Export limit exceeded: 344883 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344883 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-40336 | 1 Linux | 1 Linux Kernel | 2026-04-15 | 7.0 High |
| In the Linux kernel, the following vulnerability has been resolved: drm/gpusvm: fix hmm_pfn_to_map_order() usage Handle the case where the hmm range partially covers a huge page (like 2M), otherwise we can potentially end up doing something nasty like mapping memory which is outside the range, and maybe not even mapped by the mm. Fix is based on the xe userptr code, which in a future patch will directly use gpusvm, so needs alignment here. v2: - Add kernel-doc (Matt B) - s/fls/ilog2/ (Thomas) | ||||
| CVE-2025-31007 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alvind Billplz Addon for Contact Form 7 billplz-for-contact-form-7 allows Reflected XSS.This issue affects Billplz Addon for Contact Form 7: from n/a through <= 1.2.0. | ||||
| CVE-2025-31009 | 2026-04-15 | N/A | ||
| Server-Side Request Forgery (SSRF) vulnerability in Jan Boddez IndieBlocks indieblocks allows Server Side Request Forgery.This issue affects IndieBlocks: from n/a through <= 0.13.1. | ||||
| CVE-2025-3101 | 2026-04-15 | 8.8 High | ||
| The Configurator Theme Core plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.4.7. This is due to the plugin not properly validating user meta fields prior to updating them in the database. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change escalate their privileges to Administrator. | ||||
| CVE-2025-31010 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in ReichertBrothers SimplyRETS Real Estate IDX simply-rets allows Cross Site Request Forgery.This issue affects SimplyRETS Real Estate IDX: from n/a through <= 3.0.5. | ||||
| CVE-2025-31011 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ReichertBrothers SimplyRETS Real Estate IDX simply-rets allows Reflected XSS.This issue affects SimplyRETS Real Estate IDX: from n/a through <= 3.2.2. | ||||
| CVE-2025-31012 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in Phil Age Gate age-gate allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Age Gate: from n/a through <= 3.5.4. | ||||
| CVE-2023-23726 | 2 Tickera, Wordpress | 2 Tickera, Wordpress | 2026-04-15 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Tickera.com Tickera allows Cross Site Request Forgery.This issue affects Tickera: from n/a through 3.5.1.0. | ||||
| CVE-2025-31014 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Hossein Material Dashboard material-dashboard allows PHP Local File Inclusion.This issue affects Material Dashboard: from n/a through <= 1.4.5. | ||||
| CVE-2025-31015 | 2026-04-15 | N/A | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Adrian Tobey WordPress SMTP Service, Email Delivery Solved! — MailHawk mailhawk allows PHP Local File Inclusion.This issue affects WordPress SMTP Service, Email Delivery Solved! — MailHawk: from n/a through <= 1.3.1. | ||||
| CVE-2025-4701 | 2026-04-15 | 5.3 Medium | ||
| A vulnerability, which was classified as problematic, has been found in VITA-MLLM Freeze-Omni up to 20250421. This issue affects the function torch.load of the file models/utils.py. The manipulation of the argument path leads to deserialization. It is possible to launch the attack on the local host. | ||||
| CVE-2023-25714 | 1 Fullworksplugins | 1 Quick Paypal Payments | 2026-04-15 | 7.5 High |
| Missing Authorization vulnerability in Fullworks Quick Paypal Payments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quick Paypal Payments: from n/a through 5.7.25. | ||||
| CVE-2023-25790 | 2 Wordpress, Xtemos | 2 Wordpress, Woodmart | 2026-04-15 | 5.3 Medium |
| Improper Authentication, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in xtemos WoodMart allows Cross-Site Scripting (XSS).This issue affects WoodMart: from n/a through 7.0.4. | ||||
| CVE-2025-31016 | 2026-04-15 | N/A | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Crocoblock JetWooBuilder jet-woo-builder allows PHP Local File Inclusion.This issue affects JetWooBuilder: from n/a through <= 2.1.18. | ||||
| CVE-2025-31017 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Robert Noakes Nav Menu Manager noakes-menu-manager allows Stored XSS.This issue affects Nav Menu Manager: from n/a through <= 3.2.5. | ||||
| CVE-2025-14000 | 2 Stellarwp, Wordpress | 2 Membership Plugin - Restrict Content, Wordpress | 2026-04-15 | 6.4 Medium |
| The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'register_form' and 'restrict' shortcodes in all versions up to, and including, 3.2.15 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-31018 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FireDrum FireDrum Email Marketing firedrum-email-marketing allows Reflected XSS.This issue affects FireDrum Email Marketing: from n/a through <= 1.64. | ||||
| CVE-2025-31019 | 2026-04-15 | N/A | ||
| Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Password Policy Manager password-policy-manager allows Authentication Abuse.This issue affects Password Policy Manager: from n/a through <= 2.0.4. | ||||
| CVE-2025-31023 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Purab Seo Meta Tags seo-meta-tags allows Cross Site Request Forgery.This issue affects Seo Meta Tags: from n/a through <= 1.4. | ||||
| CVE-2025-40338 | 1 Linux | 1 Linux Kernel | 2026-04-15 | 7.0 High |
| In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Do not share the name pointer between components By sharing 'name' directly, tearing down components may lead to use-after-free errors. Duplicate the name to avoid that. At the same time, update the order of operations - since commit cee28113db17 ("ASoC: dmaengine_pcm: Allow passing component name via config") the framework does not override component->name if set before invoking the initializer. | ||||