Export limit exceeded: 347147 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347147 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-41179 | 1 Rclone | 1 Rclone | 2026-04-27 | 9.8 Critical |
| Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to version 1.73.5, the RC endpoint `operations/fsinfo` is exposed without `AuthRequired: true` and accepts attacker-controlled `fs` input. Because `rc.GetFs(...)` supports inline backend definitions, an unauthenticated attacker can instantiate an attacker-controlled backend on demand. For the WebDAV backend, `bearer_token_command` is executed during backend initialization, making single-request unauthenticated local command execution possible on reachable RC deployments without global HTTP authentication. Version 1.73.5 patches the issue. | ||||
| CVE-2025-67924 | 1 Wordpress | 1 Wordpress | 2026-04-27 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Corpkit corpkit allows Upload a Web Shell to a Web Server.This issue affects Corpkit: from n/a through <= 2.0. | ||||
| CVE-2025-67921 | 1 Wordpress | 1 Wordpress | 2026-04-27 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VanKarWai Lobo lobo allows Blind SQL Injection.This issue affects Lobo: from n/a through < 2.8.6. | ||||
| CVE-2025-67910 | 2 Contentstudio, Wordpress | 2 Contentstudio, Wordpress | 2026-04-27 | 9.1 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in contentstudio Contentstudio contentstudio allows Upload a Web Shell to a Web Server.This issue affects Contentstudio: from n/a through <= 1.3.7. | ||||
| CVE-2025-67909 | 2 Wordpress, Wpswings | 2 Wordpress, Membership For Woocommerce | 2026-04-27 | 7.5 High |
| Authorization Bypass Through User-Controlled Key vulnerability in WP Swings Membership For WooCommerce membership-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Membership For WooCommerce: from n/a through <= 3.0.3. | ||||
| CVE-2025-67622 | 1 Wordpress | 1 Wordpress | 2026-04-27 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in titopandub Evergreen Post Tweeter evergreen-post-tweeter allows Stored XSS.This issue affects Evergreen Post Tweeter: from n/a through <= 1.8.9. | ||||
| CVE-2025-67621 | 1 Wordpress | 1 Wordpress | 2026-04-27 | 4.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in 10up Eight Day Week Print Workflow eight-day-week-print-workflow allows Retrieve Embedded Sensitive Data.This issue affects Eight Day Week Print Workflow: from n/a through <= 1.2.5. | ||||
| CVE-2025-66137 | 2 Merkulove, Wordpress | 2 Searcher For Elementor, Wordpress | 2026-04-27 | 5.4 Medium |
| Missing Authorization vulnerability in merkulove Searcher for Elementor searcher-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Searcher for Elementor: from n/a through <= 1.0.3. | ||||
| CVE-2025-66072 | 1 Wordpress | 1 Wordpress | 2026-04-27 | 5.3 Medium |
| Missing Authorization vulnerability in Stiofan UsersWP userswp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UsersWP: from n/a through <= 1.2.47. | ||||
| CVE-2025-60188 | 2 Atarim, Wordpress | 2 Atarim, Wordpress | 2026-04-27 | 7.5 High |
| Insertion of Sensitive Information Into Sent Data vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Retrieve Embedded Sensitive Data.This issue affects Atarim: from n/a through <= 4.2.1. | ||||
| CVE-2025-60074 | 1 Wordpress | 1 Wordpress | 2026-04-27 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Processby Lazy Load Optimizer lazy-load-optimizer allows PHP Local File Inclusion.This issue affects Lazy Load Optimizer: from n/a through <= 1.4.7. | ||||
| CVE-2025-60072 | 1 Wordpress | 1 Wordpress | 2026-04-27 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Processby Anchor smooth scroll anchor-smooth-scroll allows PHP Local File Inclusion.This issue affects Anchor smooth scroll: from n/a through <= 1.0.2. | ||||
| CVE-2025-60070 | 1 Wordpress | 1 Wordpress | 2026-04-27 | 6.5 Medium |
| Improper Control of Generation of Code ('Code Injection') vulnerability in The4 Molla molla allows Code Injection.This issue affects Molla: from n/a through <= 1.5.13. | ||||
| CVE-2025-60068 | 2 Javothemes, Wordpress | 2 Javo Core, Wordpress | 2026-04-27 | 6.5 Medium |
| Improper Control of Generation of Code ('Code Injection') vulnerability in javothemes Javo Core javo-core allows Code Injection.This issue affects Javo Core: from n/a through <= 3.0.0.266. | ||||
| CVE-2025-60055 | 1 Wordpress | 1 Wordpress | 2026-04-27 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Fabrica fabrica allows PHP Local File Inclusion.This issue affects Fabrica: from n/a through <= 1.8.1. | ||||
| CVE-2025-60053 | 1 Wordpress | 1 Wordpress | 2026-04-27 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes MaxCube maxcube allows PHP Local File Inclusion.This issue affects MaxCube: from n/a through <= 1.3.1. | ||||
| CVE-2025-12550 | 1 Wordpress | 1 Wordpress | 2026-04-27 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in jwsthemes OchaHouse ochahouse allows PHP Local File Inclusion.This issue affects OchaHouse: from n/a through <= 2.2.8. | ||||
| CVE-2025-12549 | 1 Wordpress | 1 Wordpress | 2026-04-27 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in magentech Rozy - Flower Shop rozy allows PHP Local File Inclusion.This issue affects Rozy - Flower Shop: from n/a through <= 1.2.25. | ||||
| CVE-2026-5500 | 1 Wolfssl | 1 Wolfssl | 2026-04-27 | 5.9 Medium |
| wolfSSL's wc_PKCS7_DecodeAuthEnvelopedData() does not properly sanitize the AES-GCM authentication tag length received and has no lower bounds check. A man-in-the-middle can therefore truncate the mac field from 16 bytes to 1 byte, reducing the tag check from 2⁻¹²⁸ to 2⁻⁸. | ||||
| CVE-2025-67970 | 2 Vertim, Wordpress | 2 Schedula, Wordpress | 2026-04-27 | 5.9 Medium |
| Missing Authorization vulnerability in vertim Schedula schedula-smart-appointment-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Schedula: from n/a through <= 1.0. | ||||