Export limit exceeded: 344977 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344977 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-52376 | 1 Cmsminds | 1 Boat Rental Plugin For Wordpress | 2026-04-15 | N/A |
| Unrestricted Upload of File with Dangerous Type vulnerability in cmsMinds Boat Rental Plugin for WordPress boat-rental-system allows Upload a Web Shell to a Web Server.This issue affects Boat Rental Plugin for WordPress: from n/a through <= 1.0.1. | ||||
| CVE-2024-52377 | 1 Bdthemes | 1 Instant Image Generator | 2026-04-15 | N/A |
| Unrestricted Upload of File with Dangerous Type vulnerability in bdthemes Instant Image Generator ai-image allows Upload a Web Shell to a Web Server.This issue affects Instant Image Generator: from n/a through <= 1.5.2. | ||||
| CVE-2024-52378 | 1 Labs64 | 1 Digipass | 2026-04-15 | N/A |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in labs64 DigiPass digipass allows Absolute Path Traversal.This issue affects DigiPass: from n/a through <= 0.3.0. | ||||
| CVE-2024-52379 | 1 Kinetic Innovative Technologies Sdn Bhd | 1 Kineticpay For Woocommerce | 2026-04-15 | N/A |
| Unrestricted Upload of File with Dangerous Type vulnerability in faizalbahasan kineticPay for WooCommerce kineticpay-for-woocommerce allows Upload a Web Shell to a Web Server.This issue affects kineticPay for WooCommerce: from n/a through <= 2.0.8. | ||||
| CVE-2024-52382 | 1 Medmatechnologies | 1 Matix Popup Builder | 2026-04-15 | N/A |
| Missing Authorization vulnerability in medmatech Matix Popup Builder medma-matix allows Privilege Escalation.This issue affects Matix Popup Builder: from n/a through <= 1.0.0. | ||||
| CVE-2024-52383 | 1 Kct | 1 Ai Auto Tool Content Writing Assistant | 2026-04-15 | N/A |
| Missing Authorization vulnerability in aitool Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One ai-auto-tool allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One: from n/a through <= 2.1.2. | ||||
| CVE-2024-52384 | 1 Sageai | 1 Sage Ai | 2026-04-15 | N/A |
| Unrestricted Upload of File with Dangerous Type vulnerability in wpmonks Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation ai-content-generator allows Upload a Web Shell to a Web Server.This issue affects Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation: from n/a through <= 2.4.9. | ||||
| CVE-2024-36282 | 1 Intel | 1 Server Board S2600st Firmware | 2026-04-15 | 8.2 High |
| Improper input validation in the Intel(R) Server Board S2600ST Family BIOS and Firmware Update software all versions may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-52391 | 1 Genetechsolutions | 1 Pie Register | 2026-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in Genetech Pie Register Premium.This issue affects Pie Register Premium: from n/a before 3.8.3.3. | ||||
| CVE-2025-62950 | 2 Contest Gallery, Wordpress | 2 Contest Gallery, Wordpress | 2026-04-15 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Cross Site Request Forgery.This issue affects Contest Gallery: from n/a through <= 28.0.0. | ||||
| CVE-2024-13786 | 2026-04-15 | 9.8 Critical | ||
| The education theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.6.10 via deserialization of untrusted input in the 'themerex_callback_view_more_posts' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. | ||||
| CVE-2024-52398 | 1 Halyra | 1 Cdi | 2026-04-15 | N/A |
| Unrestricted Upload of File with Dangerous Type vulnerability in Halyra CDI collect-and-deliver-interface-for-woocommerce.This issue affects CDI: from n/a through <= 5.5.3. | ||||
| CVE-2024-36283 | 2026-04-15 | 6.7 Medium | ||
| Uncontrolled search path for the Intel(R) Thread Director Visualizer software before version 1.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-52402 | 1 Cliconomics | 1 Exclusive Content Password Protect | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in gunghoinc Exclusive Content Password Protect exclusive-content-password-protect allows Upload a Web Shell to a Web Server.This issue affects Exclusive Content Password Protect: from n/a through <= 1.1.0. | ||||
| CVE-2024-52403 | 1 Wpexperts | 1 User Management | 2026-04-15 | N/A |
| Unrestricted Upload of File with Dangerous Type vulnerability in Saad Iqbal User Management user-management allows Upload a Web Shell to a Web Server.This issue affects User Management: from n/a through <= 1.1. | ||||
| CVE-2024-52404 | 1 Bigfive | 1 Contact Form 7 | 2026-04-15 | N/A |
| Unrestricted Upload of File with Dangerous Type vulnerability in bigfiveagency CF7 Reply Manager cf7-reply-manager.This issue affects CF7 Reply Manager: from n/a through <= 1.2.3. | ||||
| CVE-2024-36285 | 2026-04-15 | 5.6 Medium | ||
| Race condition in some Intel(R) PROSet/Wireless WiFi and Killerâ„¢ WiFi software for Windows before version 23.80 may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2024-52407 | 1 Codesavory | 1 Basepress Migration Tools | 2026-04-15 | N/A |
| Unrestricted Upload of File with Dangerous Type vulnerability in BasePress BasePress Migration Tools basepress-migration-tools allows Upload a Web Shell to a Web Server.This issue affects BasePress Migration Tools: from n/a through <= 1.0.0. | ||||
| CVE-2024-52408 | 1 Pushassist | 1 Push Notifications | 2026-04-15 | N/A |
| Unrestricted Upload of File with Dangerous Type vulnerability in pushassist Push Notifications for WordPress by PushAssist push-notification-for-wp-by-pushassist allows Upload a Web Shell to a Web Server.This issue affects Push Notifications for WordPress by PushAssist: from n/a through <= 3.0.8. | ||||
| CVE-2024-13787 | 2026-04-15 | 9.8 Critical | ||
| The VEDA - MultiPurpose WordPress Theme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.2 via deserialization of untrusted input in the 'veda_backup_and_restore_action' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. | ||||