Export limit exceeded: 347197 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347197 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-40979 | 1 Spring | 1 Spring | 2026-04-29 | 6.1 Medium |
| In Spring AI, having access to a shared environment can expose the ONNX model used by the application. Affected versions: Spring AI: 1.0.0 - 1.0.5 (fixed in 1.0.6), 1.1.0 - 1.1.4 (fixed in 1.1.5) | ||||
| CVE-2026-40980 | 1 Spring | 1 Spring | 2026-04-29 | 6.5 Medium |
| In Spring AI, a malicious PDF file can be crafted that triggers the allocation of unreasonable amounts of memory when handled by `ForkPDFLayoutTextStripper`. Affected versions: Spring AI: 1.0.0 - 1.0.5 (fixed in 1.0.6), 1.1.0 - 1.1.4 (fixed in 1.1.5) | ||||
| CVE-2026-7309 | 1 Redhat | 2 Openshift, Openshift Container Platform | 2026-04-29 | 4.3 Medium |
| A flaw was found in the OpenShift Container Platform build system. A user with the `edit` ClusterRole can inject arbitrary environment variables, such as `LD_PRELOAD` or `http_proxy`, into `docker-build` containers through the `buildconfigs/instantiate` API. This incomplete fix for a previous vulnerability allows for information disclosure, specifically impacting the confidentiality of build traffic. | ||||
| CVE-2026-40968 | 1 Spring | 1 Spring | 2026-04-29 | 4.3 Medium |
| When an authenticated user is denied access to a gRPC method, their authenticated identity remains bound to the gRPC worker thread and can be inherited by a subsequent unauthenticated request on the same thread. This may allow the subsequent user to gain escalated permissions. Affected versions: Spring gRPC: 1.0.0 - 1.0.2 (fixed in 1.0.3). Older, unsupported versions are also affected. | ||||
| CVE-2026-40969 | 1 Spring | 1 Spring | 2026-04-29 | 3.7 Low |
| The raw message of every server-side AuthenticationException is returned to the unauthenticated remote caller in the gRPC status description. This allows an attacker to obtain information about the authentication failure, which may be useful for further attacks. Affected versions: Spring gRPC: 1.0.0 - 1.0.2 (fixed in 1.0.3). Older, unsupported versions are also affected. | ||||
| CVE-2026-7290 | 1 Jeecg | 1 Jeecgboot | 2026-04-29 | 6.3 Medium |
| A vulnerability was determined in JeecgBoot up to 3.9.1. Impacted is the function SqlInjectionUtil of the file jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/SqlInjectionUtil.java of the component loadDict Endpoint. This manipulation of the argument keyword causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. Patch name: a9c8e8eb1185751c4c3c68d2a53f3dadee9edc6b. To fix this issue, it is recommended to deploy a patch. | ||||
| CVE-2025-22285 | 2026-04-29 | N/A | ||
| Missing Authorization vulnerability in enituretechnology Pallet Packaging for WooCommerce pallet-packaging-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pallet Packaging for WooCommerce: from n/a through <= 1.1.15. | ||||
| CVE-2025-68029 | 2 Wordpress, Wpswings | 2 Wordpress, Wallet System For Woocommerce | 2026-04-29 | N/A |
| Insertion of Sensitive Information Into Sent Data vulnerability in WP Swings Wallet System for WooCommerce wallet-system-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects Wallet System for WooCommerce: from n/a through <= 2.7.3. | ||||
| CVE-2025-63030 | 1 Wordpress | 1 Wordpress | 2026-04-29 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Saad Iqbal New User Approve new-user-approve allows Cross Site Request Forgery.This issue affects New User Approve: from n/a through <= 3.2.3. | ||||
| CVE-2025-22287 | 2026-04-29 | 5.4 Medium | ||
| Missing Authorization vulnerability in enituretechnology LTL Freight Quotes – FreightQuote Edition ltl-freight-quotes-freightquote-edition allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LTL Freight Quotes – FreightQuote Edition: from n/a through <= 2.3.11. | ||||
| CVE-2026-40778 | 2 Majesticsupport, Wordpress | 2 Majestic Support, Wordpress | 2026-04-29 | 5.3 Medium |
| Missing Authorization vulnerability in Majestic Support Majestic Support majestic-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Majestic Support: from n/a through <= 1.1.2. | ||||
| CVE-2026-40784 | 2 Mahmudul Hasan Arif, Wordpress | 2 Fluentboards, Wordpress | 2026-04-29 | 8.1 High |
| Authorization Bypass Through User-Controlled Key vulnerability in Mahmudul Hasan Arif FluentBoards fluent-boards allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FluentBoards: from n/a through <= 1.91.2. | ||||
| CVE-2026-40786 | 2 Long Watch Studio, Wordpress | 2 Myrewards, Wordpress | 2026-04-29 | 4.3 Medium |
| Missing Authorization vulnerability in Long Watch Studio MyRewards woorewards allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MyRewards: from n/a through <= 5.7.3. | ||||
| CVE-2026-40742 | 2 Neliosoftware, Wordpress | 2 Nelio Ab Testing, Wordpress | 2026-04-29 | 5.3 Medium |
| Missing Authorization vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nelio AB Testing: from n/a through <= 8.2.8. | ||||
| CVE-2026-40764 | 2 Syed Balkhi, Wordpress | 2 Contact Form By Wpforms, Wordpress | 2026-04-29 | 8.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Syed Balkhi Contact Form by WPForms wpforms-lite allows Cross Site Request Forgery.This issue affects Contact Form by WPForms: from n/a through <= 1.10.0.2. | ||||
| CVE-2026-40728 | 2 Blockart, Wordpress | 2 Magazine Blocks, Wordpress | 2026-04-29 | 4.3 Medium |
| Missing Authorization vulnerability in BlockArt Magazine Blocks magazine-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Magazine Blocks: from n/a through <= 1.8.3. | ||||
| CVE-2026-40729 | 2 Bplugins, Wordpress | 2 3d Viewer – Embed 3d Models, Wordpress | 2026-04-29 | 4.3 Medium |
| Missing Authorization vulnerability in bPlugins 3D viewer – Embed 3D Models 3d-viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 3D viewer – Embed 3D Models: from n/a through <= 1.8.5. | ||||
| CVE-2026-39701 | 2 Andrew, Wordpress | 2 Shopwp, Wordpress | 2026-04-29 | 5.3 Medium |
| Missing Authorization vulnerability in Andrew ShopWP wpshopify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShopWP: from n/a through <= 5.2.4. | ||||
| CVE-2026-39704 | 2 Nfusionsolutions, Wordpress | 2 Precious Metals Automated Product Pricing – Pro, Wordpress | 2026-04-29 | 5.3 Medium |
| Missing Authorization vulnerability in nfusionsolutions Precious Metals Automated Product Pricing – Pro precious-metals-automated-product-pricing-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Precious Metals Automated Product Pricing – Pro: from n/a through <= 4.0.5. | ||||
| CVE-2026-39706 | 2 Netro Systems, Wordpress | 2 Make My Trivia, Wordpress | 2026-04-29 | 5.3 Medium |
| Missing Authorization vulnerability in Netro Systems Make My Trivia trivialy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Make My Trivia: from n/a through <= 1.1.0. | ||||