Export limit exceeded: 344880 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344880 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-30538 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in ChrisHurst Simple Optimizer simple-optimizer allows Cross Site Request Forgery.This issue affects Simple Optimizer: from n/a through <= 1.2.7. | ||||
| CVE-2025-30528 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in wpshopee Awesome Logos awesome-logos allows SQL Injection.This issue affects Awesome Logos: from n/a through <= 1.2. | ||||
| CVE-2025-30537 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cristian Sarov Upload Quota per User upload-quota-per-user allows Stored XSS.This issue affects Upload Quota per User: from n/a through <= 1.3. | ||||
| CVE-2025-30539 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Benedikt Mo BMo Expo bmo-expo allows Stored XSS.This issue affects BMo Expo: from n/a through <= 1.0.15. | ||||
| CVE-2025-30529 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Sébastien Dumont Auto Load Next Post auto-load-next-post allows Cross Site Request Forgery.This issue affects Auto Load Next Post: from n/a through <= 1.5.14. | ||||
| CVE-2024-3657 | 1 Redhat | 5 Directory Server, Directory Server E4s, Directory Server Eus and 2 more | 2026-04-15 | 7.5 High |
| A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service | ||||
| CVE-2025-30530 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Atikul AI Preloader ai-preloader allows Stored XSS.This issue affects AI Preloader: from n/a through <= 1.0.2. | ||||
| CVE-2025-30531 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in GBS Developer WP Ride Booking wp-ride-booking allows Cross Site Request Forgery.This issue affects WP Ride Booking: from n/a through <= 2.4. | ||||
| CVE-2025-30532 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MorganF Weather Layer weather-layer allows Stored XSS.This issue affects Weather Layer: from n/a through <= 4.2.1. | ||||
| CVE-2025-30533 | 2 Gopiplus, Wordpress | 2 Message Ticker, Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gopiplus Message ticker message-ticker allows Stored XSS.This issue affects Message ticker: from n/a through <= 9.3. | ||||
| CVE-2026-25676 | 1 M-audio | 1 M-track Duo Hd | 2026-04-15 | N/A |
| The installer of M-Track Duo HD version 1.0.0 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with administrator privileges. | ||||
| CVE-2025-30534 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in captcha.soft Image Captcha image-captcha allows Cross Site Request Forgery.This issue affects Image Captcha: from n/a through <= 1.2. | ||||
| CVE-2025-30540 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in avaibook AvaiBook avaibook allows Stored XSS.This issue affects AvaiBook: from n/a through <= 1.2. | ||||
| CVE-2025-40241 | 1 Linux | 1 Linux Kernel | 2026-04-15 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: erofs: fix crafted invalid cases for encoded extents Robert recently reported two corrupted images that can cause system crashes, which are related to the new encoded extents introduced in Linux 6.15: - The first one [1] has plen != 0 (e.g. plen == 0x2000000) but (plen & Z_EROFS_EXTENT_PLEN_MASK) == 0. It is used to represent special extents such as sparse extents (!EROFS_MAP_MAPPED), but previously only plen == 0 was handled; - The second one [2] has pa 0xffffffffffdcffed and plen 0xb4000, then "cur [0xfffffffffffff000] += bvec.bv_len [0x1000]" in "} while ((cur += bvec.bv_len) < end);" wraps around, causing an out-of-bound access of pcl->compressed_bvecs[] in z_erofs_submit_queue(). EROFS only supports 48-bit physical block addresses (up to 1EiB for 4k blocks), so add a sanity check to enforce this. | ||||
| CVE-2025-30542 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in wpsolutions SoundCloud Ultimate soundcloud-ultimate allows Cross Site Request Forgery.This issue affects SoundCloud Ultimate: from n/a through <= 1.5. | ||||
| CVE-2025-30543 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in swayam.tejwani Menu Duplicator copy-menu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Menu Duplicator: from n/a through <= 1.0. | ||||
| CVE-2025-30544 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in svmidi OK Poster Group ok-poster-group allows Reflected XSS.This issue affects OK Poster Group: from n/a through <= 1.1. | ||||
| CVE-2026-25828 | 1 Antynea | 1 Grub-btrfs | 2026-04-15 | 5.4 Medium |
| grub-btrfs through 2026-01-31 (on Arch Linux and derivative distributions) allows initramfs OS command injection because it does not sanitize the $root parameter to resolve_device(). NOTE: a third party reports "exploitation may not be feasible under normal conditions and may depend on specific implementation details within resolve_device." | ||||
| CVE-2025-30545 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pixeline issuuPress issuupress allows Stored XSS.This issue affects issuuPress: from n/a through <= 1.3.2. | ||||
| CVE-2024-37020 | 1 Intel | 1 Xeon Processors | 2026-04-15 | 3.8 Low |
| Sequence of processor instructions leads to unexpected behavior in the Intel(R) DSA V1.0 for some Intel(R) Xeon(R) Processors may allow an authenticated user to potentially enable denial of service via local access. | ||||