Export limit exceeded: 21444 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 345222 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345222 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-49192 | 2026-04-15 | 5.3 Medium | ||
| Missing Authorization vulnerability in Clever Widgets Enhanced Text Widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Enhanced Text Widget: from n/a through 1.6.3. | ||||
| CVE-2023-49193 | 1 Nerdpress | 1 Social Pug Wordpress | 2026-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in NerdPress Social Pug allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Social Pug: from n/a through 1.30.0. | ||||
| CVE-2023-49194 | 1 Woocommerce | 1 Dropshipping | 2026-04-15 | 5.3 Medium |
| Insertion of Sensitive Information Into Debugging Code vulnerability in Importify Importify (Dropshipping WooCommerce) allows Retrieve Embedded Sensitive Data.This issue affects Importify (Dropshipping WooCommerce): from n/a through 1.0.4. | ||||
| CVE-2023-49196 | 2026-04-15 | 4.3 Medium | ||
| Missing Authorization vulnerability in Pagelayer Team PageLayer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PageLayer: from n/a through 1.7.7. | ||||
| CVE-2025-46542 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeXpert Xpert Tab xpert-tab allows Stored XSS.This issue affects Xpert Tab: from n/a through <= 1.3. | ||||
| CVE-2025-12660 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.4 Medium |
| The Padlet Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'key' parameter in the 'wallwisher' shortcode in all versions up to, and including, 1.3. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-66137 | 2 Merkulove, Wordpress | 2 Searcher For Elementor, Wordpress | 2026-04-15 | 8.8 High |
| Missing Authorization vulnerability in merkulove Searcher for Elementor searcher-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Searcher for Elementor: from n/a through <= 1.0.3. | ||||
| CVE-2025-58783 | 2 Gutentor, Wordpress | 2 Gutentor, Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in gutentor Gutentor gutentor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutentor: from n/a through <= 3.5.5. | ||||
| CVE-2025-3056 | 2026-04-15 | 5.4 Medium | ||
| The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.3.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | ||||
| CVE-2025-58781 | 2026-04-15 | N/A | ||
| WTW-EAGLE App does not properly validate server certificates, which may allow a man-in-the-middle attacker to monitor encrypted traffic. | ||||
| CVE-2025-68762 | 1 Linux | 1 Linux Kernel | 2026-04-15 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: net: netpoll: initialize work queue before error checks Prevent a kernel warning when netconsole setup fails on devices with IFF_DISABLE_NETPOLL flag. The warning (at kernel/workqueue.c:4242 in __flush_work) occurs because the cleanup path tries to cancel an uninitialized work queue. When __netpoll_setup() encounters a device with IFF_DISABLE_NETPOLL, it fails early and calls skb_pool_flush() for cleanup. This function calls cancel_work_sync(&np->refill_wq), but refill_wq hasn't been initialized yet, triggering the warning. Move INIT_WORK() to the beginning of __netpoll_setup(), ensuring the work queue is properly initialized before any potential failure points. This allows the cleanup path to safely cancel the work queue regardless of where the setup fails. | ||||
| CVE-2025-66136 | 2 Merkulove, Wordpress | 2 Carter For Elementor, Wordpress | 2026-04-15 | 8.8 High |
| Missing Authorization vulnerability in merkulove Carter for Elementor carter-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Carter for Elementor: from n/a through <= 1.0.2. | ||||
| CVE-2025-58780 | 1 Sciencelogic | 1 Sl1 | 2026-04-15 | 7.2 High |
| index.em7 in ScienceLogic SL1 before 12.1.1 allows SQL Injection via a parameter in a request. NOTE: this is disputed by the Supplier because it "inaccurately describes the vulnerability." | ||||
| CVE-2025-66135 | 2 Merkulove, Wordpress | 2 Imager For Elementor, Wordpress | 2026-04-15 | 8.8 High |
| Missing Authorization vulnerability in merkulove Imager for Elementor imager-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Imager for Elementor: from n/a through <= 2.0.4. | ||||
| CVE-2025-58778 | 1 Ruijie | 1 Rg-est300 | 2026-04-15 | N/A |
| Multiple versions of RG-EST300 provided by Ruijie Networks provide SSH server functionality. It is not documented in the manual, and enabled in the initial configuration. Anyone with the knowledge of the related credentials can log in to the affected device, leading to information disclosure, altering the system configurations, or causing a denial of service (DoS) condition. | ||||
| CVE-2025-66086 | 2 Cozyvision, Wordpress | 2 Sms Alert Order Notifications, Wordpress | 2026-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in Cozy Vision SMS Alert Order Notifications sms-alert allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SMS Alert Order Notifications: from n/a through <= 3.8.8. | ||||
| CVE-2025-58673 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Control of Generation of Code ('Code Injection') vulnerability in weDevs WP User Frontend wp-user-frontend allows Code Injection.This issue affects WP User Frontend: from n/a through <= 4.1.12. | ||||
| CVE-2025-66087 | 2 Propertyhive, Wordpress | 2 Propertyhive, Wordpress | 2026-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in Property Hive PropertyHive propertyhive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PropertyHive: from n/a through <= 2.1.12. | ||||
| CVE-2025-68602 | 2 Scott Paterson, Wordpress | 2 Accept Donations With Paypal, Wordpress | 2026-04-15 | 6.1 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Scott Paterson Accept Donations with PayPal & Stripe easy-paypal-donation allows Phishing.This issue affects Accept Donations with PayPal & Stripe: from n/a through <= 1.5.2. | ||||
| CVE-2025-24514 | 1 Kubernetes | 1 Ingress-nginx | 2026-04-15 | 8.8 High |
| A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.) | ||||