Export limit exceeded: 341810 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 341810 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (341810 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-28038 | 2 Brainstormforce, Wordpress | 2 Ultimate Addons For Wpbakery Page Builder, Wordpress | 2026-04-01 | 6.5 Medium |
| Missing Authorization vulnerability in Brainstorm_Force Ultimate Addons for WPBakery Page Builder ultimate_vc_addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Addons for WPBakery Page Builder: from n/a through < 3.21.1. | ||||
| CVE-2026-27750 | 2 Avira, Gen Digital | 3 Avira Internet Security Suite, Internet Security, Avira Internet Security | 2026-04-01 | 7.8 High |
| Avira Internet Security contains a time-of-check time-of-use (TOCTOU) vulnerability in the Optimizer component. A privileged service running as SYSTEM identifies directories for cleanup during a scan phase and subsequently deletes them during a separate cleanup phase without revalidating the target path. A local attacker can replace a previously scanned directory with a junction or reparse point before deletion occurs, causing the privileged process to delete an unintended system location. This may result in deletion of protected files or directories and can lead to local privilege escalation, denial of service, or system integrity compromise depending on the affected target. | ||||
| CVE-2026-27749 | 2 Avira, Gen Digital | 3 Avira Internet Security Suite, Internet Security, Avira Internet Security | 2026-04-01 | 7.8 High |
| Avira Internet Security contains a deserialization of untrusted data vulnerability in the System Speedup component. The Avira.SystemSpeedup.RealTimeOptimizer.exe process, which runs with SYSTEM privileges, deserializes data from a file located in C:\\ProgramData using .NET BinaryFormatter without implementing input validation or deserialization safeguards. Because the file can be created or modified by a local user in default configurations, an attacker can supply a crafted serialized payload that is deserialized by the privileged process, resulting in arbitrary code execution as SYSTEM. | ||||
| CVE-2026-27748 | 2 Avira, Gen Digital | 3 Avira Internet Security Suite, Internet Security, Avira Internet Security | 2026-04-01 | 7.8 High |
| Avira Internet Security contains an improper link resolution vulnerability in the Software Updater component. During the update process, a privileged service running as SYSTEM deletes a file under C:\\ProgramData without validating whether the path resolves through a symbolic link or reparse point. A local attacker can create a malicious link to redirect the delete operation to an arbitrary file, resulting in deletion of attacker-chosen files with SYSTEM privileges. This may lead to local privilege escalation, denial of service, or system integrity compromise depending on the targeted file and operating system configuration. | ||||
| CVE-2026-27440 | 2 Saadiqbal, Wordpress | 2 Mycred, Wordpress | 2026-04-01 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saad Iqbal myCred mycred allows Stored XSS.This issue affects myCred: from n/a through <= 2.9.7.6. | ||||
| CVE-2026-27387 | 2 Designinvento, Wordpress | 2 Directorypress, Wordpress | 2026-04-01 | 5.4 Medium |
| Missing Authorization vulnerability in Designinvento DirectoryPress directorypress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DirectoryPress: from n/a through <= 3.6.26. | ||||
| CVE-2026-27368 | 2 Seedprod, Wordpress | 2 Coming Soon Page, Under Construction & Maintenance Mode, Wordpress | 2026-04-01 | 5.3 Medium |
| Missing Authorization vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd coming-soon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a through <= 6.19.8. | ||||
| CVE-2026-27360 | 2 10web, Wordpress | 2 Photo Gallery, Wordpress | 2026-04-01 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 10Web Photo Gallery by 10Web photo-gallery allows Stored XSS.This issue affects Photo Gallery by 10Web: from n/a through <= 1.8.38. | ||||
| CVE-2026-27327 | 2 Wordpress, Yaycommerce | 2 Wordpress, Yaymail – Woocommerce Email Customizer | 2026-04-01 | 4.3 Medium |
| Missing Authorization vulnerability in YayCommerce YayMail yaymail allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YayMail: from n/a through <= 4.3.2. | ||||
| CVE-2026-27092 | 2 Greg Winiarski, Wordpress | 2 Wpadverts, Wordpress | 2026-04-01 | 6.5 Medium |
| Missing Authorization vulnerability in Greg Winiarski WPAdverts wpadverts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPAdverts: from n/a through <= 2.3.0. | ||||
| CVE-2026-27066 | 2 Pi Web Solution, Wordpress | 2 Live Sales Notification For Woocommerce, Wordpress | 2026-04-01 | 5.3 Medium |
| Missing Authorization vulnerability in PI Web Solution Live sales notification for WooCommerce live-sales-notifications-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live sales notification for WooCommerce: from n/a through <= 2.3.49. | ||||
| CVE-2026-27056 | 2 Stellarwp, Wordpress | 2 Ithemes Sync, Wordpress | 2026-04-01 | 4.3 Medium |
| Missing Authorization vulnerability in StellarWP iThemes Sync ithemes-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iThemes Sync: from n/a through <= 3.2.8. | ||||
| CVE-2026-25472 | 2 Themefusion, Wordpress | 2 Fusion Builder, Wordpress | 2026-04-01 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeFusion Fusion Builder fusion-builder allows Stored XSS.This issue affects Fusion Builder: from n/a through <= 3.14.1. | ||||
| CVE-2026-25451 | 2 Bold-themes, Wordpress | 2 Bold Page Builder, Wordpress | 2026-04-01 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Page Builder bold-page-builder allows Stored XSS.This issue affects Bold Page Builder: from n/a through <= 5.6.9. | ||||
| CVE-2026-25423 | 2 Creativeinteractivemedia, Wordpress | 2 Real3d Flipbook, Wordpress | 2026-04-01 | 3.8 Low |
| Missing Authorization vulnerability in creativeinteractivemedia Real 3D FlipBook real3d-flipbook-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Real 3D FlipBook: from n/a through <= 4.19.1. | ||||
| CVE-2026-25419 | 2 Flycart, Wordpress | 2 Upsellwp, Wordpress | 2026-04-01 | 4.3 Medium |
| Missing Authorization vulnerability in flycart UpsellWP checkout-upsell-and-order-bumps allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UpsellWP: from n/a through <= 2.2.5. | ||||
| CVE-2026-25418 | 2 Bitpressadmin, Wordpress | 2 Bit Form, Wordpress | 2026-04-01 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bit Apps Bit Form bit-form allows SQL Injection.This issue affects Bit Form: from n/a through <= 2.21.10. | ||||
| CVE-2026-25392 | 2 Kaizencoders, Wordpress | 2 Update Urls – Quick And Easy Way To Search Old Links And Replace Them With New Links In Wordpress, Wordpress | 2026-04-01 | 4.7 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in KaizenCoders Update URLs – Quick and Easy way to search old links and replace them with new links in WordPress update-urls allows Phishing.This issue affects Update URLs – Quick and Easy way to search old links and replace them with new links in WordPress: from n/a through <= 1.4.1. | ||||
| CVE-2026-25315 | 2 Hcaptcha, Wordpress | 2 Hcaptcha For Wp, Wordpress | 2026-04-01 | 5.3 Medium |
| Missing Authorization vulnerability in hcaptcha hCaptcha for WP hcaptcha-for-forms-and-more allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects hCaptcha for WP: from n/a through <= 4.21.1. | ||||
| CVE-2026-24636 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 4.3 Medium |
| Missing Authorization vulnerability in Syed Balkhi Sugar Calendar (Lite) sugar-calendar-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sugar Calendar (Lite): from n/a through <= 3.9.1. | ||||