Export limit exceeded: 347026 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347026 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-24096 | 1 Apple | 1 Macos | 2026-04-28 | 5.5 Medium |
| This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.3. A malicious app may be able to access arbitrary files. | ||||
| CVE-2026-7279 | 2026-04-28 | 7.8 High | ||
| AVACAST developed by eMPIA Technology, has a DLL Hijacking vulnerability, allowing authenticated local attackers to place a malicious DLL in a specific directory, resulting in arbitrary code execution with system privileges when the system loads the DLL. | ||||
| CVE-2026-7280 | 2026-04-28 | 6.7 Medium | ||
| AVACAST developed by eMPIA Technology has a Unquoted Service Path vulnerability, allowing privileged local attackers to place a malicious executable file in a specific directory, resulting in arbitrary code execution with system privileges when the AVACAST service starts. | ||||
| CVE-2026-3323 | 1 Vega | 1 Vegapuls6x Pn Firmware | 2026-04-28 | 7.5 High |
| An unsecured configuration interface on affected devices allows unauthenticated remote attackers to access sensitive information, including hashed credentials and access codes. | ||||
| CVE-2026-7271 | 2026-04-28 | 5.3 Medium | ||
| A vulnerability was detected in DV0x creative-ad-agent up to 751b9e5146604dc65049bd0f62dcbdad6212f8a3. Impacted is an unknown function of the file server/sdk-server.ts of the component creative-ad-agent-server. Performing a manipulation of the argument req.params results in path traversal. Remote exploitation of the attack is possible. The exploit is now public and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The patch is named 3d255865a957f3740b8724dd914502c0f44d4970. Applying a patch is the recommended action to fix this issue. | ||||
| CVE-2026-24303 | 1 Microsoft | 1 Partner Center | 2026-04-28 | 9.6 Critical |
| Improper access control in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2026-28132 | 2 Villatheme, Wordpress | 2 Woocommerce Photo Reviews, Wordpress | 2026-04-28 | 5.3 Medium |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in villatheme WooCommerce Photo Reviews woocommerce-photo-reviews allows Code Injection.This issue affects WooCommerce Photo Reviews: from n/a through <= 1.4.4. | ||||
| CVE-2026-28133 | 2 Wordpress, Wp Chill | 2 Wordpress, Filr | 2026-04-28 | 8.5 High |
| Unrestricted Upload of File with Dangerous Type vulnerability in WP Chill Filr filr-protection allows Upload a Web Shell to a Web Server.This issue affects Filr: from n/a through <= 1.2.14. | ||||
| CVE-2026-28123 | 2 Ancorathemes, Wordpress | 2 Veil, Wordpress | 2026-04-28 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Veil veil allows PHP Local File Inclusion.This issue affects Veil: from n/a through <= 1.9. | ||||
| CVE-2026-35431 | 1 Microsoft | 2 Entra Id, Microsoft Entra Id | 2026-04-28 | 10 Critical |
| Server-side request forgery (ssrf) in Microsoft Entra ID Entitlement Management allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2026-25465 | 2 Codepeople, Wordpress | 2 Cp Multi View Event Calendar, Wordpress | 2026-04-28 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople CP Multi View Event Calendar cp-multi-view-calendar allows Stored XSS.This issue affects CP Multi View Event Calendar : from n/a through <= 1.4.37. | ||||
| CVE-2026-27066 | 2 Pi Web Solution, Wordpress | 2 Live Sales Notification For Woocommerce, Wordpress | 2026-04-28 | 5.3 Medium |
| Missing Authorization vulnerability in PI Web Solution Live sales notification for WooCommerce live-sales-notifications-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live sales notification for WooCommerce: from n/a through <= 2.3.61. | ||||
| CVE-2026-25406 | 2 Themeum, Wordpress | 2 Tutor Lms, Wordpress | 2026-04-28 | 8.1 High |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Themeum Tutor LMS Pro tutor-pro allows Authentication Abuse.This issue affects Tutor LMS Pro: from n/a through <= 3.9.8. | ||||
| CVE-2025-68864 | 2 Infility, Wordpress | 2 Infility Global, Wordpress | 2026-04-28 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Infility Infility Global infility-global allows Stored XSS.This issue affects Infility Global: from n/a through <= 2.15.12. | ||||
| CVE-2025-68005 | 2 Themewant, Wordpress | 2 Easy Hotel Booking, Wordpress | 2026-04-28 | 6.5 Medium |
| Missing Authorization vulnerability in themewant Easy Hotel Booking easy-hotel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Hotel Booking: from n/a through <= 1.9.3. | ||||
| CVE-2024-25918 | 1 Instawp | 1 Instawp Connect | 2026-04-28 | 9.9 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in InstaWP InstaWP Connect instawp-connect.This issue affects InstaWP Connect: from n/a through <= 0.1.0.8. | ||||
| CVE-2024-27191 | 2 Inpersttion, Wordpress | 2 Slivery Extender, Wordpress | 2026-04-28 | 8.5 High |
| Improper Control of Generation of Code ('Code Injection') vulnerability in inpersttion Slivery Extender slivery-extender allows Remote Code Inclusion.This issue affects Slivery Extender: from n/a through <= 1.0.2. | ||||
| CVE-2024-31375 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 5.4 Medium |
| Missing Authorization vulnerability in Saleswonder Team: Tobias WP2LEADS wp2leads.This issue affects WP2LEADS: from n/a through <= 3.2.7. | ||||
| CVE-2024-31230 | 2 Shortpixel, Wordpress | 2 Shortpixel Adaptive Images, Wordpress | 2026-04-28 | 5.3 Medium |
| Missing Authorization vulnerability in ShortPixel ShortPixel Adaptive Images shortpixel-adaptive-images.This issue affects ShortPixel Adaptive Images: from n/a through <= 3.8.2. | ||||
| CVE-2024-31278 | 1 Leap13 | 1 Premium Addons For Elementor | 2026-04-28 | 4.3 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in Leap13 Premium Addons for Elementor premium-addons-for-elementor.This issue affects Premium Addons for Elementor: from n/a through <= 4.10.22. | ||||