Export limit exceeded: 344809 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344809 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-39418 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in ajayver RSS Manager rss-manager allows Stored XSS.This issue affects RSS Manager: from n/a through <= 0.06. | ||||
| CVE-2024-3868 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.4 Medium |
| The Folders Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's First Name and Last Name in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-4041 | 2 Wordpress, Yoast | 2 Wordpress, Yoast Seo | 2026-04-15 | 6.1 Medium |
| The Yoast SEO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URLs in all versions up to, and including, 22.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2025-39436 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Unrestricted Upload of File with Dangerous Type vulnerability in aidraw I Draw idraw allows Using Malicious Files.This issue affects I Draw: from n/a through <= 1.0. | ||||
| CVE-2024-3915 | 1 Swift Ideas | 1 Swift Framework | 2026-04-15 | 5.3 Medium |
| The Swift Framework plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the sf_edit_directory_item() function in all versions up to, and including, 2.7.31. This makes it possible for unauthenticated attackers to update arbitrary posts with arbitrary content. Unfortunately, we did not receive a response from the vendor to send over the vulnerability details. | ||||
| CVE-2025-22844 | 2026-04-15 | 4.3 Medium | ||
| Improper access control for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an unauthenticated user to potentially enable information disclosure via adjacent access. | ||||
| CVE-2024-3929 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.4 Medium |
| The Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Widget Post Overlay block in all versions up to, and including, 3.7.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-22848 | 2026-04-15 | 3.5 Low | ||
| Improper conditions check for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable denial of service via adjacent access. | ||||
| CVE-2025-2916 | 2026-04-15 | 6.3 Medium | ||
| A vulnerability, which was classified as critical, has been found in Aishida Call Center System up to 20250314. This issue affects some unknown processing of the file /doscall/weixin/open/amr2mp3. The manipulation of the argument File leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-39437 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Boone Gorges Anthologize anthologize allows Cross Site Request Forgery.This issue affects Anthologize: from n/a through <= 0.8.3. | ||||
| CVE-2024-4039 | 2 Villatheme, Wordpress | 2 Orders Tracking For Woocommerce, Wordpress | 2026-04-15 | 6.5 Medium |
| The The Orders Tracking for WooCommerce plugin for WordPress for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.2.10. This is due to the plugin allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. A partial patch was released in 1.2.10, and a complete patch was released in 1.2.11. | ||||
| CVE-2025-22849 | 1 Intel | 1 Optane Pmem Management Software | 2026-04-15 | 6.7 Medium |
| Incorrect default permissions for the Intel(R) Optane(TM) PMem management software before versions CR_MGMT_01.00.00.3584, CR_MGMT_02.00.00.4052, CR_MGMT_03.00.00.0538 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | ||||
| CVE-2024-4095 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.4 Medium |
| The Collapse-O-Matic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'expand' and 'expandsub' shortcode in all versions up to, and including, 1.8.5.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-4102 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.4 Medium |
| The Pricing Table plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajax() function in all versions up to, and including, 2.0.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions like editing pricing tables. | ||||
| CVE-2024-4144 | 2 Wordpress, Wpkube | 2 Wordpress, Simple Basic Contact Form | 2026-04-15 | 6.5 Medium |
| The Simple Basic Contact Form plugin for WordPress for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 20240502. This allows unauthenticated attackers to execute arbitrary shortcodes. The severity and exploitability depends on the functionality of other plugins installed in the environment. | ||||
| CVE-2025-22854 | 2026-04-15 | N/A | ||
| Improper handling of non-200 http responses in the PingFederate Google Adapter leads to thread exhaustion under normal usage conditions. | ||||
| CVE-2025-39438 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in momen2009 Theme Changer theme-changer allows Cross Site Request Forgery.This issue affects Theme Changer: from n/a through <= 1.4. | ||||
| CVE-2025-22867 | 2026-04-15 | 7.5 High | ||
| On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the @executable_path, @loader_path, or @rpath special values in a "#cgo LDFLAGS" directive. This issue only affected go1.24rc2. | ||||
| CVE-2025-39440 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Rajesh Broken Links Remover broken-links-remover allows Stored XSS.This issue affects Broken Links Remover: from n/a through <= 1.2.2. | ||||
| CVE-2026-25308 | 2 Wordpress, Wp.insider | 2 Wordpress, Simple Membership | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in wp.insider Simple Membership simple-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Membership: from n/a through <= 4.6.9. | ||||