Export limit exceeded: 75939 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (75939 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-2785 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-04-15 | 8.8 High |
| Invalid pointer in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. | ||||
| CVE-2026-2786 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-04-15 | 8.8 High |
| Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. | ||||
| CVE-2026-2787 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-04-15 | 8.8 High |
| Use-after-free in the DOM: Window and Location component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. | ||||
| CVE-2026-2789 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-04-15 | 8.8 High |
| Use-after-free in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. | ||||
| CVE-2026-2790 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-04-15 | 8.8 High |
| Same-origin policy bypass in the Networking: JAR component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. | ||||
| CVE-2026-2795 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-04-15 | 8.8 High |
| Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 148 and Thunderbird 148. | ||||
| CVE-2026-2797 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-04-15 | 8.8 High |
| Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 148 and Thunderbird 148. | ||||
| CVE-2026-2798 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-04-15 | 8.8 High |
| Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148 and Thunderbird 148. | ||||
| CVE-2026-2799 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-04-15 | 8.8 High |
| Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148 and Thunderbird 148. | ||||
| CVE-2026-35632 | 1 Openclaw | 1 Openclaw | 2026-04-15 | 7.1 High |
| OpenClaw through 2026.2.22 contains a symlink traversal vulnerability in agents.create and agents.update handlers that use fs.appendFile on IDENTITY.md without symlink containment checks. Attackers with workspace access can plant symlinks to append attacker-controlled content to arbitrary files, enabling remote code execution via crontab injection or unauthorized access via SSH key manipulation. | ||||
| CVE-2019-25575 | 2 Simplepresscms, Sourceforge | 2 Simplepress Cms, Simplepress Cms | 2026-04-15 | 8.2 High |
| SimplePress CMS 1.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'p' and 's' parameters. Attackers can send GET requests with crafted SQL payloads to extract sensitive database information including usernames, database names, and version details. | ||||
| CVE-2019-25576 | 1 Keplerwallpapers | 1 Kepler Wallpaper Script | 2026-04-15 | 8.2 High |
| Kepler Wallpaper Script 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the category parameter. Attackers can send GET requests to the category endpoint with URL-encoded SQL UNION statements to extract database information including usernames, database names, and MySQL version details. | ||||
| CVE-2026-2801 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-04-15 | 7.5 High |
| Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148 and Thunderbird 148. | ||||
| CVE-2026-2803 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-04-15 | 7.5 High |
| Information disclosure, mitigation bypass in the Settings UI component. This vulnerability was fixed in Firefox 148 and Thunderbird 148. | ||||
| CVE-2026-22719 | 1 Vmware | 4 Aria Operations, Cloud Foundation, Telco Cloud Infrastructure and 1 more | 2026-04-15 | 8.1 High |
| VMware Aria Operations contains a command injection vulnerability. A malicious unauthenticated actor may exploit this issue to execute arbitrary commands which may lead to remote code execution in VMware Aria Operations while support-assisted product migration is in progress. To remediate CVE-2026-22719, apply the patches listed in the 'Fixed Version' column of the ' Response Matrix https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 ' in VMSA-2026-0001 Workarounds for CVE-2026-22719 are documented in the 'Workarounds' column of the ' Response Matrix https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 ' in VMSA-2026-0001 | ||||
| CVE-2026-22720 | 1 Vmware | 4 Aria Operations, Cloud Foundation, Telco Cloud Infrastructure and 1 more | 2026-04-15 | 8 High |
| VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with privileges to create custom benchmarks may be able to inject script to perform administrative actions in VMware Aria Operations. To remediate CVE-2026-22720, apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' of VMSA-2026-0001 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947https:// . | ||||
| CVE-2026-1779 | 2 Wordpress, Wpeverest | 2 Wordpress, User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | 2026-04-15 | 8.1 High |
| The User Registration & Membership plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.2. This is due to incorrect authentication in the 'register_member' function. This makes it possible for unauthenticated attackers to log in a newly registered user on the site who has the 'urm_user_just_created' user meta set. | ||||
| CVE-2026-2428 | 2 Techjewel, Wordpress | 2 Fluent Forms Pro Add On Pack, Wordpress | 2026-04-15 | 7.5 High |
| The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in all versions up to, and including, 6.1.17. This is due to the PayPal IPN (Instant Payment Notification) verification being disabled by default (`disable_ipn_verification` defaults to `'yes'` in `PayPalSettings.php`). This makes it possible for unauthenticated attackers to send forged PayPal IPN notifications to the publicly accessible IPN endpoint, marking unpaid form submissions as "paid" and triggering post-payment automation (emails, access grants, digital product delivery). | ||||
| CVE-2026-1566 | 2 Latepoint, Wordpress | 2 Latepoint – Calendar Booking Plugin For Appointments And Events, Wordpress | 2026-04-15 | 8.8 High |
| The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 5.2.7. This is due to the plugin allowing users with a LatePoint Agent role, who are creating new customers to set the 'wordpress_user_id' field. This makes it possible for authenticated attackers, with Agent-level access and above, to gain elevated privileges by linking a customer to the arbitrary user ID, including administrators, and then resetting the password. | ||||
| CVE-2026-2448 | 2 Gpriday, Wordpress | 2 Page Builder By Siteorigin, Wordpress | 2026-04-15 | 8.8 High |
| The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.33.5 via the locate_template() function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | ||||