Export limit exceeded: 348830 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 79936 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (79936 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-52481 | 1 Astoundify | 2 Jobify, Jobify Job Board Wordpress Theme | 2026-04-01 | 7.5 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Astoundify Jobify jobify allows Relative Path Traversal.This issue affects Jobify: from n/a through < 4.3.0. | ||||
| CVE-2024-49219 | 1 Themexpo | 1 Rs-members | 2026-04-01 | 8.8 High |
| Incorrect Privilege Assignment vulnerability in themexpo RS-Members rs-members allows Privilege Escalation.This issue affects RS-Members: from n/a through <= 1.0.3. | ||||
| CVE-2023-6080 | 2 Lakeside Software, Lakesidesoftware | 2 Systrack Lsiagent Installer, Systrack Lsiagent | 2026-04-01 | 7.8 High |
| Lakeside Software’s SysTrack LsiAgent Installer version 10.7.8 for Windows contains a local privilege escalation vulnerability which allows attackers SYSTEM level access. | ||||
| CVE-2025-70030 | 2 Sunbird, Sunbird-ed | 2 Sunbirded-portal, Sunbirded-portal | 2026-04-01 | 7.5 High |
| An issue pertaining to CWE-1333: Inefficient Regular Expression Complexity (4.19) was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4. | ||||
| CVE-2025-70031 | 2 Sunbird, Sunbird-ed | 2 Sunbirded-portal, Sunbirded-portal | 2026-04-01 | 8.8 High |
| An issue pertaining to CWE-352: Cross-Site Request Forgery was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4. | ||||
| CVE-2025-70028 | 2 Sunbird, Sunbird-ed | 2 Sunbirded-portal, Sunbirded-portal | 2026-04-01 | 7.5 High |
| An issue pertaining to CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4. | ||||
| CVE-2026-5045 | 1 Tenda | 2 Fh1201, Fh1201 Firmware | 2026-04-01 | 8.8 High |
| A vulnerability was detected in Tenda FH1201 1.2.0.14(408). This impacts the function WrlclientSet of the file /goform/WrlclientSet of the component Parameter Handler. Performing a manipulation of the argument GO results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used. | ||||
| CVE-2026-33572 | 1 Openclaw | 1 Openclaw | 2026-04-01 | 8.4 High |
| OpenClaw before 2026.2.17 creates session transcript JSONL files with overly broad default permissions, allowing local users to read transcript contents. Attackers with local access can read transcript files to extract sensitive information including secrets from tool output. | ||||
| CVE-2026-32974 | 1 Openclaw | 1 Openclaw | 2026-04-01 | 8.6 High |
| OpenClaw before 2026.3.12 contains an authentication bypass vulnerability in Feishu webhook mode when only verificationToken is configured without encryptKey, allowing acceptance of forged events. Unauthenticated network attackers can inject forged Feishu events and trigger downstream tool execution by reaching the webhook endpoint. | ||||
| CVE-2025-70029 | 2 Sunbird, Sunbird-ed | 2 Sunbirded-portal, Sunbirded-portal | 2026-04-01 | 7.5 High |
| An issue in Sunbird-Ed SunbirdEd-portal v1.13.4 allows attackers to obtain sensitive information. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in HTTP request options | ||||
| CVE-2026-31958 | 1 Tornadoweb | 1 Tornado | 2026-04-01 | 7.5 High |
| Tornado is a Python web framework and asynchronous networking library. In versions of Tornado prior to 6.5.5, the only limit on the number of parts in multipart/form-data is the max_body_size setting (default 100MB). Since parsing occurs synchronously on the main thread, this creates the possibility of denial-of-service due to the cost of parsing very large multipart bodies with many parts. This vulnerability is fixed in 6.5.5. | ||||
| CVE-2026-5190 | 1 Aws | 1 Aws-c-event-stream | 2026-04-01 | 7.5 High |
| Out-of-bounds write in the streaming decoder component in aws-c-event-stream before 0.6.0 might allow a third party operating a server to cause memory corruption leading to arbitrary code execution on a client application that processes crafted event-stream messages. To remediate this issue, users should upgrade to version 0.6.0 or later. | ||||
| CVE-2025-67937 | 3 Mikado-themes, Qodeinteractive, Wordpress | 3 Hendon, Hendon, Wordpress | 2026-04-01 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Hendon hendon allows PHP Local File Inclusion.This issue affects Hendon: from n/a through < 1.7. | ||||
| CVE-2025-67936 | 3 Mikado-themes, Qodeinteractive, Wordpress | 3 Curly, Curly, Wordpress | 2026-04-01 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Curly curly allows PHP Local File Inclusion.This issue affects Curly: from n/a through < 3.3. | ||||
| CVE-2025-67935 | 3 Mikado-themes, Qodeinteractive, Wordpress | 3 Optimize, Optimize, Wordpress | 2026-04-01 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Optimize optimizewp allows PHP Local File Inclusion.This issue affects Optimize: from n/a through < 2.4. | ||||
| CVE-2025-64258 | 2 Wordpress, Wpwebelite | 2 Wordpress, Follow My Blog Post | 2026-04-01 | 7.5 High |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in wpweb Follow My Blog Post follow-my-blog-post allows Retrieve Embedded Sensitive Data.This issue affects Follow My Blog Post: from n/a through <= 2.3.9. | ||||
| CVE-2025-64224 | 2 Themegoods, Wordpress | 2 Grand Conference, Wordpress | 2026-04-01 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Grand Conference Theme Custom Post Type grandconference-custom-post allows Reflected XSS.This issue affects Grand Conference Theme Custom Post Type: from n/a through < 2.6.4. | ||||
| CVE-2025-64196 | 3 Booster, Pluggabl, Wordpress | 3 Booster For Woocommerce, Booster For Woocommerce, Wordpress | 2026-04-01 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Reflected XSS.This issue affects Booster for WooCommerce: from n/a through <= 7.2.5. | ||||
| CVE-2025-59564 | 2 Thememove, Wordpress | 2 Edumall, Wordpress | 2026-04-01 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove EduMall edumall allows PHP Local File Inclusion.This issue affects EduMall: from n/a through < 4.4.5. | ||||
| CVE-2025-59558 | 2 Thememove, Wordpress | 2 Billey, Wordpress | 2026-04-01 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Billey billey allows PHP Local File Inclusion.This issue affects Billey: from n/a through < 2.1.6. | ||||