Export limit exceeded: 34828 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (34828 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-43259 | 2 Jem-products, Jem Plugins | 2 Order Export For Woocommerce, Order Expert For Woocommerce | 2026-04-01 | 7.5 High |
| Insertion of Sensitive Information Into Sent Data vulnerability in WebFactory Order Export for WooCommerce order-export-and-more-for-woocommerce.This issue affects Order Export for WooCommerce: from n/a through <= 3.23. | ||||
| CVE-2024-43240 | 1 Wpindeed | 1 Ultimate Membership Pro | 2026-04-01 | 9.8 Critical |
| Improper Authentication vulnerability in azzaroco Ultimate Membership Pro indeed-membership-pro.This issue affects Ultimate Membership Pro: from n/a through <= 12.7. | ||||
| CVE-2024-43230 | 2 Sharedfilespro, Tammersoft | 2 Shared Files, Shared Files | 2026-04-01 | 7.5 High |
| Insertion of Sensitive Information Into Sent Data vulnerability in Anssi Laitila Shared Files shared-files.This issue affects Shared Files: from n/a through <= 1.7.28. | ||||
| CVE-2024-35700 | 1 Userproplugin | 1 Userpro | 2026-04-01 | 9.8 Critical |
| Incorrect Privilege Assignment vulnerability in DeluxeThemes Userpro userpro.This issue affects Userpro: from n/a through <= 5.1.8. | ||||
| CVE-2024-32959 | 2 Sirv, Wordpress | 2 Sirv, Wordpress | 2026-04-01 | N/A |
| Incorrect Privilege Assignment vulnerability in Sirv CDN and Image Hosting Sirv sirv.This issue affects Sirv: from n/a through <= 7.2.2. | ||||
| CVE-2024-32782 | 1 Hasthemes | 1 Ht Mega | 2026-04-01 | 6.5 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in DevItems HT Mega ht-mega-for-elementor.This issue affects HT Mega: from n/a through <= 2.4.7. | ||||
| CVE-2024-24882 | 2 Masteriyo, Themegrill | 2 Masteriyo, Masteriyo | 2026-04-01 | 9.8 Critical |
| Incorrect Privilege Assignment vulnerability in masteriyo Masteriyo - LMS learning-management-system.This issue affects Masteriyo - LMS: from n/a through <= 1.7.2. | ||||
| CVE-2024-23506 | 1 Instawp | 1 Instawp Connect | 2026-04-01 | 6.5 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in InstaWP InstaWP Connect instawp-connect.This issue affects InstaWP Connect: from n/a through <= 0.1.0.9. | ||||
| CVE-2024-1435 | 1 Tainacan | 1 Tainacan | 2026-04-01 | 7.5 High |
| Insertion of Sensitive Information Into Sent Data vulnerability in tainacan Tainacan tainacan.This issue affects Tainacan: from n/a through <= 0.20.6. | ||||
| CVE-2026-33898 | 2 Linuxcontainers, Lxc | 2 Incus, Incus | 2026-04-01 | 8.8 High |
| Incus is a system container and virtual machine manager. Prior to version 6.23.0, the web server spawned by `incus webui` incorrectly validates the authentication token such that an invalid value will be accepted. `incus webui` runs a local web server on a random localhost port. For authentication, it provides the user with a URL containing an authentication token. When accessed with that token, Incus creates a cookie persisting that token without needing to include it in subsequent HTTP requests. While the Incus client correctly validates the value of the cookie, it does not correctly validate the token when passed int the URL. This allows for an attacker able to locate and talk to the temporary web server on localhost to have as much access to Incus as the user who ran `incus webui`. This can lead to privilege escalation by another local user or an access to the user's Incus instances and possibly system resources by a remote attack able to trick the local user into interacting with the Incus UI web server. Version 6.23.0 patches the issue. | ||||
| CVE-2026-33745 | 1 Yhirose | 1 Cpp-httplib | 2026-04-01 | 7.4 High |
| cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.39.0, the cpp-httplib HTTP client forwards stored Basic Auth, Bearer Token, and Digest Auth credentials to arbitrary hosts when following cross-origin HTTP redirects (301/302/307/308). A malicious or compromised server can redirect the client to an attacker-controlled host, which then receives the plaintext credentials in the `Authorization` header. Version 0.39.0 fixes the issue. | ||||
| CVE-2026-24306 | 1 Microsoft | 1 Azure Front Door | 2026-04-01 | 9.8 Critical |
| Improper access control in Azure Front Door (AFD) allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2025-23367 | 1 Redhat | 8 Build Keycloak, Jboss Data Grid, Jboss Enterprise Application Platform and 5 more | 2026-04-01 | 6.5 Medium |
| A flaw was found in the Wildfly Server Role Based Access Control (RBAC) provider. When authorization to control management operations is secured using the Role Based Access Control provider, a user without the required privileges can suspend or resume the server. A user with a Monitor or Auditor role is supposed to have only read access permissions and should not be able to suspend the server. The vulnerability is caused by the Suspend and Resume handlers not performing authorization checks to validate whether the current user has the required permissions to proceed with the action. | ||||
| CVE-2026-20998 | 1 Samsung | 1 Smart Switch | 2026-03-31 | 9.8 Critical |
| Improper authentication in Smart Switch prior to version 3.7.69.15 allows remote attackers to bypass authentication. | ||||
| CVE-2026-21004 | 1 Samsung | 1 Smart Switch | 2026-03-31 | 6.5 Medium |
| Improper authentication in Smart Switch prior to version 3.7.69.15 allows adjacent attackers to trigger a denial of service. | ||||
| CVE-2025-33238 | 1 Nvidia | 1 Triton Inference Server | 2026-03-31 | 7.5 High |
| NVIDIA Triton Inference Server Sagemaker HTTP server contains a vulnerability where an attacker may cause an exception. A successful exploit of this vulnerability may lead to denial of service. | ||||
| CVE-2025-33254 | 1 Nvidia | 1 Triton Inference Server | 2026-03-31 | 7.5 High |
| NVIDIA Triton Inference Server contains a vulnerability where an attacker may cause internal state corruption. A successful exploit of this vulnerability may lead to a denial of service. | ||||
| CVE-2026-28861 | 1 Apple | 6 Ios And Ipados, Ipados, Iphone Os and 3 more | 2026-03-31 | 4.3 Medium |
| A logic issue was addressed with improved state management. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. A malicious website may be able to access script message handlers intended for other origins. | ||||
| CVE-2026-0558 | 2 Lollms, Parisneo | 2 Lollms, Parisneo/lollms | 2026-03-31 | 9.8 Critical |
| A vulnerability in parisneo/lollms, up to and including version 2.2.0, allows unauthenticated users to upload and process files through the `/api/files/extract-text` endpoint. This endpoint does not enforce authentication, unlike other file-related endpoints, and lacks the `Depends(get_current_active_user)` dependency. This issue can lead to denial of service (DoS) through resource exhaustion, information disclosure, and violation of the application's documented security policies. | ||||
| CVE-2025-15606 | 2 Tp-link, Tp-link Systems Inc. | 3 Td-w8961n, Td-w8961nd Firmware, Td-w8961n V4.0 | 2026-03-31 | 7.5 High |
| A Denial-of-Service (DoS) vulnerability in the httpd component of TP-Link's TD-W8961N v4.0 due to improper input sanitization, allows crafted requests to trigger a processing error that causes the httpd service to crash. Successful exploitation may allow the attacker to cause service interruption, resulting in a DoS condition. | ||||