Export limit exceeded: 346314 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346314 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-58847 | 2026-04-23 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Yaidier WN Flipbox Pro wn-flipbox-pro allows Reflected XSS.This issue affects WN Flipbox Pro: from n/a through <= 2.1. | ||||
| CVE-2025-58846 | 2026-04-23 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Dejan Markovic WordPress Buffer – HYPESocial. Social Media Auto Post, Social Media Auto Publish and Schedule buffer-my-post allows Reflected XSS.This issue affects WordPress Buffer – HYPESocial. Social Media Auto Post, Social Media Auto Publish and Schedule: from n/a through <= 2020.1.0. | ||||
| CVE-2025-58845 | 2026-04-23 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in ChrisHurst Bulk Watermark bulk-watermark allows Reflected XSS.This issue affects Bulk Watermark: from n/a through <= 1.6.10. | ||||
| CVE-2025-58844 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Subhash Kumar Database to Excel database-to-excel allows Stored XSS.This issue affects Database to Excel: from n/a through <= 1.0. | ||||
| CVE-2025-58843 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in David Merinas Auto Last Youtube Video auto-last-youtube-video allows Stored XSS.This issue affects Auto Last Youtube Video: from n/a through <= 1.0.7. | ||||
| CVE-2025-58842 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in givecloud Donation Forms WP by Givecloud donation-forms-by-givecloud allows Stored XSS.This issue affects Donation Forms WP by Givecloud: from n/a through <= 1.0.9. | ||||
| CVE-2025-58841 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 5.5 Medium |
| Incorrect Privilege Assignment vulnerability in John Luetke Media Author media-author allows Privilege Escalation.This issue affects Media Author: from n/a through <= 1.0.4. | ||||
| CVE-2025-58840 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ibnul H. Custom Team Manager custom-team-manager allows Stored XSS.This issue affects Custom Team Manager: from n/a through <= 2.4.2. | ||||
| CVE-2025-58839 | 2026-04-23 | 7.2 High | ||
| Deserialization of Untrusted Data vulnerability in aThemeArt Translations eDS Responsive Menu eds-responsive-menu allows Object Injection.This issue affects eDS Responsive Menu: from n/a through <= 1.2. | ||||
| CVE-2025-58838 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zakir Smooth Accordion smooth-accordion allows Stored XSS.This issue affects Smooth Accordion: from n/a through <= 2.1. | ||||
| CVE-2025-58837 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shiful H SS Font Awesome Icon ss-font-awesome-icon allows Stored XSS.This issue affects SS Font Awesome Icon: from n/a through <= 4.1.3. | ||||
| CVE-2026-5928 | 2 Gnu, The Gnu C Library | 2 Glibc, Glibc | 2026-04-23 | 7.5 High |
| Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version 2.43 or earlier, may result in an attempt to read bytes before an allocated buffer, potentially resulting in unintentional disclosure of neighboring data in the heap, or a program crash. A bug in the wide character pushback implementation (_IO_wdefault_pbackfail in libio/wgenops.c) causes ungetwc() to operate on the regular character buffer (fp->_IO_read_ptr) instead of the actual wide-stream read pointer (fp->_wide_data->_IO_read_ptr). The program crash may happen in cases where fp->_IO_read_ptr is not initialized and hence points to NULL. The buffer under-read requires a special situation where the input character encoding is such that there are overlaps between single byte representations and multibyte representations in that encoding, resulting in spurious matches. The spurious match case is not possible in the standard Unicode character sets. | ||||
| CVE-2025-58836 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Franz Wieser FW Anker fw-anker allows Stored XSS.This issue affects FW Anker: from n/a through <= 1.2.6. | ||||
| CVE-2025-58835 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 5.3 Medium |
| Improper Validation of Specified Quantity in Input vulnerability in calliko Bonus for Woo bonus-for-woo allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bonus for Woo: from n/a through <= 7.6.6. | ||||
| CVE-2025-58834 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gugu short.io wp-shortcm allows DOM-Based XSS.This issue affects short.io: from n/a through <= 2.4.2. | ||||
| CVE-2025-58833 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in INVELITY Invelity MyGLS connect invelity-mygls-connect allows Object Injection.This issue affects Invelity MyGLS connect: from n/a through <= 1.1.1. | ||||
| CVE-2025-58832 | 2026-04-23 | 5.9 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webvitaly Search by Google search-google allows Stored XSS.This issue affects Search by Google: from n/a through <= 1.9. | ||||
| CVE-2025-58831 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in snagysandor Parallax Scrolling Enllax.js parallax-scrolling-enllax-js allows Cross Site Request Forgery.This issue affects Parallax Scrolling Enllax.js: from n/a through <= 0.0.6. | ||||
| CVE-2025-58830 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in snagysandor Parallax Scrolling Enllax.js parallax-scrolling-enllax-js allows Stored XSS.This issue affects Parallax Scrolling Enllax.js: from n/a through <= 0.0.6. | ||||
| CVE-2025-58829 | 2026-04-23 | 4.9 Medium | ||
| Server-Side Request Forgery (SSRF) vulnerability in aitool Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One ai-auto-tool allows Server Side Request Forgery.This issue affects Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One: from n/a through <= 2.3.3. | ||||