Export limit exceeded: 344777 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (75754 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-62924 | 2 Pickplugins, Wordpress | 2 Post Grid, Wordpress | 2026-04-15 | 8.8 High |
| Missing Authorization vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Grid and Gutenberg Blocks: from n/a through <= 2.3.17. | ||||
| CVE-2019-25330 | 1 Bimesoft | 1 Surfoffline Professional | 2026-04-15 | 7.5 High |
| SurfOffline Professional 2.2.0.103 contains a structured exception handler (SEH) overflow vulnerability that allows attackers to crash the application by manipulating the project name input. Attackers can generate a malicious payload of 382 'A' characters followed by specific byte sequences to trigger a denial of service condition and overwrite SEH registers. | ||||
| CVE-2025-62925 | 2 Conversios, Wordpress | 2 Conversios.io, Wordpress | 2026-04-15 | 8.1 High |
| Missing Authorization vulnerability in Conversios Conversios.io enhanced-e-commerce-for-woocommerce-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Conversios.io: from n/a through <= 7.2.13. | ||||
| CVE-2023-46784 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 8.2 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Server-Side Request Forgery (SSRF) vulnerability in Room 34 Creative Services, LLC ICS Calendar ics-calendar allows Absolute Path Traversal, : Server Side Request Forgery.This issue affects ICS Calendar: from n/a through 10.12.0.3. | ||||
| CVE-2025-57771 | 1 Roocode | 1 Roo-code | 2026-04-15 | 8.1 High |
| Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions prior to 3.25.5, Roo-Code fails to properly handle process substitution and single ampersand characters in the command parsing logic for auto-execute commands. If a user has enabled auto-approved execution for a command such as ls, an attacker who can submit crafted prompts to the agent may inject arbitrary commands to be executed alongside the intended command. Exploitation requires attacker access to submit prompts and for the user to have enabled auto-approved command execution, which is disabled by default. This vulnerability could allow an attacker to execute arbitrary code. The issue is fixed in version 3.25.5. | ||||
| CVE-2019-25309 | 1 Zilab Software | 1 Zilab Remote Console Server | 2026-04-15 | 7.8 High |
| Zilab Remote Console Server 3.2.9 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious executables that will be run with LocalSystem permissions. | ||||
| CVE-2019-25307 | 1 Softalk | 1 Workgroupmail | 2026-04-15 | 7.8 High |
| WorkgroupMail 7.5.1 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSystem privileges during service startup. | ||||
| CVE-2025-8565 | 2 Wordpress, Wplegalpages | 2 Wordpress, Wp Legal Pages | 2026-04-15 | 8.1 High |
| The Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on the wplp_gdpr_install_plugin_ajax_handler() function in all versions up to, and including, 3.4.3. This makes it possible for authenticated attackers, with Contributor-level access and above, to install arbitrary repository plugins. | ||||
| CVE-2025-6737 | 1 Securden | 1 Unified Pam | 2026-04-15 | 7.2 High |
| Securden’s Unified PAM Remote Vendor Gateway access portal shares infrastructure and access tokens across multiple tenants. A malicious actor can obtain authentication material and access the gateway server with low-privilege permissions. | ||||
| CVE-2019-25306 | 1 Blackmoonftpserver | 1 Blackmoon Ftp Server | 2026-04-15 | 7.8 High |
| BlackMoon FTP Server 3.1.2.1731 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to insert malicious code that would execute with LocalSystem account permissions during service startup. | ||||
| CVE-2025-64260 | 2 Marcomilesi, Wordpress | 2 Anac Xml Bandi Di Gara, Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marco Milesi ANAC XML Bandi di Gara avcp allows Reflected XSS.This issue affects ANAC XML Bandi di Gara: from n/a through <= 7.7. | ||||
| CVE-2019-25305 | 2 Hp, Inforprograma | 2 Jumpstart, Jumpstart | 2026-04-15 | 7.8 High |
| JumpStart 0.6.0.0 contains an unquoted service path vulnerability in the jswpbapi service running with LocalSystem privileges. Attackers can exploit the unquoted path containing spaces to inject and execute malicious code with elevated system permissions. | ||||
| CVE-2025-61488 | 1 Slims | 1 Senayan Library Management System | 2026-04-15 | 7.6 High |
| An issue in Senayan Library Management System (SLiMS) 9 Bulian v.9.6.1 allows a remote attacker to execute arbitrary code via the scrap_image.php component and the imageURL parameter | ||||
| CVE-2025-64256 | 2 Presstigers, Wordpress | 2 Simple Folio, Wordpress | 2026-04-15 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in PressTigers Simple Folio simple-folio allows Cross Site Request Forgery.This issue affects Simple Folio: from n/a through <= 1.1.0. | ||||
| CVE-2020-37013 | 1 Tucows | 1 Audio Playback Recorder | 2026-04-15 | 8.4 High |
| Audio Playback Recorder 3.2.2 contains a local buffer overflow vulnerability in the eject and registration parameters that allows attackers to execute arbitrary code. Attackers can craft malicious payloads and overwrite Structured Exception Handler (SEH) to execute shellcode when pasting specially crafted input into the application's input fields. | ||||
| CVE-2025-57632 | 2026-04-15 | 7.5 High | ||
| libsmb2 6.2+ is vulnerable to Buffer Overflow. When processing SMB2 chained PDUs (NextCommand), libsmb2 repeatedly calls smb2_add_iovector() to append to a fixed-size iovec array without checking the upper bound of v->niov (SMB2_MAX_VECTORS=256). An attacker can craft responses with many chained PDUs to overflow v->niov and perform heap out-of-bounds writes, causing memory corruption, crashes, and potentially arbitrary code execution. The SMB2_OPLOCK_BREAK path bypasses message ID validation. | ||||
| CVE-2025-57624 | 2026-04-15 | 7.8 High | ||
| A DLL hijacking vulnerability in CYRISMA Agent before 444 allows local users to escalate privileges and execute arbitrary code via multiple DLLs. | ||||
| CVE-2025-64254 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 8.8 High |
| Missing Authorization vulnerability in Ronald Huereca Photo Block photo-block allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Photo Block: from n/a through <= 1.5.1. | ||||
| CVE-2025-6751 | 1 Linksys | 1 E8450 | 2026-04-15 | 8.8 High |
| A vulnerability, which was classified as critical, was found in Linksys E8450 up to 1.2.00.360516. This affects the function set_device_language of the file portal.cgi of the component HTTP POST Request Handler. The manipulation of the argument dut_language leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-46809 | 2 Nodejs, Redhat | 3 Nodejs, Enterprise Linux, Rhel Eus | 2026-04-15 | 7.4 High |
| Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to the Marvin Attack - https://people.redhat.com/~hkario/marvin/, if PCKS #1 v1.5 padding is allowed when performing RSA descryption using a private key. | ||||