Export limit exceeded: 21321 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (21321 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-6838 | 1 Wordpress | 1 Wordpress | 2026-04-08 | 4.1 Medium |
| The Broken Link Notifier plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 1.3.0 via broken links that are later exported. This makes it possible for authenticated attackers, with Contributor-level access and above, to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration. | ||||
| CVE-2024-10324 | 1 Rometheme | 1 Romethemekit For Elementor | 2026-04-08 | 4.3 Medium |
| The RomethemeKit For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.5.2 via the register_controls function in widgets/offcanvas-rometheme.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data. | ||||
| CVE-2023-6962 | 1 Joomunited | 1 Wp Meta Seo | 2026-04-08 | 5.3 Medium |
| The WP Meta SEO plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.5.12 via the meta description. This makes it possible for unauthenticated attackers to disclose potentially sensitive information via the meta description of password-protected posts. | ||||
| CVE-2025-11254 | 2 Contest-gallery, Wordpress | 2 Contest Gallery, Wordpress | 2026-04-08 | 4.3 Medium |
| The Contest Gallery – Upload, Vote & Sell with PayPal and Stripe plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 27.0.3 via gallery submissions. This makes it possible for unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration. | ||||
| CVE-2025-13079 | 2 Popupbuilder, Wordpress | 2 Popup Builder – Create Highly Converting, Mobile Friendly Marketing Popups., Wordpress | 2026-04-08 | 5.3 Medium |
| The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.4.2. This is due to the plugin generating predictable unsubscribe tokens using deterministic data. This makes it possible for unauthenticated attackers to unsubscribe arbitrary subscribers from mailing lists via brute-forcing the unsubscribe token, granted they know the victim's email address | ||||
| CVE-2025-11576 | 2 Newcodebyte, Wordpress | 2 Ai Chatbot Free Models, Wordpress | 2026-04-08 | 4.3 Medium |
| The AI Chatbot Free Models – Customer Support, Live Chat, Virtual Assistant plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 1.6.5. This is due to insufficient sanitization in the 'newcodebyte_chatbot_export_messages' function. This makes it possible for unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration. | ||||
| CVE-2025-13133 | 1 Wordpress | 1 Wordpress | 2026-04-08 | 6.6 Medium |
| The Simple User Import Export plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 1.1.7 via the 'Import/export users' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration | ||||
| CVE-2025-14104 | 1 Redhat | 6 Ceph Storage, Enterprise Linux, Hummingbird and 3 more | 2026-04-08 | 6.1 Medium |
| A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database. | ||||
| CVE-2024-8910 | 1 Hasthemes | 1 Ht Mega | 2026-04-08 | 4.3 Medium |
| The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.5 via the render function in includes/widgets/htmega_accordion.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data. | ||||
| CVE-2025-8767 | 2 Anwp, Wordpress | 2 Football Leagues, Wordpress | 2026-04-08 | 4.8 Medium |
| The AnWP Football Leagues plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 0.16.17 via the 'download_csv_players' and 'download_csv_games' functions. This makes it possible for authenticated attackers, with Administrator-level access and above, to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration. | ||||
| CVE-2026-35444 | 1 Libsdl | 1 Sdl Image | 2026-04-08 | 7.1 High |
| SDL_image is a library to load images of various formats as SDL surfaces. In do_layer_surface() in src/IMG_xcf.c, pixel index values from decoded XCF tile data are used directly as colormap indices without validating them against the colormap size (cm_num). A crafted .xcf file with a small colormap and out-of-range pixel indices causes heap out-of-bounds reads of up to 762 bytes past the colormap allocation. Both IMAGE_INDEXED code paths are affected (bpp=1 and bpp=2). The leaked heap bytes are written into the output surface pixel data, making them potentially observable in the rendered image. This vulnerability is fixed with commit 996bf12888925932daace576e09c3053410896f8. | ||||
