Export limit exceeded: 346602 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346602 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-22155 | 2 Automattic, Wordpress | 2 Woocommerce, Wordpress | 2026-04-15 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Automattic WooCommerce.This issue affects WooCommerce: from n/a through 8.5.2. | ||||
| CVE-2024-22149 | 2026-04-15 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Oliver Seidel, Bastian Germann CformsII allows Stored XSS.This issue affects CformsII: from n/a through 15.0.5. | ||||
| CVE-2024-22139 | 2026-04-15 | 3.7 Low | ||
| Authentication Bypass by Spoofing vulnerability in Filipe Seabra WordPress Manutenção allows Functionality Bypass.This issue affects WordPress Manutenção: from n/a through 1.0.6. | ||||
| CVE-2024-22054 | 1 Ubiquiti | 1 Unifi Uap Firmware | 2026-04-15 | 7.5 High |
| A malformed discovery packet sent by a malicious actor with preexisting access to the network could interrupt the functionality of device management and discovery. Affected Products: UniFi Access Points UniFi Switches UniFi LTE Backup UniFi Express (Only Mesh Mode, Router mode is not affected) Mitigation: Update UniFi Access Points to Version 6.6.55 or later. Update UniFi Switches to Version 6.6.61 or later. Update UniFi LTE Backup to Version 6.6.57 or later. Update UniFi Express to Version 3.2.5 or later. | ||||
| CVE-2024-2052 | 2026-04-15 | 7.5 High | ||
| CWE-552: Files or Directories Accessible to External Parties vulnerability exists that could allow unauthenticated files and logs exfiltration and download of files when an attacker modifies the URL to download to a different location. | ||||
| CVE-2024-4693 | 1 Redhat | 2 Advanced Virtualization, Enterprise Linux | 2026-04-15 | 5.5 Medium |
| A flaw was found in the QEMU Virtio PCI Bindings (hw/virtio/virtio-pci.c). An improper release and use of the irqfd for vector 0 during the boot process leads to a guest triggerable crash via vhost_net_stop(). This flaw allows a malicious guest to crash the QEMU process on the host. | ||||
| CVE-2024-8874 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.1 Medium |
| The AJAX Login and Registration modal popup + inline form plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.24. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2025-11645 | 2 Google, Tomofun | 2 Android, Furbo Mobile App | 2026-04-15 | 2.4 Low |
| A security vulnerability has been detected in Tomofun Furbo Mobile App up to 7.57.0a on Android. This affects an unknown part of the component Authentication Token Handler. The manipulation leads to insecure storage of sensitive information. It is possible to launch the attack on the physical device. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-46939 | 2026-04-15 | N/A | ||
| The game extension engine of versions 1.2.7.0 and earlier exposes some components, and attackers can construct parameters to perform path traversal attacks, which can overwrite local specific files | ||||
| CVE-2024-20821 | 2026-04-15 | 4.4 Medium | ||
| A vulnerability possible to reconfigure OTP allows local attackers to transit RMA(Return Merchandise Authorization) mode, which disables security features. This attack needs additional privilege to control TEE. | ||||
| CVE-2024-46957 | 1 Mellium | 1 Xmpp | 2026-04-15 | 9.8 Critical |
| Mellium mellium.im/xmpp 0.0.1 through 0.21.4 allows response spoofing if the implementation uses predictable IDs because the stanza type is not checked. This is fixed in 0.22.0. | ||||
| CVE-2024-8893 | 2026-04-15 | 7.3 High | ||
| Use of Hard-coded Credentials vulnerability in GoodWe Technologies Co., Ltd. GW1500‑XS allows anyone in physical proximity to the device to fully access the web interface of the inverter via Wi‑Fi.This issue affects GW1500‑XS: 1.1.2.1. | ||||
| CVE-2025-1165 | 2026-04-15 | 7.3 High | ||
| A vulnerability, which was classified as critical, was found in Lumsoft ERP 8. Affected is the function DoUpload/DoWebUpload of the file /Api/FileUploadApi.ashx. The manipulation of the argument file leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-20886 | 2026-04-15 | 6.2 Medium | ||
| Arbitrary directory creation in Samsung Live Wallpaper PC prior to version 3.3.8.0 allows attacker to create arbitrary directory. | ||||
| CVE-2024-4696 | 1 Lenovo | 1 Service Bridge | 2026-04-15 | 7.5 High |
| A privilege escalation vulnerability was reported in Lenovo Service Bridge prior to version 5.0.2.17 that could allow operating system commands to be executed if a specially crafted link is visited. | ||||
| CVE-2024-8894 | 2026-04-15 | N/A | ||
| Out-of-bounds Write vulnerability was discovered in Open Design Alliance Drawings SDK before 2025.10. Reading crafted DWF file and missing proper checks on received SectionIterator data can trigger an unhandled exception. This can allow attackers to cause a crash, potentially enabling a denial-of-service attack (Crash, Exit, or Restart) or possible code execution. | ||||
| CVE-2025-11654 | 2026-04-15 | 7.3 High | ||
| A vulnerability was identified in yousaf530 Inferno Online Clothing Store up to 827dd42bfbe380e8de76fdc67958c24cf1246208. The affected element is an unknown function of the file /log.php. Such manipulation of the argument cemail/password leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-2097 | 1 Hitachienergy | 1 Modular Advanced Control For Hvdc | 2026-04-15 | 7 High |
| An authenticated malicious client can send a special LINQ query to execute arbitrary code remotely (RCE) on the SCM server from List control, and execute the arbitrary code on the same system where SCMArchivedEventViewerTool is installed in the case of SCM Tools. | ||||
| CVE-2024-2104 | 1 Jbl | 2 Live Pro 2 Tws, Tune Flex | 2026-04-15 | 8.8 High |
| Due to improper BLE security configurations on the device's GATT server, an adjacent unauthenticated attacker can read and write device control commands through the mobile app service wich could render the device unusable. | ||||
| CVE-2024-46960 | 1 Asdcom | 1 Hd Video Downloader | 2026-04-15 | 8.8 High |
| The ASD com.rocks.video.downloader (aka HD Video Downloader All Format) application through 7.0.129 for Android allows an attacker to execute arbitrary JavaScript code via the com.rocks.video.downloader.MainBrowserActivity component. | ||||