Export limit exceeded: 347145 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347145 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-28132 | 2 Villatheme, Wordpress | 2 Woocommerce Photo Reviews, Wordpress | 2026-04-28 | 5.3 Medium |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in villatheme WooCommerce Photo Reviews woocommerce-photo-reviews allows Code Injection.This issue affects WooCommerce Photo Reviews: from n/a through <= 1.4.4. | ||||
| CVE-2026-28133 | 2 Wordpress, Wp Chill | 2 Wordpress, Filr | 2026-04-28 | 8.5 High |
| Unrestricted Upload of File with Dangerous Type vulnerability in WP Chill Filr filr-protection allows Upload a Web Shell to a Web Server.This issue affects Filr: from n/a through <= 1.2.14. | ||||
| CVE-2026-28123 | 2 Ancorathemes, Wordpress | 2 Veil, Wordpress | 2026-04-28 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Veil veil allows PHP Local File Inclusion.This issue affects Veil: from n/a through <= 1.9. | ||||
| CVE-2026-35431 | 1 Microsoft | 2 Entra Id, Microsoft Entra Id | 2026-04-28 | 10 Critical |
| Server-side request forgery (ssrf) in Microsoft Entra ID Entitlement Management allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2024-25918 | 1 Instawp | 1 Instawp Connect | 2026-04-28 | 9.9 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in InstaWP InstaWP Connect instawp-connect.This issue affects InstaWP Connect: from n/a through <= 0.1.0.8. | ||||
| CVE-2024-27191 | 2 Inpersttion, Wordpress | 2 Slivery Extender, Wordpress | 2026-04-28 | 8.5 High |
| Improper Control of Generation of Code ('Code Injection') vulnerability in inpersttion Slivery Extender slivery-extender allows Remote Code Inclusion.This issue affects Slivery Extender: from n/a through <= 1.0.2. | ||||
| CVE-2024-31375 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 5.4 Medium |
| Missing Authorization vulnerability in Saleswonder Team: Tobias WP2LEADS wp2leads.This issue affects WP2LEADS: from n/a through <= 3.2.7. | ||||
| CVE-2024-31230 | 2 Shortpixel, Wordpress | 2 Shortpixel Adaptive Images, Wordpress | 2026-04-28 | 5.3 Medium |
| Missing Authorization vulnerability in ShortPixel ShortPixel Adaptive Images shortpixel-adaptive-images.This issue affects ShortPixel Adaptive Images: from n/a through <= 3.8.2. | ||||
| CVE-2024-31278 | 1 Leap13 | 1 Premium Addons For Elementor | 2026-04-28 | 4.3 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in Leap13 Premium Addons for Elementor premium-addons-for-elementor.This issue affects Premium Addons for Elementor: from n/a through <= 4.10.22. | ||||
| CVE-2024-31370 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CodeIsAwesome AIKit aikit-wordpress-ai-writing-assistant-using-gpt3.This issue affects AIKit: from n/a through <= 4.14.1. | ||||
| CVE-2024-27972 | 1 Verygoodplugins | 1 Wp Fusion | 2026-04-28 | 9.9 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Jack Arturo WP Fusion Lite wp-fusion-lite.This issue affects WP Fusion Lite: from n/a through <= 3.41.24. | ||||
| CVE-2024-24888 | 1 Kadencewp | 1 Gutenberg Blocks With Ai | 2026-04-28 | 6.4 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in StellarWP Gutenberg Blocks by Kadence Blocks kadence-blocks.This issue affects Gutenberg Blocks by Kadence Blocks: from n/a through <= 3.2.25. | ||||
| CVE-2025-24261 | 1 Apple | 1 Macos | 2026-04-28 | 5.5 Medium |
| The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to modify protected parts of the file system. | ||||
| CVE-2025-31188 | 1 Apple | 1 Macos | 2026-04-28 | 7.8 High |
| A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to bypass Privacy preferences. | ||||
| CVE-2025-30424 | 1 Apple | 1 Macos | 2026-04-28 | 9.8 Critical |
| A logging issue was addressed with improved data redaction. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. Deleting a conversation in Messages may expose user contact information in system logging. | ||||
| CVE-2025-30432 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2026-04-28 | 6.4 Medium |
| A logic issue was addressed with improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. A malicious app may be able to attempt passcode entries on a locked device and thereby cause escalating time delays after 4 failures. | ||||
| CVE-2025-31192 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2026-04-28 | 6.7 Medium |
| The issue was addressed with improved checks. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A website may be able to access sensor information without user consent. | ||||
| CVE-2025-30469 | 1 Apple | 2 Ipados, Iphone Os | 2026-04-28 | 2.4 Low |
| This issue was addressed through improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4. A person with physical access to an iOS device may be able to access photos from the lock screen. | ||||
| CVE-2025-24217 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2026-04-28 | 5.5 Medium |
| This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, tvOS 18.4, watchOS 11.4. An app may be able to access sensitive user data. | ||||
| CVE-2025-24190 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2026-04-28 | 9.8 Critical |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process memory. | ||||