Export limit exceeded: 347343 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 347343 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347343 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-14821 | 2 Libssh, Redhat | 5 Libssh, Enterprise Linux, Hardened Images and 2 more | 2026-04-29 | 7.8 High |
| A flaw was found in libssh. This vulnerability allows local man-in-the-middle attacks, security downgrades of SSH (Secure Shell) connections, and manipulation of trusted host information, posing a significant risk to the confidentiality, integrity, and availability of SSH communications via an insecure default configuration on Windows systems where the library automatically loads configuration files from the C:\etc directory, which can be created and modified by unprivileged local users. | ||||
| CVE-2024-46382 | 2 Linlinjava, Litemall Project | 2 Litemall, Litemall | 2026-04-29 | 6.5 Medium |
| A SQL injection vulnerability in linlinjava litemall 1.8.0 allows a remote attacker to obtain sensitive information via the goodsId, goodsSn, and name parameters in AdminOrderController.java. | ||||
| CVE-2025-31421 | 1 Wordpress | 1 Wordpress | 2026-04-29 | 5.8 Medium |
| Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Oblak Studio Srbtranslatin srbtranslatin allows Retrieve Embedded Sensitive Data.This issue affects Srbtranslatin: from n/a through <= 3.2.0. | ||||
| CVE-2025-31420 | 1 Wordpress | 1 Wordpress | 2026-04-29 | 7.6 High |
| Incorrect Privilege Assignment vulnerability in Tomdever wpForo Forum wpforo allows Privilege Escalation.This issue affects wpForo Forum: from n/a through <= 2.4.2. | ||||
| CVE-2024-37418 | 3 Andymoyle, Church Admin Project, Wordpress | 3 Church Admin, Church Admin, Wordpress | 2026-04-29 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 4.4.6. | ||||
| CVE-2024-31280 | 2 Andymoyle, Church Admin Project | 2 Church Admin, Church Admin | 2026-04-29 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 4.1.5. | ||||
| CVE-2023-41652 | 2 Carrcommunications, Davidfcarr | 2 Rsvpmaker, Rsvpmarker | 2026-04-29 | 8.2 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Carr RSVPMaker rsvpmaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 10.6.6. | ||||
| CVE-2023-40215 | 1 Superwhite | 1 Demon Image Annotation | 2026-04-29 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Demonisblack demon image annotation allows SQL Injection.This issue affects demon image annotation: from n/a through 5.1. | ||||
| CVE-2023-40207 | 1 Rednao | 1 Donations Made Easy - Smart Donations | 2026-04-29 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RedNao Donations Made Easy – Smart Donations allows SQL Injection.This issue affects Donations Made Easy – Smart Donations: from n/a through 4.0.12. | ||||
| CVE-2023-38391 | 1 Themesgrove | 1 Onepage Builder | 2026-04-29 | 6.7 Medium |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themesgrove Onepage Builder allows SQL Injection.This issue affects Onepage Builder: from n/a through 2.4.1. | ||||
| CVE-2023-37966 | 1 Solwininfotech | 1 User Activity Log | 2026-04-29 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Solwin Infotech User Activity Log user-activity-log allows SQL Injection.This issue affects User Activity Log: from n/a through 1.6.2. | ||||
| CVE-2023-31077 | 1 Myrecorp | 1 Export Wp Page To Static Html\/css | 2026-04-29 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in ReCorp Export WP Page to Static HTML/CSS plugin <= 2.1.9 versions. | ||||
| CVE-2023-28748 | 1 Appjetty | 1 Copy Or Move Comments | 2026-04-29 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in biztechc Copy or Move Comments allows SQL Injection.This issue affects Copy or Move Comments: from n/a through 5.0.4. | ||||
| CVE-2022-46849 | 1 Weblizar | 1 Responsive Coming Soon \& Maintenance Mode | 2026-04-29 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Weblizar Coming Soon Page – Responsive Coming Soon & Maintenance Mode allows SQL Injection.This issue affects Coming Soon Page – Responsive Coming Soon & Maintenance Mode: from n/a through 1.5.9. | ||||
| CVE-2025-67223 | 1 Arandasoft | 1 Aranda File Server | 2026-04-29 | 7.5 High |
| The Aranda File Server (AFS) component in Aranda Software Aranda Service Desk before 8.3.12 stores daily activity logs with predictable names in a publicly accessible directory, which allows unauthenticated remote attackers to obtain direct virtual paths of uploaded files and bypass access controls to download sensitive documents containing PII. | ||||
| CVE-2025-60887 | 1 Cista | 1 Cista | 2026-04-29 | 5.3 Medium |
| An issue was discovered in Cista v0.15 and below. Insecure deserialization of untrusted input under certain conditions may lead to leaking of stack/heap addresses which may be used to bypass ASLR. Classes with pointer-like mechanics under the cista::raw namespace are prone to reference tampering, where Cista does not perform sufficient checks to safeguard against self-referencing pointers and referencing other data within the payload. The leak occurs if the deserialized values are observable by the attacker. | ||||
| CVE-2025-60889 | 1 Stellargroup | 1 Hpx | 2026-04-29 | N/A |
| Insecure deserialization of untrusted input in StellarGroup HPX 1.11.0 under certain conditions may allow attackers to execute arbitrary code or other unspecified impacts. | ||||
| CVE-2026-41603 | 1 Apache | 1 Thrift | 2026-04-29 | 7.4 High |
| Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue. | ||||
| CVE-2026-7279 | 1 Empia Technology | 1 Avacast | 2026-04-29 | 7.8 High |
| AVACAST developed by eMPIA Technology, has a DLL Hijacking vulnerability, allowing authenticated local attackers to place a malicious DLL in a specific directory, resulting in arbitrary code execution with system privileges when the system loads the DLL. | ||||
| CVE-2026-7280 | 1 Empia Technology | 1 Avacast | 2026-04-29 | 6.7 Medium |
| AVACAST developed by eMPIA Technology has a Unquoted Service Path vulnerability, allowing privileged local attackers to place a malicious executable file in a specific directory, resulting in arbitrary code execution with system privileges when the AVACAST service starts. | ||||