Export limit exceeded: 347811 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347811 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-8689 | 2026-04-15 | N/A | ||
| A problem with the ActiveMQ integration for both Cortex XSOAR and Cortex XSIAM can result in the cleartext exposure of the configured ActiveMQ credentials in log bundles. | ||||
| CVE-2024-8693 | 1 Kaonmedia | 1 Cg3000 Firmware | 2026-04-15 | 2.4 Low |
| A vulnerability, which was classified as problematic, has been found in Kaon CG3000 1.01.43. Affected by this issue is some unknown functionality of the component dhcpcd Command Handler. The manipulation of the argument -h with the input <script>alert('XSS')</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-8705 | 2026-04-15 | 6.3 Medium | ||
| A vulnerability was found in Shandong Star Measurement and Control Equipment Heating Network Wireless Monitoring System 5.6.2 and classified as critical. Affected by this issue is the function GetDataKindByType of the file /DataSrvs/UCCGSrv.asmx. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-8707 | 1 Yunknet | 1 Yunke Online School System | 2026-04-15 | 4.3 Medium |
| A vulnerability was found in 云课网络科技有限公司 Yunke Online School System up to 3.0.6. It has been declared as problematic. This vulnerability affects the function downfile of the file application/admin/controller/Appadmin.php. The manipulation of the argument url leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-8717 | 2026-04-15 | 6.1 Medium | ||
| The PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer – DearFlip plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'pdf_source' parameter in all versions up to, and including, 2.3.32 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2024-8718 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.1 Medium |
| The Gravity Forms Toolbar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2025-64253 | 1 Wordpress | 2 Health Check & Troubleshooting, Wordpress | 2026-04-15 | 4.9 Medium |
| Path Traversal: '.../...//' vulnerability in WordPress.org Health Check & Troubleshooting health-check allows Path Traversal.This issue affects Health Check & Troubleshooting: from n/a through <= 1.7.1. | ||||
| CVE-2024-8721 | 2 Data443, Wordpress | 2 Tracking Code Manager, Wordpress | 2026-04-15 | 6.4 Medium |
| The Tracking Code Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the tracking code field in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-10309 is a duplicate of this issue. | ||||
| CVE-2024-8727 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.1 Medium |
| The DK PDF plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.9.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2024-8733 | 2026-04-15 | 8 High | ||
| A potential security vulnerability has been identified in the HP One Agent for certain HP PC products, which might allow for escalation of privilege. HP is releasing software updates to mitigate this potential vulnerability. | ||||
| CVE-2024-8751 | 1 Sick | 1 Msc800 Firmware | 2026-04-15 | 7.5 High |
| A vulnerability in the MSC800 allows an unauthenticated attacker to modify the product’s IP address over Sopas ET. This can lead to Denial of Service. Users are recommended to upgrade both MSC800 and MSC800 LFT to version V4.26 and S2.93.20 respectively which fixes this issue. | ||||
| CVE-2024-8756 | 1 Themecatcher | 1 Quform | 2026-04-15 | 5.3 Medium |
| The Quform - WordPress Form Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.20.0 via the 'saveUploadedFile' function. This makes it possible for unauthenticated attackers to extract sensitive data, such as Personally Identifiable Information, from files uploaded by users. Files uploaded via forms created before version 2.21.0 will remain vulnerable to exposure after upgrading. To fully patch the plugin, site administrators should download any previously uploaded files, delete previously existing files and forms, and create the forms again after upgrading to version 2.21.0. | ||||
| CVE-2024-8767 | 1 Acronis | 3 Backup Extension For Plesk, Backup Plugin For Cpanel \& Whm, Backup Plugin For Directadmin | 2026-04-15 | N/A |
| Sensitive data disclosure and manipulation due to unnecessary privileges assignment. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 619, Acronis Backup extension for Plesk (Linux) before build 555, Acronis Backup plugin for DirectAdmin (Linux) before build 147. | ||||
| CVE-2024-8772 | 2026-04-15 | 4.3 Medium | ||
| 51l3nc3, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API managedoverlayimages.cgi was vulnerable to a race condition attack allowing for an attacker to block access to the overlay configuration page in the web interface of the Axis device. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | ||||
| CVE-2024-8786 | 2026-04-15 | 6.1 Medium | ||
| The Auto Featured Image from Title plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2024-8860 | 2 Themefic, Wordpress | 2 Tourfic, Wordpress | 2026-04-15 | 4.3 Medium |
| The Tourfic plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tf_order_status_email_resend_function, tf_visitor_details_edit_function, tf_checkinout_details_edit_function, tf_order_status_edit_function, tf_order_bulk_action_edit_function, tf_remove_room_order_ids, and tf_delete_old_review_fields functions in all versions up to, and including, 2.14.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to resend order status emails, update visitor/order details, edit check-in/out details, edit order status, perform bulk order status updates, remove room order IDs, and delete old review fields, respectively. | ||||
| CVE-2024-8870 | 1 Fatcatapps | 1 Forms For Mailchimp By Optin Cat | 2026-04-15 | 6.1 Medium |
| The Forms for Mailchimp by Optin Cat – Grow Your MailChimp List plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.5.7. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2024-8871 | 2026-04-15 | 6.1 Medium | ||
| The Pricing Tables WordPress Plugin – Easy Pricing Tables plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.2.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2025-10127 | 1 Daikin | 1 Security Gateway | 2026-04-15 | 9.8 Critical |
| Daikin Europe N.V Security Gateway is vulnerable to an authorization bypass through a user-controlled key vulnerability that could allow an attacker to bypass authentication. An unauthorized attacker could access the system without prior credentials. | ||||
| CVE-2024-8885 | 1 Sophos | 1 Intercept X | 2026-04-15 | 8.8 High |
| A local privilege escalation vulnerability in Sophos Intercept X for Windows with Central Device Encryption 2024.2.0 and older allows writing of arbitrary files. | ||||