Export limit exceeded: 344803 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 344803 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 344803 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344803 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-11915 | 2026-04-15 | 4.3 Medium | ||
| The RRAddons for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.0 via the Popup block due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts that they should not have access to. | ||||
| CVE-2025-2513 | 2026-04-15 | 6.4 Medium | ||
| The Smart Icons For WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Editor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | ||||
| CVE-2025-7735 | 2026-04-15 | 7.5 High | ||
| The Hospital Information System developed by UNIMAX has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents. | ||||
| CVE-2025-2484 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.1 Medium |
| The Multi Video Box plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'video_id' and 'group_id' parameters in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2025-24836 | 2026-04-15 | 7.1 High | ||
| With a specially crafted Python script, an attacker could send continuous startMeasurement commands over an unencrypted Bluetooth connection to the affected device. This would prevent the device from connecting to a clinician's app to take patient readings and ostensibly flood it with requests, resulting in a denial-of-service condition. | ||||
| CVE-2025-24620 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hkharpreetkumar1 AIO Shortcodes aio-shortcodes allows Stored XSS.This issue affects AIO Shortcodes: from n/a through <= 1.3. | ||||
| CVE-2025-24626 | 2 Codepeople, Wordpress | 2 Music Store, Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople Music Store music-store allows Reflected XSS.This issue affects Music Store: from n/a through <= 1.1.19. | ||||
| CVE-2025-24629 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpgear Import Excel to Gravity Forms gf-excel-import allows Reflected XSS.This issue affects Import Excel to Gravity Forms: from n/a through <= 1.18. | ||||
| CVE-2025-24630 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MantraBrain Sikshya LMS sikshya allows Reflected XSS.This issue affects Sikshya LMS: from n/a through <= 0.0.21. | ||||
| CVE-2023-48361 | 2026-04-15 | 2.3 Low | ||
| Improper initialization in firmware for some Intel(R) CSME may allow a privileged user to potentially enable information disclosure via local access. | ||||
| CVE-2025-24616 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UIUX Lab Uix Page Builder uix-page-builder allows Reflected XSS.This issue affects Uix Page Builder: from n/a through <= 1.7.3. | ||||
| CVE-2025-24623 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Really Simple Plugins Really Simple SSL really-simple-ssl allows Cross Site Request Forgery.This issue affects Really Simple SSL: from n/a through <= 9.1.4. | ||||
| CVE-2025-24627 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Linnea Huxford Blur Text blur-text allows Stored XSS.This issue affects Blur Text: from n/a through <= 1.0.0. | ||||
| CVE-2025-24631 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shanebp BP Email Assign Templates bp-email-assign-templates allows Reflected XSS.This issue affects BP Email Assign Templates: from n/a through <= 1.5. | ||||
| CVE-2025-24624 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DevItems HT Event ht-event allows Reflected XSS.This issue affects HT Event: from n/a through <= 1.4.6. | ||||
| CVE-2025-24632 | 2 Algolplus, Wordpress | 2 Advanced Dynamic Pricing For Woocommerce, Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in algol.plus Advanced Dynamic Pricing for WooCommerce advanced-dynamic-pricing-for-woocommerce allows Reflected XSS.This issue affects Advanced Dynamic Pricing for WooCommerce: from n/a through <= 4.9.0. | ||||
| CVE-2025-24636 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Rick Laymance MachForm Shortcode machform-shortcode allows Stored XSS.This issue affects MachForm Shortcode: from n/a through <= 1.4.1. | ||||
| CVE-2025-36519 | 2026-04-15 | N/A | ||
| Unrestricted upload of file with dangerous type issue exists in WRC-2533GST2, WRC-1167GST2, WRC-2533GST2, WRC-2533GS2V-B,WRC-2533GS2-B v1.69 and earlier, WRC-2533GS2-W, WRC-1167GST2, WRC-1167GS2-B, and WRC-1167GS2H-B. If a specially crafted file is uploaded by a remote authenticated attacker, arbitrary code may be executed on the product. | ||||
| CVE-2025-24637 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Syed Balkhi Beacon Lead Magnets and Lead Capture beacon-by allows Reflected XSS.This issue affects Beacon Lead Magnets and Lead Capture: from n/a through <= 1.5.7. | ||||
| CVE-2025-24638 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pddring Create with Code create-with-code allows DOM-Based XSS.This issue affects Create with Code: from n/a through <= 1.4. | ||||