Export limit exceeded: 346637 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346637 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-68545 | 2 Thembay, Wordpress | 2 Nika, Wordpress | 2026-04-24 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Nika nika allows PHP Local File Inclusion.This issue affects Nika: from n/a through <= 1.2.14. | ||||
| CVE-2025-68552 | 2 Webcodingplace, Wordpress | 2 Woocommerce Coming Soon Product With Countdown, Wordpress | 2026-04-24 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WebCodingPlace WooCommerce Coming Soon Product with Countdown woo-coming-soon-product allows PHP Local File Inclusion.This issue affects WooCommerce Coming Soon Product with Countdown: from n/a through <= 5.0. | ||||
| CVE-2025-68564 | 2 Sendy, Wordpress | 2 Sendy, Wordpress | 2026-04-24 | 6.5 Medium |
| Missing Authorization vulnerability in sendy Sendy sendy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sendy: from n/a through <= 3.4.2. | ||||
| CVE-2025-68837 | 2 Elextensions, Wordpress | 2 Elex Wordpress Helpdesk & Customer Ticketing System, Wordpress | 2026-04-24 | 6.5 Medium |
| Missing Authorization vulnerability in ELEXtensions ELEX WordPress HelpDesk & Customer Ticketing System elex-helpdesk-customer-support-ticket-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ELEX WordPress HelpDesk & Customer Ticketing System: from n/a through <= 3.3.5. | ||||
| CVE-2025-68852 | 2 Webmuehle, Wordpress | 2 Court Reservation, Wordpress | 2026-04-24 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webmuehle Court Reservation court-reservation allows Reflected XSS.This issue affects Court Reservation: from n/a through <= 1.10.13. | ||||
| CVE-2025-68853 | 2 Kleor, Wordpress | 2 Contact Manager, Wordpress | 2026-04-24 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in Kleor Contact Manager contact-manager allows Object Injection.This issue affects Contact Manager: from n/a through <= 9.1.1. | ||||
| CVE-2025-69063 | 2 Saad Iqbal, Wordpress | 2 New User Approve, Wordpress | 2026-04-24 | 8.6 High |
| Missing Authorization vulnerability in Saad Iqbal New User Approve new-user-approve allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects New User Approve: from n/a through <= 3.2.0. | ||||
| CVE-2025-69298 | 2 Ghostpool, Wordpress | 2 Gauge, Wordpress | 2026-04-24 | 7.5 High |
| Missing Authorization vulnerability in GhostPool Gauge gauge allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gauge: from n/a through <= 6.56.4. | ||||
| CVE-2025-69303 | 2 Modeltheme, Wordpress | 2 Modeltheme Framework, Wordpress | 2026-04-24 | 7.5 High |
| Missing Authorization vulnerability in modeltheme ModelTheme Framework modeltheme-framework allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ModelTheme Framework: from n/a through < 2.0.0. | ||||
| CVE-2025-69373 | 2 Beeteam368, Wordpress | 2 Vidorev, Wordpress | 2026-04-24 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in beeteam368 VidoRev vidorev allows PHP Local File Inclusion.This issue affects VidoRev: from n/a through <= 2.9.9.9.9.9.7. | ||||
| CVE-2025-69378 | 2 Wordpress, Xforwoocommerce | 2 Wordpress, Product Filter For Woocommerce | 2026-04-24 | 7.2 High |
| Incorrect Privilege Assignment vulnerability in XforWooCommerce Product Filter for WooCommerce prdctfltr allows Privilege Escalation.This issue affects Product Filter for WooCommerce: from n/a through <= 9.1.2. | ||||
| CVE-2026-22471 | 2 Maximsecudeal, Wordpress | 2 Secudeal Payments For Ecommerce, Wordpress | 2026-04-24 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in maximsecudeal Secudeal Payments for Ecommerce secudeal-payments-for-ecommerce allows Object Injection.This issue affects Secudeal Payments for Ecommerce: from n/a through <= 1.1. | ||||
| CVE-2025-69393 | 2 Jthemes, Wordpress | 2 Exzo, Wordpress | 2026-04-24 | 7.5 High |
| Missing Authorization vulnerability in Jthemes Exzo exzo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Exzo: from n/a through <= 1.2.4. | ||||
| CVE-2026-6911 | 1 Aws | 1 Aws Ops Wheel | 2026-04-24 | 9.8 Critical |
| Missing JWT signature verification in AWS Ops Wheel allows unauthenticated attackers to forge JWT tokens and gain unintended administrative access to the application, including the ability to read, modify, and delete all application data across tenants and manage Cognito user accounts within the deployment's User Pool, via a crafted JWT sent to the API Gateway endpoint. To remediate this issue, users should redeploy from the updated repository and ensure any forked or derivative code is patched to incorporate the new fixes. | ||||
| CVE-2026-41411 | 2026-04-24 | 6.6 Medium | ||
| Vim is an open source, command line text editor. Prior to 9.2.0357, A command injection vulnerability exists in Vim's tag file processing. When resolving a tag, the filename field from the tags file is passed through wildcard expansion to resolve environment variables and wildcards. If the filename field contains backtick syntax (e.g., `command`), Vim executes the embedded command via the system shell with the full privileges of the running user. | ||||
| CVE-2026-6912 | 1 Aws | 1 Aws Ops Wheel | 2026-04-24 | 8.8 High |
| Improperly controlled modification of dynamically-determined object attributes in the Cognito User Pool configuration in AWS Ops Wheel before PR #165 allows remote authenticated users to escalate to deployment admin privileges and manage Cognito user accounts via a crafted UpdateUserAttributes API call that sets the custom:deployment_admin attribute. To remediate this issue, users should redeploy from the updated repository and ensure any forked or derivative code is patched to incorporate the new fixes. | ||||
| CVE-2026-40897 | 2026-04-24 | 8.8 High | ||
| Math.js is an extensive math library for JavaScript and Node.js. From 13.1.1 to before 15.2.0, a vulnerability allowed executing arbitrary JavaScript via the expression parser of mathjs. You can be affected when you have an application where users can evaluate arbitrary expressions using the mathjs expression parser. This vulnerability is fixed in 15.2.0. | ||||
| CVE-2026-42095 | 2026-04-24 | 4 Medium | ||
| bookserver in KDE Arianna before 26.04.1 allows attackers to read files over a socket connection by guessing a URL. | ||||
| CVE-2026-31050 | 2026-04-24 | 4.9 Medium | ||
| Cross Site Scripting vulnerability in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to execute arbitrary code | ||||
| CVE-2026-31051 | 2026-04-24 | 3.8 Low | ||
| An issue in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to cause a denial of service via the Client Balance component | ||||