Export limit exceeded: 346993 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 346993 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346993 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-33540 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGrill ColorNews allows Stored XSS.This issue affects ColorNews: from n/a through 1.2.6. | ||||
| CVE-2024-33544 | 2 Aa-team, Wordpress | 2 Wzone, Wordpress | 2026-04-15 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team WZone allows SQL Injection.This issue affects WZone: from n/a through 14.0.10. | ||||
| CVE-2024-33546 | 2 Aa-team, Wordpress | 2 Wzone, Wordpress | 2026-04-15 | 9.6 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team WZone allows SQL Injection.This issue affects WZone: from n/a through 14.0.10. | ||||
| CVE-2024-33548 | 2 Aa-team, Wordpress | 2 Wzone, Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AA-Team WZone allows Reflected XSS.This issue affects WZone: from n/a through 14.0.10. | ||||
| CVE-2025-1035 | 2026-04-15 | 5.7 Medium | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Komtera Technolgies KLog Server allows Manipulating Web Input to File System Calls.This issue affects KLog Server: before 3.1.1. | ||||
| CVE-2024-33549 | 2 Aa-team, Wordpress | 2 Wzone, Wordpress | 2026-04-15 | 8.8 High |
| Improper Privilege Management vulnerability in AA-Team WZone allows Privilege Escalation.This issue affects WZone: from n/a through 14.0.10. | ||||
| CVE-2025-48393 | 1 Eaton | 1 G4 Pdu | 2026-04-15 | 5.7 Medium |
| The server identity check mechanism for firmware upgrade performed via command shell is insecurely implemented potentially allowing an attacker to perform a Man-in-the-middle attack. This security issue has been fixed in the latest firmware version of Eaton G4 PDU which is available on the Eaton download center. | ||||
| CVE-2024-33550 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 8.8 High |
| Improper Privilege Management vulnerability in JR King/Eran Schoellhorn WP Masquerade allows Privilege Escalation.This issue affects WP Masquerade: from n/a through 1.1.0. | ||||
| CVE-2025-10351 | 1 Melistechnology | 1 Melis Platform | 2026-04-15 | N/A |
| SQL injection vulnerability based on the melis-cms module of the Melis platform from Melis Technology. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'idPage' parameter in the '/melis/MelisCms/PageEdition/getTinyTemplates' endpoint. | ||||
| CVE-2025-12409 | 1 Google | 2 Cloud Looker, Looker | 2026-04-15 | N/A |
| A SQL injection vulnerability was discovered in Looker Studio that allowed for data exfiltration from BigQuery data sources. By creating a malicious report with native functions enabled, and having the victim access the report, an attacker could execute injected SQL queries with the victim's permissions in BigQuery. This vulnerability was patched on 07 July 2025, and no customer action is needed. | ||||
| CVE-2024-33559 | 1 8theme | 1 Xstore | 2026-04-15 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in 8theme XStore allows SQL Injection.This issue affects XStore: from n/a through 9.3.5. | ||||
| CVE-2024-33560 | 2 8theme, Wordpress | 2 Xstore, Wordpress | 2026-04-15 | 9 Critical |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in 8theme XStore allows PHP Local File Inclusion.This issue affects XStore: from n/a through 9.3.8. | ||||
| CVE-2024-53615 | 2026-04-15 | 6.5 Medium | ||
| A command injection vulnerability in the video thumbnail rendering component of Karl Ward's files.gallery v0.3.0 through 0.11.0 allows remote attackers to execute arbitrary code via a crafted video file. | ||||
| CVE-2024-33562 | 1 8theme | 1 Xstore | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme XStore allows Reflected XSS.This issue affects XStore: from n/a through 9.3.5. | ||||
| CVE-2024-33566 | 1 Wordpress | 1 Orderconvo | 2026-04-15 | 10 Critical |
| Missing Authorization vulnerability in N-Media OrderConvo allows OS Command Injection.This issue affects OrderConvo: from n/a through 12.4. | ||||
| CVE-2024-33567 | 2026-04-15 | 9.8 Critical | ||
| Improper Privilege Management vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager allows Privilege Escalation.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through 1.5.3. | ||||
| CVE-2024-33569 | 1 Connekthq | 1 Instant Images | 2026-04-15 | 7.2 High |
| Improper Privilege Management vulnerability in Darren Cooney Instant Images allows Privilege Escalation.This issue affects Instant Images: from n/a through 6.1.0. | ||||
| CVE-2024-53617 | 2026-04-15 | 4.8 Medium | ||
| A Cross Site Scripting vulnerability in LibrePhotos before commit 32237 allows attackers to takeover any account via uploading an HTML file on behalf of the admin user using IDOR in file upload. | ||||
| CVE-2024-33573 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in EPROLO EPROLO Dropshipping.This issue affects EPROLO Dropshipping: from n/a through 1.7.1. | ||||
| CVE-2024-33574 | 2026-04-15 | 4.3 Medium | ||
| Missing Authorization vulnerability in appsbd Vitepos.This issue affects Vitepos: from n/a through 3.0.1. | ||||