Export limit exceeded: 344890 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344890 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-24625 | 2 Imaginate-solutions, Wordpress | 2 File Uploads Addon For Woocommerce, Wordpress | 2026-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in Imaginate Solutions File Uploads Addon for WooCommerce woo-addon-uploads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects File Uploads Addon for WooCommerce: from n/a through <= 1.7.3. | ||||
| CVE-2026-24633 | 2 Passionatebrains, Wordpress | 2 Add Expires Headers \& Optimized Minify, Wordpress | 2026-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in Passionate Brains Add Expires Headers & Optimized Minify add-expires-headers allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Add Expires Headers & Optimized Minify: from n/a through <= 3.1.0. | ||||
| CVE-2025-31655 | 1 Intel | 1 Battery Life Diagnostic Tool | 2026-04-15 | 6.7 Medium |
| Incorrect default permissions for some Intel(R) Battery Life Diagnostic Tool within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | ||||
| CVE-2025-40679 | 1 Bdtask | 1 Isshue | 2026-04-15 | N/A |
| HTML Injection vulnerability in Isshue by Bdtask, consisting os an HTML injection due to a lack os proper validation of user input by sending a POST request to '/category_product_search', affecting the 'product_name' parameter. | ||||
| CVE-2024-43290 | 1 Atarim | 1 Atarim | 2026-04-15 | N/A |
| Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual-collaboration.This issue affects Atarim: from n/a through <= 4.0.1. | ||||
| CVE-2025-40697 | 1 Lewe | 1 Webmeasure | 2026-04-15 | N/A |
| Reflected Cross-Site Scripting (XSS) vulnerability in '/index.php' in Lewe WebMeasure, which allows remote attackers to execute arbitrary code through the 'page' parameter. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user. | ||||
| CVE-2025-4644 | 1 Payloadcms | 1 Payload | 2026-04-15 | N/A |
| A Session Fixation vulnerability existed in Payload's SQLite adapter due to identifier reuse during account creation. A malicious attacker could create a new account, save its JSON Web Token (JWT), and then delete the account, which did not invalidate the JWT. As a result, the next newly created user would receive the same identifier, allowing the attacker to reuse the JWT to authenticate and perform actions as that user. This issue has been fixed in version 3.44.0 of Payload. | ||||
| CVE-2025-3169 | 2026-04-15 | 5 Medium | ||
| A vulnerability was found in Projeqtor up to 12.0.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /tool/saveAttachment.php. The manipulation of the argument attachmentFiles leads to unrestricted upload. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 12.0.3 is able to address this issue. It is recommended to upgrade the affected component. The vendor explains, that "this vulnerability can be exploited only on not securely installed instances, as it is adviced during product install: attachment directory should be out of web reach, so that even if executable file can be uploaded, it cannot be executed through the web." | ||||
| CVE-2025-40698 | 2026-04-15 | N/A | ||
| SQL injection vulnerability in Prevengos v2.44 by Nedatec Consulting. This vulnerability allows an attacker to retrieve, create, update, and delete databases by sending a POST request using the parameters “mpsCentroin”, “mpsEmpresa”, “mpsProyecto”, and “mpsContrata” in “/servicios/autorizaciones.asmx/mfsRecuperarListado”. | ||||
| CVE-2024-43306 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Lab WP-Lister Lite for eBay wp-lister-for-ebay.This issue affects WP-Lister Lite for eBay: from n/a through <= 3.6.0. | ||||
| CVE-2025-31702 | 1 Dahua | 2 Ipc, Sd | 2026-04-15 | 6.8 Medium |
| A vulnerability exists in certain Dahua embedded products. Third-party malicious attacker with obtained normal user credentials could exploit the vulnerability to access certain data which are restricted to admin privileges, such as system-sensitive files through specific HTTP request. This may cause tampering with admin password, leading to privilege escalation. Systems with only admin account are not affected. | ||||
| CVE-2025-31713 | 2026-04-15 | 8.4 High | ||
| In engineer mode service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. | ||||
| CVE-2025-46440 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mark kStats Reloaded kstats-reloaded allows Reflected XSS.This issue affects kStats Reloaded: from n/a through <= 0.7.4. | ||||
| CVE-2025-31714 | 2026-04-15 | 6.8 Medium | ||
| In Developer Tools, there is a possible missing verification incorrect input. This could lead to local escalation of privilege with no additional execution privileges needed. | ||||
| CVE-2025-46445 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pReya External Markdown external-markdown allows Stored XSS.This issue affects External Markdown: from n/a through <= 0.0.1. | ||||
| CVE-2025-31715 | 2026-04-15 | 9.8 Critical | ||
| In vowifi service, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. | ||||
| CVE-2025-31717 | 1 Unisoc | 8 S8000, T750, T760 and 5 more | 2026-04-15 | 7.5 High |
| In modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. | ||||
| CVE-2025-31718 | 1 Unisoc | 11 S8000, T606, T612 and 8 more | 2026-04-15 | 7.5 High |
| In modem, there is a possible system crash due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. | ||||
| CVE-2025-31719 | 1 Unisoc | 17 S8000, Sc7731e, Sc9832e and 14 more | 2026-04-15 | 5.1 Medium |
| In TEE EcDSA algorithm, there is a possible memory consistency issue. This could lead to generated incorrect signature results with low probability. | ||||
| CVE-2025-5303 | 2026-04-15 | 7.2 High | ||
| The LTL Freight Quotes – Freightview Edition, LTL Freight Quotes – Daylight Edition and LTL Freight Quotes – Day & Ross Edition plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the expiry_date parameter in all versions up to, and including, 1.0.11, 2.2.6 and 2.1.10 respectively, due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||