Export limit exceeded: 346128 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346128 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-9501 | 2026-04-15 | 9.8 Critical | ||
| The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.0.7. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token. | ||||
| CVE-2024-25916 | 2026-04-15 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Joseph C Dolson My Calendar allows Stored XSS.This issue affects My Calendar: from n/a through 3.4.23. | ||||
| CVE-2024-47926 | 1 Tecnick | 1 Tcexam | 2026-04-15 | 9.8 Critical |
| Tecnick TCExam – CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | ||||
| CVE-2025-64109 | 1 Cursor | 1 Cursor | 2026-04-15 | 8.8 High |
| Cursor is a code editor built for programming with AI. In versions and below, a vulnerability in the Cursor CLI Beta allowed an attacker to achieve remote code execution through the MCP (Model Context Protocol) server mechanism by uploading a malicious MCP configuration in .cursor/mcp.json file in a GitHub repository. Once a victim clones the project and opens it using Cursor CLI, the command to run the malicious MCP server is immediately executed without any warning, leading to potential code execution as soon as the command runs. This issue is fixed in version 2025.09.17-25b418f. | ||||
| CVE-2025-63053 | 2 Jeweltheme, Wordpress | 2 Master Addons For Elementor, Wordpress | 2026-04-15 | N/A |
| Authorization Bypass Through User-Controlled Key vulnerability in Liton Arefin Master Addons for Elementor master-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Master Addons for Elementor: from n/a through <= 2.0.9.9.4. | ||||
| CVE-2025-63038 | 2 Northern Beaches Websites, Wordpress | 2 Wp Custom Admin Interface, Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in Northern Beaches Websites WP Custom Admin Interface wp-custom-admin-interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin Interface: from n/a through <= 7.40. | ||||
| CVE-2025-63022 | 2 Illia, Wordpress | 2 Simple Like Page, Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in topdevs.net Simple Like Page simple-facebook-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Like Page: from n/a through <= 1.5.3. | ||||
| CVE-2025-62880 | 2 Kunalnagar, Wordpress | 2 Custom 404 Pro, Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Kunal Custom 404 Pro custom-404-pro allows Cross Site Request Forgery.This issue affects Custom 404 Pro: from n/a through <= 3.12.0. | ||||
| CVE-2025-62820 | 1 Slack | 1 Nebula | 2026-04-15 | 4.9 Medium |
| Slack Nebula before 1.9.7 mishandles CIDR in some configurations and thus accepts arbitrary source IP addresses within the Nebula network. | ||||
| CVE-2024-24984 | 2026-04-15 | 6.5 Medium | ||
| Improper input validation for some Intel(R) Wireless Bluetooth(R) products for Windows before version 23.40 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | ||||
| CVE-2025-62517 | 1 Rollbar | 1 Rollbar | 2026-04-15 | 5.9 Medium |
| Rollbar.js offers error tracking and logging from Javascript to Rollbar. In versions before 2.26.5 and from 3.0.0-alpha1 to before 3.0.0-beta5, there is a prototype pollution vulnerability in merge(). If application code calls rollbar.configure() with untrusted input, prototype pollution is possible. This issue has been fixed in versions 2.26.5 and 3.0.0-beta5. A workaround involves ensuring that values passed to rollbar.configure() do not contain untrusted input. | ||||
| CVE-2024-24983 | 1 Intel | 1 Ethernet Complete Driver Pack | 2026-04-15 | 6.5 Medium |
| Protection mechanism failure in firmware for some Intel(R) Ethernet Network Controllers and Adapters E810 Series before version 4.4 may allow an unauthenticated user to potentially enable denial of service via network access. | ||||
| CVE-2025-13198 | 1 Douphp | 1 Douphp | 2026-04-15 | 4.7 Medium |
| A vulnerability has been found in DouPHP up to 1.8 Release 20251022. This impacts an unknown function of the file upload/include/file.class.php. The manipulation of the argument File leads to unrestricted upload. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-24981 | 1 Intel | 3 Intel Server D50fcp Family, Intel Server M50fcp Family, Server Board S2600bp Firmware | 2026-04-15 | 7.5 High |
| Improper input validation in PfrSmiUpdateFw driver in UEFI firmware for some Intel(R) Server M50FCP Family products may allow a privileged user to enable escalation of privilege via local access. | ||||
| CVE-2024-24972 | 1 Gallagher | 2 Controller 6000, Controller 7000 | 2026-04-15 | 6.5 Medium |
| Buffer Copy without Checking Size of Input (CWE-120) in the Controller 6000 and Controller 7000 diagnostic web interface allows an authorised and authenticated operator to reboot the Controller, causing a Denial of Service. Gallagher recommend the diagnostic web page is not enabled (default is off) unless advised by Gallagher Technical support. This interface is intended only for diagnostic purposes. This issue affects: Controller 6000 and Controller 7000 9.10 prior to vCR9.10.240816a (distributed in 9.10.1530 (MR2)), 9.00 prior to vCR9.00.240816a (distributed in 9.00.2168 (MR4)), 8.90 prior to vCR8.90.240816a (distributed in 8.90.2155 (MR5)), 8.80 prior to vCR8.80.240816b (distributed in 8.80.1938 (MR6)), all versions of 8.70 and prior. | ||||
| CVE-2025-62138 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in cedcommerce WP Advanced PDF wp-advanced-pdf allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Advanced PDF: from n/a through <= 1.1.7. | ||||
| CVE-2025-62135 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in landwire Responsive Block Control responsive-block-control allows DOM-Based XSS.This issue affects Responsive Block Control: from n/a through <= 1.3.0. | ||||
| CVE-2025-62132 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in Strategy11 Team Tasty Recipes Lite tasty-recipes-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tasty Recipes Lite: from n/a through <= 1.1.5. | ||||
| CVE-2025-62111 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webvitaly Extra Shortcodes extra-shortcodes allows Stored XSS.This issue affects Extra Shortcodes: from n/a through <= 2.2. | ||||
| CVE-2025-7472 | 2026-04-15 | 7.5 High | ||
| A local privilege escalation vulnerability in the Intercept X for Windows installer prior version 1.22 can lead to a local user gaining system level privileges, if the installer is run as SYSTEM. | ||||