Export limit exceeded: 23956 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 349004 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 349004 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (349004 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-35588 | 1 Nicolargo | 1 Glances | 2026-04-22 | 6.3 Medium |
| Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, the Cassandra export module (`glances/exports/glances_cassandra/__init__.py`) interpolates `keyspace`, `table`, and `replication_factor` configuration values directly into CQL statements without validation. A user with write access to `glances.conf` can redirect all monitoring data to an attacker-controlled Cassandra keyspace. Version 4.5.4 contains a fix. | ||||
| CVE-2026-35196 | 1 Chamilo | 1 Chamilo Lms | 2026-04-22 | 8.8 High |
| Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, an OS Command Injection vulnerability exists in the main/inc/ajax/gradebook.ajax.php endpoint within the export_all_certificates action, where the course code retrieved from the session variable $_SESSION['_cid'] via api_get_course_id() is concatenated directly into a shell_exec() command string without sanitization or escaping using escapeshellarg(). If an attacker can manipulate or poison their session data to inject shell metacharacters into the _cid variable, they can achieve arbitrary command execution on the underlying server. Successful exploitation grants full access to read system files and credentials, alters the application and database, or disrupts server availability. This issue has been fixed in version 2.0.0-RC.3. | ||||
| CVE-2026-40291 | 1 Chamilo | 1 Chamilo Lms | 2026-04-22 | 8.8 High |
| Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, an insecure direct object modification vulnerability in the PUT /api/users/{id} endpoint allows any authenticated user with ROLE_STUDENT to escalate their privileges to ROLE_ADMIN by modifying the roles field on their own user record. The API Platform security expression is_granted('EDIT', object) only verifies record ownership, and the roles field is included in the writable serialization group, enabling any user to set arbitrary roles such as ROLE_ADMIN. Successful exploitation grants full administrative control of the platform, including access to all courses, user data, grades, and administrative settings. This issue has been fixed in version 2.0.0-RC.3. | ||||
| CVE-2026-32646 | 2 Gardyn, Mygardyn | 2 Cloud Api, Cloud Api | 2026-04-22 | 7.5 High |
| A specific administrative endpoint is accessible without proper authentication, exposing device management functions. | ||||
| CVE-2026-28767 | 2 Gardyn, Mygardyn | 2 Cloud Api, Cloud Api | 2026-04-22 | 5.3 Medium |
| A specific administrative endpoint notifications is accessible without proper authentication. | ||||
| CVE-2026-28766 | 2 Gardyn, Mygardyn | 2 Cloud Api, Cloud Api | 2026-04-22 | 9.3 Critical |
| A specific endpoint exposes all user account information for registered Gardyn users without requiring authentication. | ||||
| CVE-2026-26058 | 1 Zulip | 1 Zulip | 2026-04-22 | 6.1 Medium |
| Zulip is an open-source team collaboration tool. From version 1.4.0 to before version 11.6, ./manage.py import reads arbitrary files from the server filesystem via path traversal in uploads/records.json. A crafted export tarball causes the server to copy any file the zulip user can read into the uploads directory during import. This issue has been patched in version 11.6. | ||||
| CVE-2026-25197 | 2 Gardyn, Mygardyn | 2 Cloud Api, Cloud Api | 2026-04-22 | 9.1 Critical |
| A specific endpoint allows authenticated users to pivot to other user profiles by modifying the id number in the API call. | ||||
| CVE-2026-32662 | 2 Gardyn, Mygardyn | 2 Cloud Api, Cloud Api | 2026-04-22 | 5.3 Medium |
| Development and test API endpoints are present that mirror production functionality. | ||||
| CVE-2026-34511 | 1 Openclaw | 1 Openclaw | 2026-04-22 | 5.3 Medium |
| OpenClaw before 2026.4.2 reuses the PKCE verifier as the OAuth state parameter in the Gemini OAuth flow, exposing it through the redirect URL. Attackers who capture the redirect URL can obtain both the authorization code and PKCE verifier, defeating PKCE protection and enabling token redemption. | ||||
| CVE-2026-34773 | 2 Electron, Electronjs | 2 Electron, Electron | 2026-04-22 | 4.7 Medium |
| Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0, on Windows, app.setAsDefaultProtocolClient(protocol) did not validate the protocol name before writing to the registry. Apps that pass untrusted input as the protocol name may allow an attacker to write to arbitrary subkeys under HKCU\Software\Classes\, potentially hijacking existing protocol handlers. Apps are only affected if they call app.setAsDefaultProtocolClient() with a protocol name derived from external or untrusted input. Apps that use a hardcoded protocol name are not affected. This issue has been patched in versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0. | ||||
| CVE-2025-0837 | 1 Themerex | 1 Puzzles | 2026-04-22 | 6.4 Medium |
| The Puzzles theme for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 4.2.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-0924 | 1 Melapress | 1 Wp Activity Log | 2026-04-22 | 7.2 High |
| The WP Activity Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘message’ parameter in all versions up to, and including, 5.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-1065 | 2026-04-22 | 6.4 Medium | ||
| The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Import Data From File feature in all versions up to, and including, 3.11.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-0968 | 1 Wpmet | 1 Elementskit Elementor Addons | 2026-04-22 | 5.3 Medium |
| The ElementsKit Elementor addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.0 due to a missing capability checks on the get_megamenu_content() function. This makes it possible for unauthenticated attackers to view any item created in Elementor, such as posts, pages and templates including drafts, trashed and private items. | ||||
| CVE-2025-1483 | 1 Wwexgroup | 1 Ltl Freight Quotes | 2026-04-22 | 5.3 Medium |
| The LTL Freight Quotes – GlobalTranz Edition plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the engtz_wd_save_dropship AJAX endpoint in all versions up to, and including, 2.3.12. This makes it possible for unauthenticated attackers to update the drop shipping settings. | ||||
| CVE-2025-1039 | 1 Wpmaspik | 1 Lenix Leads Collector | 2026-04-22 | 7.2 High |
| The Lenix Elementor Leads addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a URL form field in all versions up to, and including, 1.8.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-1511 | 1 Wpeverest | 1 User Registration | 2026-04-22 | 6.1 Medium |
| The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 4.0.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2025-1306 | 2026-04-22 | 8.8 High | ||
| The Newscrunch theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.4. This is due to missing or incorrect nonce validation on the newscrunch_install_and_activate_plugin() function. This makes it possible for unauthenticated attackers to upload arbitrary files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-1435 | 2026-04-22 | 6.3 Medium | ||
| The bbPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.11. This is due to missing or incorrect nonce validation on the bbp_user_add_role_on_register() function. This makes it possible for unauthenticated attackers to elevate their privileges to that of a bbPress Keymaster via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Rather than implementing a nonce check to provide protection against this vulnerability, which would break functionality, the plugin no longer makes it possible to select a role during registration. | ||||