Export limit exceeded: 345459 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345459 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-22359 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pjfc SyncFields syncfields allows Reflected XSS.This issue affects SyncFields: from n/a through <= 2.1. | ||||
| CVE-2025-2236 | 2026-04-15 | N/A | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in OpenText Advanced Authentication allows Information Elicitation. The vulnerability could reveal sensitive information while managing and configuring of the external services. This issue affects Advanced Authentication versions before 6.5. | ||||
| CVE-2024-51572 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shawfactor LH QR Codes lh-qr-codes allows Stored XSS.This issue affects LH QR Codes: from n/a through <= 1.06. | ||||
| CVE-2014-125126 | 2026-04-15 | N/A | ||
| An unrestricted file upload vulnerability exists in Simple E-Document versions 3.0 to 3.1 that allows an unauthenticated attacker to bypass authentication by sending a specific cookie header (access=3) with HTTP requests. The application’s upload mechanism fails to restrict file types and does not validate or sanitize user-supplied input, allowing attackers to upload malicious .php scripts. Authentication can be bypassed entirely by supplying a specially crafted cookie (access=3), granting access to the upload functionality without valid credentials. If file uploads are enabled on the server, the attacker can upload a web shell and gain remote code execution with the privileges of the web server user, potentially leading to full system compromise. | ||||
| CVE-2024-51573 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ersatzpole ML Responsive Audio player with playlist Shortcode mlr-audio allows Stored XSS.This issue affects ML Responsive Audio player with playlist Shortcode: from n/a through <= 0.2. | ||||
| CVE-2025-12290 | 1 Sui Shang Information Technology | 1 Multi-user Mall System | 2026-04-15 | 4.3 Medium |
| A vulnerability has been found in Sui Shang Information Technology Suishang Enterprise-Level B2B2C Multi-User Mall System 1.0. Affected by this issue is some unknown functionality of the file /i/359. The manipulation of the argument keywords leads to cross site scripting. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-22812 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aezaz Shaikh News Ticker Widget for Elementor news-ticker-widget-for-elementor allows Stored XSS.This issue affects News Ticker Widget for Elementor: from n/a through <= 1.3.2. | ||||
| CVE-2024-51574 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Simple Goods Simple Goods simple-goods allows Stored XSS.This issue affects Simple Goods: from n/a through <= 0.1.3. | ||||
| CVE-2024-51575 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Md. Abdullah Al Masum Extender All In One For Elementor extender-all-in-one-for-elementor allows Stored XSS.This issue affects Extender All In One For Elementor: from n/a through <= 1.0.3. | ||||
| CVE-2024-51579 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saleswonder Team: Tobias 5 Stars Rating Funnel 5-stars-rating-funnel.This issue affects 5 Stars Rating Funnel: from n/a through <= 1.4.01. | ||||
| CVE-2025-12304 | 1 Time-sea-plus | 1 Time-sea-plus | 2026-04-15 | 4.3 Medium |
| A vulnerability has been found in dulaiduwang003 TIME-SEA-PLUS up to fb299162f18498dd9cf17da906886d80a077d53b. This affects the function alipayIsSucceed of the file PayController.java of the component Order Status Handler. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-14184 | 1 Sgai | 1 Space1 Nas N1211ds | 2026-04-15 | 6.3 Medium |
| A vulnerability was determined in SGAI Space1 NAS N1211DS up to 1.0.915. Impacted is the function RENAME_FILE/OPERATE_FILE/NGNIX_UPLOAD of the file /cgi-bin/JSONAPI of the component gsaiagent. This manipulation causes command injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-51607 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in percent20 Golf Tracker golf-tracker allows SQL Injection.This issue affects Golf Tracker: from n/a through <= 0.7. | ||||
| CVE-2024-51612 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designerken Reftagger Shortcode reftagger-shortcode allows Stored XSS.This issue affects Reftagger Shortcode: from n/a through <= 1.1. | ||||
| CVE-2024-20416 | 2026-04-15 | 6.5 Medium | ||
| A vulnerability in the upload module of Cisco RV340 and RV345 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to insufficient boundary checks when processing specific HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system of the device. | ||||
| CVE-2024-51614 | 2 Aajoda, Wordpress | 2 Aajoda Testimonials, Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aajoda Aajoda Testimonials aajoda-testimonials allows Stored XSS.This issue affects Aajoda Testimonials: from n/a through <= 2.2.2. | ||||
| CVE-2025-22469 | 1 Sato | 4 Cl4nx-j Plus, Cl4nx Plus, Cl6nx-j Plus and 1 more | 2026-04-15 | N/A |
| OS command injection vulnerability exists in CL4/6NX Plus and CL4/6NX-J Plus (Japan model) with the firmware versions prior to 1.15.5-r1. An arbitrary OS command may be executed on the system with a certain non-administrative user privilege. | ||||
| CVE-2024-51616 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rupok AwesomePress awesomepress allows Stored XSS.This issue affects AwesomePress: from n/a through <= 1.0. | ||||
| CVE-2023-47224 | 2026-04-15 | 7.5 High | ||
| Missing Authorization vulnerability in WP Travel WP Travel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Travel: from n/a through 7.8.0. | ||||
| CVE-2024-51617 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Clyp Clyp clyp allows Stored XSS.This issue affects Clyp: from n/a through <= 1.3. | ||||