Export limit exceeded: 345089 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345089 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-48159 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Youtube Vimeo Video Player and Slider WP Plugin video-player-youtube-vimeo allows Reflected XSS.This issue affects Youtube Vimeo Video Player and Slider WP Plugin: from n/a through <= 3.8. | ||||
| CVE-2025-48165 | 2 Delucks, Wordpress | 2 Delucks Seo, Wordpress | 2026-04-15 | N/A |
| Incorrect Privilege Assignment vulnerability in DELUCKS DELUCKS SEO delucks-seo allows Privilege Escalation.This issue affects DELUCKS SEO: from n/a through <= 2.6.0. | ||||
| CVE-2025-48167 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in alexvtn Chatbox Manager wa-chatbox-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chatbox Manager: from n/a through <= 1.2.5. | ||||
| CVE-2025-48168 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Apollo - Sticky Full Width HTML5 Audio Player lbg-audio5-html5-shoutcast-sticky allows Reflected XSS.This issue affects Apollo - Sticky Full Width HTML5 Audio Player: from n/a through <= 3.4. | ||||
| CVE-2025-6225 | 2026-04-15 | N/A | ||
| Kieback&Peter Neutrino-GLT product is used for building management. It's web component "SM70 PHWEB" is vulnerable to shell command injection via login form. The injected commands would execute with low privileges. The vulnerability has been fixed in version 9.40.02 | ||||
| CVE-2025-57927 | 2 Stephanie Leary, Wordpress | 2 Dashboard Notepad, Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Stephanie Leary Dashboard Notepad dashboard-notepad allows Cross Site Request Forgery.This issue affects Dashboard Notepad: from n/a through <= 1.42. | ||||
| CVE-2025-22591 | 2 Lenderd, Wordpress | 2 1003 Mortgage Application, Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in 8blocks 1003 Mortgage Application 1003-mortgage-application allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 1003 Mortgage Application: from n/a through <= 1.87. | ||||
| CVE-2025-57933 | 2 Piotnet, Wordpress | 2 Piotnet Forms, Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in piotnetdotcom Piotnet Forms piotnetforms allows Cross Site Request Forgery.This issue affects Piotnet Forms: from n/a through <= 1.0.30. | ||||
| CVE-2025-12738 | 1 Neo4j | 1 Enterprise Edition | 2026-04-15 | N/A |
| Neo4j Enterprise edition versions prior to 2025.11.2 and 5.26.17 are vulnerable to a potential information disclosure by an attacker who has some legitimate access to the database. The vulnerability allows attacker without read access to a property to infer information about its value by trying to enumerate all possible values through observing error messages of SET property. We recommend upgrading to 2025.11.2 or 5.26.17 and above, where the issues is fixed. | ||||
| CVE-2025-48172 | 1 Chmlib | 1 Chmlib | 2026-04-15 | 5.6 Medium |
| CHMLib through 2bef8d0, as used in SumatraPDF and other products, has a chm_lib.c _chm_decompress_block integer overflow. There is a resultant heap-based buffer overflow in _chm_fetch_bytes. | ||||
| CVE-2025-57937 | 2 Etruel, Wordpress | 2 Wpematico Rss Feed Fetcher, Wordpress | 2026-04-15 | N/A |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in etruel WPeMatico RSS Feed Fetcher wpematico allows Retrieve Embedded Sensitive Data.This issue affects WPeMatico RSS Feed Fetcher: from n/a through <= 2.8.10. | ||||
| CVE-2025-48204 | 2026-04-15 | 6.8 Medium | ||
| The ns_backup extension through 13.0.0 for TYPO3 allows command injection. | ||||
| CVE-2025-48219 | 2026-04-15 | 3.5 Low | ||
| O2 UK before 2025-05-19 allows subscribers to determine the Cell ID of other subscribers by initiating an IMS (IP Multimedia Subsystem) call and then reading the utran-cell-id-3gpp field of a Cellular-Network-Info SIP header, aka an ECI (E-UTRAN Cell Identity) leak. The Cell ID might be usable to identify a cell location via crowdsourced data, and might correspond to a small physical area (e.g., if the called party is in a city centre). Removal of the Cellular-Network-Info header is mentioned in section 4.4.19 of ETSI TS 124 229. | ||||
| CVE-2025-48231 | 2 Codepeople, Wordpress | 2 Booking Calendar Contact Form, Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople Booking Calendar Contact Form booking-calendar-contact-form allows Stored XSS.This issue affects Booking Calendar Contact Form: from n/a through <= 1.2.58. | ||||
| CVE-2025-22642 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rtowebsites Dynamic Conditions dynamicconditions allows Stored XSS.This issue affects Dynamic Conditions: from n/a through <= 1.7.4. | ||||
| CVE-2025-48232 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xpro Xpro Addons For Beaver Builder – Lite xpro-addons-beaver-builder-elementor allows Stored XSS.This issue affects Xpro Addons For Beaver Builder – Lite: from n/a through <= 1.5.5. | ||||
| CVE-2025-48236 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bunny.net bunny.net bunnycdn allows Stored XSS.This issue affects bunny.net: from n/a through <= 2.3.0. | ||||
| CVE-2025-5259 | 2026-04-15 | 6.4 Medium | ||
| The Minimal Share Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ parameter in all versions up to, and including, 1.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-48234 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ultimate Blocks Ultimate Blocks ultimate-blocks allows DOM-Based XSS.This issue affects Ultimate Blocks: from n/a through <= 3.3.0. | ||||
| CVE-2025-48235 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bogdan Bendziukov WP Image Mask wp-image-mask allows DOM-Based XSS.This issue affects WP Image Mask: from n/a through <= 3.1.2. | ||||