Export limit exceeded: 344819 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344819 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-40722 | 2026-04-15 | N/A | ||
| Stored Cross-Site Scripting (XSS) vulnerability in versions prior to Flatboard 3.2.2 of Flatboard Pro, consisting of a stored XSS due to lack of proper validation of user input, through the replace parameter in /config.php/tags. | ||||
| CVE-2025-31787 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in AudioTheme Cue cue allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cue: from n/a through <= 2.4.4. | ||||
| CVE-2024-57068 | 2026-04-15 | 7.5 High | ||
| A prototype pollution in the lib.mutateMergeDeep function of @tanstack/form-core v0.35.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. | ||||
| CVE-2025-31789 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in Matat Technologies TextMe SMS textme-sms-integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TextMe SMS: from n/a through <= 1.9.1. | ||||
| CVE-2024-57071 | 2026-04-15 | 7.5 High | ||
| A prototype pollution in the lib.combine function of php-parser v3.2.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. | ||||
| CVE-2025-31790 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Binsaifullah Posten posten-post-blocks allows DOM-Based XSS.This issue affects Posten: from n/a through <= 0.0.1. | ||||
| CVE-2025-46461 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Relentless Apps RRSSB rrssb allows DOM-Based XSS.This issue affects RRSSB: from n/a through <= 1.0.1. | ||||
| CVE-2025-31791 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in Oliver Boyers Pin Generator pin-generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pin Generator: from n/a through <= 2.0.0. | ||||
| CVE-2024-0847 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| The 5280 Bootstrap Modal Contact Form plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation in class-sbmm-list-table.php. This makes it possible for unauthenticated attackers to bulk delete messages via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-31792 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in piotnetdotcom Piotnet Forms piotnetforms allows Stored XSS.This issue affects Piotnet Forms: from n/a through <= 1.0.30. | ||||
| CVE-2025-31793 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in piotnetdotcom Piotnet Forms piotnetforms allows Stored XSS.This issue affects Piotnet Forms: from n/a through <= 1.0.30. | ||||
| CVE-2025-31794 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in Web Ready Now WR Price List Manager For Woocommerce wr-price-list-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WR Price List Manager For Woocommerce: from n/a through <= 1.0.8. | ||||
| CVE-2025-31795 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in Plugin Devs Shopify to WooCommerce Migration migrate-shopify-to-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shopify to WooCommerce Migration: from n/a through <= 1.3.0. | ||||
| CVE-2025-31798 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in publitio Publitio publitio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Publitio: from n/a through <= 2.1.8. | ||||
| CVE-2025-46462 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Trân Minh-Quân WPVN wpvn-username-changer allows Cross Site Request Forgery.This issue affects WPVN: from n/a through <= 0.7.8. | ||||
| CVE-2025-31799 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in publitio Publitio publitio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Publitio: from n/a through <= 2.1.8. | ||||
| CVE-2025-31800 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in publitio Publitio publitio allows Path Traversal.This issue affects Publitio: from n/a through <= 2.2.0. | ||||
| CVE-2025-31801 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Maksym Marko MX Time Zone Clocks mx-time-zone-clocks allows Reflected XSS.This issue affects MX Time Zone Clocks: from n/a through <= 5.1.1. | ||||
| CVE-2025-31802 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in Shiptimize Shiptimize for WooCommerce shiptimize-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shiptimize for WooCommerce: from n/a through <= 3.1.86. | ||||
| CVE-2025-31804 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DraftPress Team Follow Us Badges wpsite-follow-us-badges allows Stored XSS.This issue affects Follow Us Badges: from n/a through <= 3.1.11. | ||||