Export limit exceeded: 345217 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345217 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-54043 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce SMTP for Amazon SES smtp-amazon-ses allows SQL Injection.This issue affects SMTP for Amazon SES: from n/a through <= 1.9. | ||||
| CVE-2024-31837 | 2026-04-15 | 8.4 High | ||
| DMitry (Deepmagic Information Gathering Tool) 1.3a has a format-string vulnerability, with a threat model similar to CVE-2017-7938. | ||||
| CVE-2024-31025 | 1 Shopex | 1 Ecshop | 2026-04-15 | 7.5 High |
| SQL Injection vulnerability in ECshop 4.x allows an attacker to obtain sensitive information via the file/article.php component. | ||||
| CVE-2025-64168 | 1 Agno-agi | 1 Agno | 2026-04-15 | 7.1 High |
| Agno is a multi-agent framework, runtime and control plane. From 2.0.0 to before 2.2.2, under high concurrency, when session_state is passed to Agent or Team during run or arun calls, a race condition can occur, causing a session_state to be assigned and persisted to the incorrect session. This may result in user data from one session being exposed to another user. This has been patched in version 2.2.2. | ||||
| CVE-2025-54042 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Xfinitysoft WP Post Hide wp-post-hide allows Cross Site Request Forgery.This issue affects WP Post Hide: from n/a through <= 1.0.9. | ||||
| CVE-2025-54038 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in jetmonsters Restaurant Menu by MotoPress mp-restaurant-menu allows Cross Site Request Forgery.This issue affects Restaurant Menu by MotoPress: from n/a through <= 2.4.6. | ||||
| CVE-2025-54037 | 2 Blazethemes, Wordpress | 2 News Kit Elementor Addons, Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in blazethemes News Kit Elementor Addons news-kit-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects News Kit Elementor Addons: from n/a through <= 1.3.4. | ||||
| CVE-2024-34532 | 1 Query Deluxe | 1 Query Deluxe | 2026-04-15 | 9.8 Critical |
| A SQL injection vulnerability in Yvan Dotet PostgreSQL Query Deluxe module (aka query_deluxe) 17.x before 17.0.0.4 allows a remote attacker to gain privileges via the query parameter to models/querydeluxe.py:QueryDeluxe::get_result_from_query. | ||||
| CVE-2024-23727 | 1 Kamivision | 1 Yi Iot | 2026-04-15 | 8.4 High |
| The YI Smart Kami Vision com.kamivision.yismart application through 1.0.0_20231219 for Android allows a remote attacker to execute arbitrary JavaScript code via an implicit intent to the com.ants360.yicamera.activity.WebViewActivity component. | ||||
| CVE-2025-54036 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Webba Appointment Booking Webba Booking webba-booking-lite allows Cross Site Request Forgery.This issue affects Webba Booking: from n/a through <= 5.1.20. | ||||
| CVE-2024-1718 | 2026-04-15 | 5.3 Medium | ||
| The Claudio Sanches – Checkout Cielo for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to insufficient payment validation in the update_order_status() function in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to update the status of orders to paid bypassing payment. | ||||
| CVE-2025-6833 | 2 Codebangers, Wordpress | 2 All In One Time Clock Lite, Wordpress | 2026-04-15 | 4.3 Medium |
| The All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0 via the 'aio_time_clock_lite_js' AJAX action due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with subscriber access and above, to clock other users in and out. | ||||
| CVE-2025-64151 | 2 Microsoft, Roboticsware | 5 Windows, Ba-panel6, Fa-panel6 and 2 more | 2026-04-15 | N/A |
| Multiple Roboticsware products provided by Roboticsware PTE. LTD. register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege. | ||||
| CVE-2025-54032 | 2 Webcodingplace, Wordpress | 2 Real Estate Manager, Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebCodingPlace Real Estate Manager Pro real-estate-manager-pro allows Reflected XSS.This issue affects Real Estate Manager Pro: from n/a through <= 12.7.3. | ||||
| CVE-2025-54031 | 2 Schiocco, Wordpress | 2 Support Board, Wordpress | 2026-04-15 | N/A |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Schiocco Support Board supportboard allows PHP Local File Inclusion.This issue affects Support Board: from n/a through <= 3.8.0. | ||||
| CVE-2024-2198 | 2026-04-15 | 6.1 Medium | ||
| The Contact Form by BestWebSoft plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘cntctfrm_contact_address’ parameter in all versions up to, and including, 4.2.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2025-54030 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in WesternDeal WooCommerce Google Sheet Connector wc-gsheetconnector allows Cross Site Request Forgery.This issue affects WooCommerce Google Sheet Connector: from n/a through <= 1.3.20. | ||||
| CVE-2023-46295 | 1 Teledyne | 1 Flir M300 | 2026-04-15 | 9.8 Critical |
| An issue was discovered in Teledyne FLIR M300 2.00-19. Unauthenticated remote code execution can occur in the web server. An attacker can exploit this by sending a POST request to the vulnerable PHP page. An attacker can elevate to root permissions with Sudo. | ||||
| CVE-2025-54029 | 2026-04-15 | N/A | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in extendons WooCommerce csv import export extendons-eo-wooimport-export allows Path Traversal.This issue affects WooCommerce csv import export: from n/a through <= 2.0.6. | ||||
| CVE-2025-54028 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Saleswonder Team: Tobias CF7 WOW Styler cf7-styler allows PHP Local File Inclusion.This issue affects CF7 WOW Styler: from n/a through <= 1.7.2. | ||||