40118 | 1 Linux | 1 Linux Kernel | 2026-04-15 | 7.0 High |
| In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod Since commit f7b705c238d1 ("scsi: pm80xx: Set phy_attached to zero when device is gone") UBSAN reports: UBSAN: array-index-out-of-bounds in drivers/scsi/pm8001/pm8001_sas.c:786:17 index 28 is out of range for type 'pm8001_phy [16]' on rmmod when using an expander. For a direct attached device, attached_phy contains the local phy id. For a device behind an expander, attached_phy contains the remote phy id, not the local phy id. I.e. while pm8001_ha will have pm8001_ha->chip->n_phy local phys, for a device behind an expander, attached_phy can be much larger than pm8001_ha->chip->n_phy (depending on the amount of phys of the expander). E.g. on my system pm8001_ha has 8 phys with phy ids 0-7. One of the ports has an expander connected. The expander has 31 phys with phy ids 0-30. The pm8001_ha->phy array only contains the phys of the HBA. It does not contain the phys of the expander. Thus, it is wrong to use attached_phy to index the pm8001_ha->phy array for a device behind an expander. Thus, we can only clear phy_attached for devices that are directly attached. | ||||