Export limit exceeded: 344809 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344809 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-26939 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins Counters Block counters-block allows Stored XSS.This issue affects Counters Block: from n/a through <= 1.1.2. | ||||
| CVE-2025-43982 | 2026-04-15 | 9.8 Critical | ||
| Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43 devices enable the SSH service by default. There is a hidden hard-coded root account that cannot be disabled in the GUI. | ||||
| CVE-2025-26943 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jürgen Müller Easy Quotes easy-quotes allows Blind SQL Injection.This issue affects Easy Quotes: from n/a through <= 1.2.2. | ||||
| CVE-2025-4001 | 2026-04-15 | 3.3 Low | ||
| A vulnerability has been found in scipopt scip up to 9.2.1 and classified as problematic. Affected by this vulnerability is the function main of the file examples/LOP/src/genRandomLOPInstance.c of the component File Descriptor Handler. The manipulation of the argument File leads to uncontrolled file descriptor consumption. Local access is required to approach this attack. Upgrading to version 9.2.2 is able to address this issue. The identifier of the patch is d6da63b941216d75fbc1aefea9abf1de6712a2d0. It is recommended to upgrade the affected component. | ||||
| CVE-2025-43983 | 1 Kuwfi | 1 Cpf908-cp5 | 2026-04-15 | 9.1 Critical |
| KuWFi CPF908-CP5 WEB5.0_LCD_20210125 devices have multiple unauthenticated access control vulnerabilities within goform/goform_set_cmd_process and goform/goform_get_cmd_process. These allow an unauthenticated attacker to retrieve sensitive information (including the device admin username and password), modify critical device settings, and send arbitrary SMS messages. | ||||
| CVE-2025-4767 | 2026-04-15 | 5.3 Medium | ||
| A vulnerability was found in defog-ai introspect up to 0.1.4. It has been rated as critical. Affected by this issue is the function test_custom_tool of the file introspect/backend/integration_routes.py of the component Test Endpoint. The manipulation of the argument input_model leads to code injection. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-26946 | 2026-04-15 | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in jgwhite33 WP Yelp Review Slider wp-yelp-review-slider allows Blind SQL Injection.This issue affects WP Yelp Review Slider: from n/a through <= 8.1. | ||||
| CVE-2025-43984 | 1 Kuwfi | 1 Gc111 | 2026-04-15 | 9.8 Critical |
| An issue was discovered on KuWFi GC111 devices (Hardware Version: CPE-LM321_V3.2, Software Version: GC111-GL-LM321_V3.0_20191211). They are vulnerable to unauthenticated /goform/goform_set_cmd_process requests. A crafted POST request, using the SSID parameter, allows remote attackers to execute arbitrary OS commands with root privileges. | ||||
| CVE-2025-47671 | 2026-04-15 | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LETSCMS MLM Software Binary MLM Plan binary-mlm-plan allows SQL Injection.This issue affects Binary MLM Plan: from n/a through <= 3.0. | ||||
| CVE-2025-9882 | 2 Osticket, Wordpress | 2 Osticket, Wordpress | 2026-04-15 | 6.1 Medium |
| The osTicket WP Bridge plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-9883 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.1 Medium |
| The Browser Sniff plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-26947 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins Services Section block services-section allows Stored XSS.This issue affects Services Section block: from n/a through <= 1.3.4. | ||||
| CVE-2025-9888 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| The Maspik – Ultimate Spam Protection plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.6. This is due to missing or incorrect nonce validation on the clear_log function. This makes it possible for unauthenticated attackers to clear all spam logs via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-26948 | 2026-04-15 | 4.3 Medium | ||
| Missing Authorization vulnerability in NotFound Pie Register Premium. This issue affects Pie Register Premium: from n/a through 3.8.3.2. | ||||
| CVE-2025-44002 | 2 Microsoft, Teamviewer | 3 Windows, Full Client, Host | 2026-04-15 | 6.1 Medium |
| Race Condition in the Directory Validation Logic in the TeamViewer Full Client and Host prior version 15.69 on Windows allows a local non-admin user to create arbitrary files with SYSTEM privileges, potentially leading to a denial-of-service condition, via symbolic link manipulation during directory verification. | ||||
| CVE-2025-9897 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| The AP Background plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.2. This is due to missing or incorrect nonce validation on the advParallaxBackAdminSaveSlider function. This makes it possible for unauthenticated attackers to create or modify background sliders via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-34808 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samuel Marshall JCH Optimize.This issue affects JCH Optimize: from n/a through 4.2.0. | ||||
| CVE-2025-26951 | 2 Covertnine, Wordpress | 2 C9 Blocks, Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in covertnine C9 Blocks c9-blocks allows DOM-Based XSS.This issue affects C9 Blocks: from n/a through <= 1.7.7. | ||||
| CVE-2025-26953 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in Crocoblock JetMenu jet-menu allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetMenu: from n/a through <= 2.4.9. | ||||
| CVE-2025-44003 | 2026-04-15 | 4.3 Medium | ||
| Missing Release of Resource after Effective Lifetime (CWE-772) in the Gallagher T-Series Reader allows an attacker with physical access to the reader to perform a limited denial of service when 125 kHz Card Technology is enabled. This issue affects T-Series Readers: 9.20 prior to vCR9.20.250213a (distributed in 9.20.1827 (MR2)), 9.10 prior to vCR9.10.250213a (distributed in 9.10.2692(MR5)), 9.00 prior to vCR9.00.250619a (distributed in vEL9.00.3371 (MR7)), all versions of 8.90 and prior. | ||||