Export limit exceeded: 348125 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (348125 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-23506 | 1 Instawp | 1 Instawp Connect | 2026-04-23 | 7.7 High |
| Insertion of Sensitive Information Into Sent Data vulnerability in InstaWP InstaWP Connect instawp-connect.This issue affects InstaWP Connect: from n/a through <= 0.1.0.9. | ||||
| CVE-2024-23500 | 1 Kadencewp | 1 Gutenberg Blocks With Ai | 2026-04-23 | 7.7 High |
| Server-Side Request Forgery (SSRF) vulnerability in StellarWP Gutenberg Blocks by Kadence Blocks kadence-blocks.This issue affects Gutenberg Blocks by Kadence Blocks: from n/a through <= 3.2.19. | ||||
| CVE-2024-22307 | 1 Wplab | 1 Wp-lister Lite For Ebay | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Lab WP-Lister Lite for eBay wp-lister-for-ebay.This issue affects WP-Lister Lite for eBay: from n/a through <= 3.5.7. | ||||
| CVE-2024-22289 | 1 Cybernetikz | 1 Post Views Stats | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CyberNetikz Post views Stats post-views-stats allows DOM-Based XSS.This issue affects Post views Stats: from n/a through <= 1.4.1. | ||||
| CVE-2024-22145 | 1 Instawp | 1 Instawp Connect | 2026-04-23 | 8.8 High |
| Incorrect Privilege Assignment vulnerability in InstaWP InstaWP Connect instawp-connect.This issue affects InstaWP Connect: from n/a through <= 0.1.0.8. | ||||
| CVE-2024-1435 | 1 Tainacan | 1 Tainacan | 2026-04-23 | 5.3 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in tainacan Tainacan tainacan.This issue affects Tainacan: from n/a through <= 0.20.6. | ||||
| CVE-2024-11402 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kubiq Block Editor Bootstrap Blocks block-editor-bootstrap-blocks allows Reflected XSS.This issue affects Block Editor Bootstrap Blocks: from n/a through <= 6.6.1. | ||||
| CVE-2023-50904 | 2 Ays-pro, Poll Maker Team | 2 Poll Maker, Poll Maker | 2026-04-23 | 5.3 Medium |
| Missing Authorization vulnerability in Ays Pro Poll Maker poll-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll Maker: from n/a through <= 4.8.0. | ||||
| CVE-2023-49857 | 2 Awesomesupport, Getawesomesupport | 2 Awesome Support Wordpress Helpdesk \& Support, Awesome Support | 2026-04-23 | 6.5 Medium |
| Missing Authorization vulnerability in awesomesupport Awesome Support awesome-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Awesome Support: from n/a through <= 6.1.7. | ||||
| CVE-2023-49831 | 1 Metagauss | 1 Registrationmagic | 2026-04-23 | 7.5 High |
| Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from n/a through <= 5.2.3.0. | ||||
| CVE-2023-49757 | 1 Getawesomesupport | 1 Awesome Support | 2026-04-23 | 5.4 Medium |
| Missing Authorization vulnerability in awesomesupport Awesome Support awesome-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Awesome Support: from n/a through <= 6.1.10. | ||||
| CVE-2023-48324 | 1 Getawesomesupport | 1 Awesome Support | 2026-04-23 | 5.4 Medium |
| Missing Authorization vulnerability in awesomesupport Awesome Support awesome-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Awesome Support: from n/a through <= 6.1.4. | ||||
| CVE-2023-47807 | 1 10web | 1 10webanalytics | 2026-04-23 | 4.3 Medium |
| Missing Authorization vulnerability in 10Web 10WebAnalytics wd-google-analytics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 10WebAnalytics: from n/a through <= 1.2.12. | ||||
| CVE-2023-45766 | 1 Ays-pro | 1 Poll Maker | 2026-04-23 | 5.3 Medium |
| Missing Authorization vulnerability in Ays Pro Poll Maker poll-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll Maker: from n/a through <= 4.7.1. | ||||
| CVE-2023-45765 | 1 Wedevs | 1 Wp Erp | 2026-04-23 | 4.3 Medium |
| Missing Authorization vulnerability in weDevs WP ERP erp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP ERP: from n/a through <= 1.12.6. | ||||
| CVE-2021-41715 | 1 Libsixel | 1 Libsixel | 2026-04-23 | 8.8 High |
| libsixel 1.10.0 is vulnerable to Use after free in libsixel/src/dither.c:379. | ||||
| CVE-2025-61146 | 1 Saitoha | 1 Libsixel | 2026-04-23 | 4 Medium |
| saitoha libsixel until v1.8.7 was discovered to contain a memory leak via the component malloc_stub.c. | ||||
| CVE-2026-30459 | 2 Daylightstudio, Thedaylightstudio | 2 Fuel Cms, Fuel Cms | 2026-04-23 | 7.1 High |
| An issue in the Forgot Password feature of Daylight Studio FuelCMS v1.5.2 allows unauthenticated attackers to obtain the password reset token of a victim user via a crafted link placed in a valid e-mail message. | ||||
| CVE-2026-35464 | 1 Pyload | 1 Pyload | 2026-04-23 | 7.5 High |
| pyLoad is a free and open-source download manager written in Python. The fix for CVE-2026-33509 added an ADMIN_ONLY_OPTIONS set to block non-admin users from modifying security-critical config options. The storage_folder option is not in this set and passes the existing path restriction because the Flask session directory is outside both PKGDIR and userdir. A user with SETTINGS and ADD permissions can redirect downloads to the Flask filesystem session store, plant a malicious pickle payload as a predictable session file, and trigger arbitrary code execution when any HTTP request arrives with the corresponding session cookie. This vulnerability is fixed with commit c4cf995a2803bdbe388addfc2b0f323277efc0e1. | ||||
| CVE-2026-34082 | 2 Dify, Langgenius | 2 Dify, Dify | 2026-04-23 | 4.3 Medium |
| Dify is an open-source LLM app development platform. Prior to 1.13.1, the method `DELETE /console/api/installed-apps/<appId>/conversations/<conversationId>` has poor authorization checking and allows any Dify-authenticated user to delete someone else's chat history. Version 1.13.1 patches the issue. | ||||