Export limit exceeded: 344942 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344942 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-24367 | 1 Wordpress | 1 Wordpress | 2026-04-16 | 8.8 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shinetheme Traveler traveler allows Blind SQL Injection.This issue affects Traveler: from n/a through < 3.2.8. | ||||
| CVE-2026-24371 | 2 Booking Algorithms, Wordpress | 2 Ba Book Everything, Wordpress | 2026-04-16 | 9.8 Critical |
| Missing Authorization vulnerability in bookingalgorithms BA Book Everything ba-book-everything allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BA Book Everything: from n/a through <= 1.8.16. | ||||
| CVE-2026-24374 | 2 Metagauss, Wordpress | 2 Registrationmagic, Wordpress | 2026-04-16 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Cross Site Request Forgery.This issue affects RegistrationMagic: from n/a through <= 6.0.6.9. | ||||
| CVE-2026-40245 | 1 Free5gc | 1 Free5gc | 2026-04-16 | 7.5 High |
| Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. Versions 4.2.1 and below contain an information disclosure vulnerability in the UDR (Unified Data Repository) service. The handler for GET /nudr-dr/v2/application-data/influenceData/subs-to-notify sends an HTTP 400 error response when required query parameters are missing but does not return afterward. Execution continues into the processor function, which queries the data repository and appends the full list of Traffic Influence Subscriptions, including SUPI/IMSI values, to the response body. An unauthenticated attacker with network access to the 5G Service Based Interface can retrieve stored subscriber identifiers with a single parameterless HTTP GET request. The SUPI is the most sensitive subscriber identifier in 5G networks, and its exposure undermines the privacy guarantees of the 3GPP SUCI concealment mechanism at the core network level. A similar bypass exists when sending a malformed snssai parameter due to the same missing return pattern. | ||||
| CVE-2026-5363 | 1 Tp-link | 1 Archer C7 | 2026-04-16 | N/A |
| Inadequate Encryption Strength vulnerability in TP-Link Archer C7 v5 and v5.8 (uhttpd modules) allows Password Recovery Exploitation. The web interface encrypts the admin password client-side using RSA-1024 before sending it to the router during login. An adjacent attacker with the ability to intercept network traffic could potentially perform a brute-force or factorization attack against the 1024-bit RSA key to recover the plaintext administrator password, leading to unauthorized access and compromise of the device configuration. This issue affects Archer C7: through Build 20220715. | ||||
| CVE-2026-24377 | 2 Posimyth, Wordpress | 2 Nexter Blocks, Wordpress | 2026-04-16 | 7.5 High |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Retrieve Embedded Sensitive Data.This issue affects Nexter Blocks: from n/a through <= 4.6.3. | ||||
| CVE-2026-24380 | 2 Metagauss, Wordpress | 2 Eventprime, Wordpress | 2026-04-16 | 8.8 High |
| Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through <= 4.2.8.0. | ||||
| CVE-2026-24388 | 1 Wordpress | 1 Wordpress | 2026-04-16 | 4.3 Medium |
| Missing Authorization vulnerability in Ludwig You WPMasterToolKit wpmastertoolkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPMasterToolKit: from n/a through <= 2.14.0. | ||||
| CVE-2026-24390 | 3 Elementor, Qantumthemes, Wordpress | 3 Elementor, Kentha Elementor Widgets, Wordpress | 2026-04-16 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in QantumThemes Kentha Elementor Widgets kentha-elementor allows PHP Local File Inclusion.This issue affects Kentha Elementor Widgets: from n/a through < 3.1. | ||||
| CVE-2026-24306 | 1 Microsoft | 1 Azure Front Door | 2026-04-16 | 9.8 Critical |
| Improper access control in Azure Front Door (AFD) allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2026-24304 | 1 Microsoft | 1 Azure Resource Manager | 2026-04-16 | 9.9 Critical |
| Improper access control in Azure Resource Manager allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2026-24523 | 1 Wordpress | 1 Wordpress | 2026-04-16 | 7.5 High |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Marcus (aka @msykes) WP FullCalendar wp-fullcalendar allows Retrieve Embedded Sensitive Data.This issue affects WP FullCalendar: from n/a through <= 1.6. | ||||
| CVE-2026-24524 | 1 Wordpress | 1 Wordpress | 2026-04-16 | 8.1 High |
| Missing Authorization vulnerability in Essekia Tablesome tablesome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tablesome: from n/a through <= 1.2.6. | ||||
| CVE-2026-24529 | 2 Alejandro, Wordpress | 2 Quick Restaurant Reservations, Wordpress | 2026-04-16 | 5.3 Medium |
| Missing Authorization vulnerability in Alejandro Quick Restaurant Reservations quick-restaurant-reservations allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quick Restaurant Reservations: from n/a through <= 1.6.7. | ||||
| CVE-2026-24534 | 1 Wordpress | 1 Wordpress | 2026-04-16 | 8.8 High |
| Missing Authorization vulnerability in uPress Booter booter-bots-crawlers-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booter: from n/a through <= 1.5.7. | ||||
| CVE-2026-24536 | 2 Webpushr, Wordpress | 2 Web Push Notifications, Wordpress | 2026-04-16 | 7.5 High |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in webpushr Webpushr webpushr-web-push-notifications allows Retrieve Embedded Sensitive Data.This issue affects Webpushr: from n/a through <= 4.38.0. | ||||
| CVE-2026-24539 | 2 Clickdatos, Wordpress | 2 Proteccion De Datos Rgpd, Wordpress | 2026-04-16 | 5.3 Medium |
| Missing Authorization vulnerability in ABCdatos Protección de datos – RGPD proteccion-datos-rgpd allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Protección de datos – RGPD: from n/a through <= 0.68. | ||||
| CVE-2026-24540 | 2 Prince, Wordpress | 2 Integrate Google Drive, Wordpress | 2026-04-16 | 5.4 Medium |
| Missing Authorization vulnerability in princeahmed Integrate Google Drive integrate-google-drive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integrate Google Drive: from n/a through <= 1.5.6. | ||||
| CVE-2026-24541 | 2 Mkscripts, Wordpress | 2 Download After Email, Wordpress | 2026-04-16 | 5.3 Medium |
| Missing Authorization vulnerability in mkscripts Download After Email download-after-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download After Email: from n/a through <= 2.1.9. | ||||
| CVE-2026-24542 | 1 Wordpress | 1 Wordpress | 2026-04-16 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in John James Jacoby WP Term Order wp-term-order allows Cross Site Request Forgery.This issue affects WP Term Order: from n/a through <= 2.1.0. | ||||