| CVE-2026-3442 | 2 Gnu, Redhat | 5 Binutils, Enterprise Linux, Hummingbird and 2 more | 2026-04-08 | 6.1 Medium |
| A flaw was found in GNU Binutils. This vulnerability, a heap-based buffer overflow, specifically an out-of-bounds read, exists in the bfd linker component. An attacker could exploit this by convincing a user to process a specially crafted malicious XCOFF object file. Successful exploitation may lead to the disclosure of sensitive information or cause the application to crash, resulting in an application level denial of service. | ||||
| CVE-2026-3441 | 2 Gnu, Redhat | 5 Binutils, Enterprise Linux, Hummingbird and 2 more | 2026-04-08 | 6.1 Medium |
| A flaw was found in GNU Binutils. This heap-based buffer overflow vulnerability, specifically an out-of-bounds read in the bfd linker, allows an attacker to gain access to sensitive information. By convincing a user to process a specially crafted XCOFF object file, an attacker can trigger this flaw, potentially leading to information disclosure or an application level denial of service. | ||||
| CVE-2026-5683 | 1 Tenda | 1 Cx12l | 2026-04-07 | 5.5 Medium |
| A vulnerability was found in Tenda CX12L 16.03.53.12. Affected by this vulnerability is the function fromP2pListFilter of the file /goform/P2pListFilter. Performing a manipulation of the argument page results in stack-based buffer overflow. The attack must originate from the local network. The exploit has been made public and could be used. | ||||
| CVE-2026-35203 | 1 Zlmediakit | 1 Zlmediakit | 2026-04-07 | 7.5 High |
| ZLMediaKit is a streaming media service framework. the VP9 RTP payload parser in ext-codec/VP9Rtp.cpp reads multiple fields from the RTP payload based on flag bits in the first byte, without verifying that sufficient data exists in the buffer. A crafted VP9 RTP packet with a 1-byte payload (0xFF, all flags set) causes the parser to read past the end of the allocated buffer, resulting in a heap-buffer-overflow. This vulnerability is fixed with commit 435dcbcbbf700fd63b2ca9eac6cef3b5ea75169d. | ||||
| CVE-2026-5686 | 1 Tenda | 1 Cx12l | 2026-04-07 | 8.8 High |
| A security flaw has been discovered in Tenda CX12L 16.03.53.12. This vulnerability affects the function fromRouteStatic of the file /goform/RouteStatic. The manipulation of the argument page results in stack-based buffer overflow. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2026-35201 | 1 Davidfstr | 1 Rdiscount | 2026-04-07 | 5.9 Medium |
| Discount is an implementation of John Gruber's Markdown markup language in C. From 1.3.1.1 to before 2.2.7.4, a signed length truncation bug causes an out-of-bounds read in the default Markdown parse path. Inputs larger than INT_MAX are truncated to a signed int before entering the native parser, allowing the parser to read past the end of the supplied buffer and crash the process. This vulnerability is fixed in 2.2.7.4. | ||||
| CVE-2026-35176 | 1 Trabucayre | 1 Openfpgaloader | 2026-04-07 | 7.1 High |
| openFPGALoader is a utility for programming FPGAs. In 1.1.1 and earlier, a heap-buffer-overflow read vulnerability exists in POFParser::parseSection() that allows out-of-bounds heap memory access when parsing a crafted .pof file. No FPGA hardware is required to trigger this vulnerability. | ||||
| CVE-2025-15555 | 1 Open5gs | 1 Open5gs | 2026-04-07 | 7.3 High |
| A security flaw has been discovered in Open5GS up to 2.7.6. Affected by this vulnerability is the function hss_ogs_diam_cx_mar_cb of the file src/hss/hss-cx-path.c of the component VoLTE Cx-Test. The manipulation of the argument OGS_KEY_LEN results in stack-based buffer overflow. The attack may be launched remotely. The patch is identified as 54dda041211098730221d0ae20a2f9f9173e7a21. A patch should be applied to remediate this issue. | ||||
| CVE-2026-34979 | 1 Openprinting | 1 Cups | 2026-04-07 | 5.3 Medium |
| OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, there is a heap-based buffer overflow in the CUPS scheduler when building filter option strings from job attribute. At time of publication, there are no publicly available patches. | ||||