Export limit exceeded: 351284 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 351284 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (35283 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-40895 | 2 Follow-redirects, Follow-redirects Project | 2 Follow Redirects, Follow-redirects | 2026-04-23 | 7.5 High |
| follow-redirects is an open source, drop-in replacement for Node's `http` and `https` modules that automatically follows redirects. Prior to 1.16.0, when an HTTP request follows a cross-domain redirect (301/302/307/308), follow-redirects only strips authorization, proxy-authorization, and cookie headers (matched by regex at index.js). Any custom authentication header (e.g., X-API-Key, X-Auth-Token, Api-Key, Token) is forwarded verbatim to the redirect target. This vulnerability is fixed in 1.16.0. | ||||
| CVE-2025-31560 | 1 Salonbookingsystem | 1 Salon Booking System | 2026-04-23 | 7.2 High |
| Incorrect Privilege Assignment vulnerability in Dimitri Grassi Salon booking system salon-booking-system allows Privilege Escalation.This issue affects Salon booking system: from n/a through < 10.15. | ||||
| CVE-2024-56043 | 2 Vibethemes, Wordpress | 2 Wordpress Learning Management System, Wordpress | 2026-04-23 | 9.8 Critical |
| Incorrect Privilege Assignment vulnerability in VibeThemes WPLMS wplms_plugin allows Privilege Escalation.This issue affects WPLMS: from n/a through <= 1.9.9. | ||||
| CVE-2024-49608 | 1 Gerryntabuhashe | 1 Gerryworks Post By Mail | 2026-04-23 | 8.8 High |
| Incorrect Privilege Assignment vulnerability in gerryworks GERRYWORKS Post by Mail gerryworks-post-by-mail allows Privilege Escalation.This issue affects GERRYWORKS Post by Mail: from n/a through <= 1.0. | ||||
| CVE-2024-43283 | 1 Contest-gallery | 1 Contest Gallery | 2026-04-23 | 5.3 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery.This issue affects Contest Gallery: from n/a through <= 23.1.2. | ||||
| CVE-2024-43264 | 1 Mediavine | 1 Create | 2026-04-23 | 5.3 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in mischiefmarmot Create by Mediavine mediavine-create.This issue affects Create by Mediavine: from n/a through <= 1.9.8. | ||||
| CVE-2024-43259 | 2 Jem-products, Jem Plugins | 2 Order Export For Woocommerce, Order Expert For Woocommerce | 2026-04-23 | 5.3 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in WebFactory Order Export for WooCommerce order-export-and-more-for-woocommerce.This issue affects Order Export for WooCommerce: from n/a through <= 3.23. | ||||
| CVE-2024-43240 | 1 Wpindeed | 1 Ultimate Membership Pro | 2026-04-23 | 9.4 Critical |
| Improper Authentication vulnerability in azzaroco Ultimate Membership Pro indeed-membership-pro.This issue affects Ultimate Membership Pro: from n/a through <= 12.7. | ||||
| CVE-2024-43230 | 2 Sharedfilespro, Tammersoft | 2 Shared Files, Shared Files | 2026-04-23 | 5.3 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in Anssi Laitila Shared Files shared-files.This issue affects Shared Files: from n/a through <= 1.7.28. | ||||
| CVE-2024-35700 | 1 Userproplugin | 1 Userpro | 2026-04-23 | 9.8 Critical |
| Incorrect Privilege Assignment vulnerability in DeluxeThemes Userpro userpro.This issue affects Userpro: from n/a through <= 5.1.8. | ||||
| CVE-2024-32959 | 2 Sirv, Wordpress | 2 Sirv, Wordpress | 2026-04-23 | 8.8 High |
| Incorrect Privilege Assignment vulnerability in Sirv CDN and Image Hosting Sirv sirv.This issue affects Sirv: from n/a through <= 7.2.2. | ||||
| CVE-2024-32782 | 1 Hasthemes | 1 Ht Mega | 2026-04-23 | 4.3 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in DevItems HT Mega ht-mega-for-elementor.This issue affects HT Mega: from n/a through <= 2.4.7. | ||||
| CVE-2024-23506 | 1 Instawp | 1 Instawp Connect | 2026-04-23 | 7.7 High |
| Insertion of Sensitive Information Into Sent Data vulnerability in InstaWP InstaWP Connect instawp-connect.This issue affects InstaWP Connect: from n/a through <= 0.1.0.9. | ||||
| CVE-2024-1435 | 1 Tainacan | 1 Tainacan | 2026-04-23 | 5.3 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in tainacan Tainacan tainacan.This issue affects Tainacan: from n/a through <= 0.20.6. | ||||
| CVE-2024-1250 | 1 Gitlab | 1 Gitlab | 2026-04-23 | 6.5 Medium |
| An issue has been discovered in GitLab EE affecting all versions starting from 16.8 before 16.8.2. When a user is assigned a custom role with manage_group_access_tokens permission, they may be able to create group access tokens with Owner privileges, which may lead to privilege escalation. | ||||
| CVE-2023-5963 | 1 Gitlab | 1 Gitlab | 2026-04-23 | 3.1 Low |
| An issue has been discovered in GitLab EE with Advanced Search affecting all versions from 13.9 to 16.3.6, 16.4 prior to 16.4.2 and 16.5 prior to 16.5.1 that could allow a denial of service in the Advanced Search function by chaining too many syntax operators. | ||||
| CVE-2023-5831 | 1 Gitlab | 1 Gitlab | 2026-04-23 | 3.7 Low |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.0 before 16.3.6, all versions starting from 16.4 before 16.4.2, and all versions starting from 16.5.0 before 16.5.1 which have the `super_sidebar_logged_out` feature flag enabled. Affected versions with this default-disabled feature flag enabled may unintentionally disclose GitLab version metadata to unauthorized actors. | ||||
| CVE-2023-5226 | 1 Gitlab | 1 Gitlab | 2026-04-23 | 4.8 Medium |
| An issue has been discovered in GitLab affecting all versions before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. Under certain circumstances, a malicious actor bypass prohibited branch checks using a specially crafted branch name to manipulate repository content in the UI. | ||||
| CVE-2007-6319 | 1 Lyris | 1 List Manager | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in Lyris ListManager 8.x before 8.95d, 9.2 before 9.2c, and 9.3 before 9.3b allow remote attackers to (1) gain list administrator privileges or (2) access arbitrary mailing lists via unknown vectors related to modification of client-side information; and (3) allow remote authenticated administrators to modify other account data by creating "new accounts that collide with existing accounts." | ||||
| CVE-2009-1152 | 1 Siemens | 1 Gigaset Se461 Wimax Router | 2026-04-23 | N/A |
| Siemens Gigaset SE461 WiMAX router 1.5-BL024.9.6401, and possibly other versions, allows remote attackers to cause a denial of service (device restart and loss of configuration) by connecting to TCP port 53, then closing the connection. | ||||