Export limit exceeded: 359370 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359370 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-67614 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in foreverpinetree TheNa thena allows Reflected XSS.This issue affects TheNa: from n/a through <= 1.5.5. | ||||
| CVE-2018-25127 | 2026-04-15 | 5.3 Medium | ||
| SOCA Access Control System 180612 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft malicious web pages that submit forged requests to create admin accounts by tricking logged-in users into visiting a malicious site. | ||||
| CVE-2025-35970 | 2026-04-15 | 7.5 High | ||
| On multiple products of SEIKO EPSON and FUJIFILM Corporation, the initial administrator password is easy to guess from the information available via SNMP. If the administrator password is not changed from the initial one, a remote attacker with SNMP access can log in to the product with the administrator privilege. | ||||
| CVE-2024-10392 | 1 Aipower | 1 Aipower | 2026-04-15 | 9.8 Critical |
| The AI Power: Complete AI Pack plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handle_image_upload' function in all versions up to, and including, 1.8.89. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. | ||||
| CVE-2024-0397 | 2 Python Software Foundation, Redhat | 2 Cpython, Enterprise Linux | 2026-04-15 | 7.4 High |
| A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such as during the TLS handshake with a certificate directory configured. This issue is fixed in CPython 3.10.14, 3.11.9, 3.12.3, and 3.13.0a5. | ||||
| CVE-2024-0400 | 1 Hitachi Energy | 1 Mach Scm | 2026-04-15 | 7.5 High |
| SCM Software is a client and server application. An Authenticated System manager client can execute LINQ query in the SCM server, for customized filtering. An Authenticated malicious client can send a specially crafted code to skip the validation and execute arbitrary code (RCE) on the SCM Server remotely. Malicious clients can execute any command by using this RCE vulnerability. | ||||
| CVE-2024-0401 | 1 Asus | 17 4g-ac68u, Expertwifi, Rt-ac1900 and 14 more | 2026-04-15 | 7.2 High |
| ASUS routers supporting custom OpenVPN profiles are vulnerable to a code execution vulnerability. An authenticated and remote attacker can execute arbitrary operating system commands by uploading a crafted OVPN profile. Known affected routers include ASUS ExpertWiFi, ASUS RT-AX55, ASUS RT-AX58U, ASUS RT-AC67U, ASUS RT-AC68R, ASUS RT-AC68U, ASUS RT-AX86, ASUS RT-AC86U, ASUS RT-AX88U, and ASUS RT-AX3000. | ||||
| CVE-2025-3651 | 2026-04-15 | N/A | ||
| Improper Verification of Source of a Communication Channel in Work Desktop for Mac versions 10.8.1.46 and earlier allows attackers to execute arbitrary commands via unauthorized access to the Agent service. This has been remediated in Work Desktop for Mac version 10.8.2.33. | ||||
| CVE-2024-12372 | 2026-04-15 | N/A | ||
| A denial-of-service and possible remote code execution vulnerability exists in the Rockwell Automation Power Monitor 1000. The vulnerability results in corruption of the heap memory which may compromise the integrity of the system, potentially allowing for remote code execution or a denial-of-service attack. | ||||
| CVE-2024-10164 | 2026-04-15 | 6.4 Medium | ||
| The Premium Packages – Sell Digital Products Securely plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpdmpp_pay_link shortcode in all versions up to, and including, 5.9.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2023-49367 | 1 Kyocera | 1 Command Center Rx | 2026-04-15 | 8.8 High |
| An issue in user interface in Kyocera Command Center RX EXOSYS M5521cdn allows remote to obtain sensitive information via inspecting sent packages by user. | ||||
| CVE-2024-12373 | 2026-04-15 | N/A | ||
| A denial-of-service vulnerability exists in the Rockwell Automation Power Monitor 1000. The vulnerability results in a buffer-overflow, potentially causing denial-of-service. | ||||
| CVE-2024-10399 | 2 Wordpress, Wpchill | 2 Wordpress, Download Monitor | 2026-04-15 | 4.3 Medium |
| The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_search_users function in all versions up to, and including, 5.0.13. This makes it possible for authenticated attackers, with Subscriber-level access and above, to obtain usernames and emails of site users. | ||||
| CVE-2024-0434 | 2026-04-15 | 5.3 Medium | ||
| The WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ttbm_new_place_save' function in all versions up to, and including, 1.7.1. This makes it possible for unauthenticated attackers to create and publish new place posts. This function is also vulnerable to CSRF. | ||||
| CVE-2025-67626 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Angel Costa WP SEO Search wp-seo-search allows Cross Site Request Forgery.This issue affects WP SEO Search: from n/a through <= 1.1. | ||||
| CVE-2025-69310 | 2 Teconcetheme, Wordpress | 2 Woodly Core, Wordpress | 2026-04-15 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeconceTheme Woodly Core woodly-core allows Blind SQL Injection.This issue affects Woodly Core: from n/a through <= 1.4. | ||||
| CVE-2024-10176 | 1 Tipsandtricks-hq | 1 Compact Wp Audio Player | 2026-04-15 | 6.4 Medium |
| The Compact WP Audio Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sc_embed_player shortcode in all versions up to, and including, 1.9.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-10182 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.4 Medium |
| The Cognito Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 2.0.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-10183 | 2026-04-15 | N/A | ||
| A vulnerability in Jamf Pro's Jamf Remote Assist tool allows a local, non-privileged user to escalate their privileges to root on MacOS systems. | ||||
| CVE-2025-53417 | 1 Delta Electronics | 1 Diaview | 2026-04-15 | N/A |
| DIAView (v4.2.0 and prior) - Directory Traversal Information Disclosure Vulnerability | ||||