Export limit exceeded: 342216 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 342216 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (342216 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-26937 | 2026-04-01 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins Icon List Block icon-list-block allows Stored XSS.This issue affects Icon List Block: from n/a through <= 1.1.3. | ||||
| CVE-2024-1249 | 1 Redhat | 15 Amq Broker, Amq Streams, Build Keycloak and 12 more | 2026-04-01 | 7.4 High |
| A flaw was found in Keycloak's OIDC component in the "checkLoginIframe," which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origin validation for incoming messages. | ||||
| CVE-2025-26936 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Improper Control of Generation of Code ('Code Injection') vulnerability in FRESHFACE Fresh Framework fresh-framework allows Code Injection.This issue affects Fresh Framework: from n/a through <= 1.70.0. | ||||
| CVE-2025-26935 | 1 Wpjobportal | 1 Wp Job Portal | 2026-04-01 | 8.8 High |
| Path Traversal: '.../...//' vulnerability in wpjobportal WP Job Portal wp-job-portal allows PHP Local File Inclusion.This issue affects WP Job Portal: from n/a through <= 2.2.8. | ||||
| CVE-2025-26934 | 2026-04-01 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in graphthemes Glossy Blog glossy-blog allows Stored XSS.This issue affects Glossy Blog: from n/a through <= 1.0.3. | ||||
| CVE-2025-26933 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Nitin Prakash WC Place Order Without Payment wc-place-order-without-payment allows PHP Local File Inclusion.This issue affects WC Place Order Without Payment: from n/a through <= 2.6.7. | ||||
| CVE-2025-26932 | 2 Quantumcloud, Wordpress | 3 Chatbot, Wpbot, Wordpress | 2026-04-01 | N/A |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in QuantumCloud ChatBot chatbot allows PHP Local File Inclusion.This issue affects ChatBot: from n/a through <= 6.3.5. | ||||
| CVE-2025-26931 | 2026-04-01 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Software Tribulant Gallery Voting gallery-voting allows Stored XSS.This issue affects Tribulant Gallery Voting: from n/a through <= 1.2.1. | ||||
| CVE-2025-26930 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in alleythemes Home Services home-services allows DOM-Based XSS.This issue affects Home Services: from n/a through <= 1.2.6. | ||||
| CVE-2025-26929 | 2026-04-01 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bastien Ho Accounting for WooCommerce accounting-for-woocommerce allows Stored XSS.This issue affects Accounting for WooCommerce: from n/a through <= 1.6.8. | ||||
| CVE-2025-26928 | 2026-04-01 | N/A | ||
| Missing Authorization vulnerability in Xfinitysoft Order Limit for WooCommerce wc-order-limit-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Limit for WooCommerce: from n/a through <= 3.0.2. | ||||
| CVE-2025-26927 | 2 Epc, Wordpress | 2 Ai Hub Plugin, Wordpress | 2026-04-01 | N/A |
| Unrestricted Upload of File with Dangerous Type vulnerability in LiquidThemes AI Hub aihub allows Upload a Web Shell to a Web Server.This issue affects AI Hub: from n/a through <= 1.3.7. | ||||
| CVE-2025-26926 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in fs-code Booknetic booknetic.This issue affects Booknetic: from n/a through <= 4.0.9. | ||||
| CVE-2025-26924 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Improper Control of Generation of Code ('Code Injection') vulnerability in colabrio Ohio Extra ohio-extra allows Code Injection.This issue affects Ohio Extra: from n/a through <= 3.4.7. | ||||
| CVE-2025-26923 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bastien Ho Event post event-post allows Stored XSS.This issue affects Event post: from n/a through <= 5.9.8. | ||||
| CVE-2025-26922 | 2026-04-01 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in techthemes AuraMart auramart allows Stored XSS.This issue affects AuraMart: from n/a through <= 2.0.7. | ||||
| CVE-2025-26921 | 2026-04-01 | N/A | ||
| Deserialization of Untrusted Data vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Object Injection.This issue affects Booking and Rental Manager: from n/a through <= 2.2.6. | ||||
| CVE-2025-26920 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Missing Authorization vulnerability in pressmaximum Customify customify-theme allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Customify: from n/a through <= 0.4.8. | ||||
| CVE-2025-26919 | 2026-04-01 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tainacan Tainá taina allows Stored XSS.This issue affects Tainá: from n/a through < 0.2.5. | ||||
| CVE-2025-26918 | 1 Eniture | 1 Small Package Quotes | 2026-04-01 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in enituretechnology Small Package Quotes – Unishippers Edition small-package-quotes-unishippers-edition allows Reflected XSS.This issue affects Small Package Quotes – Unishippers Edition: from n/a through <= 2.4.9. | ||||