Export limit exceeded: 346601 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346601 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-21830 | 2026-04-15 | 6.7 Medium | ||
| Uncontrolled search path in some Intel(R) VPL software before version 2023.4.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-9262 | 2026-04-15 | 6.5 Medium | ||
| The User Meta – User Profile Builder and User management plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.1.1 via the getUser() due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and above, to obtain user meta values from form fields. Please note that this requires a site administrator to create a form that displays potentially sensitive information like password hashes. This may also be exploited by unauthenticated users if the 'user-meta-public-profile' shortcode is used insecurely. | ||||
| CVE-2024-21841 | 2026-04-15 | 6.7 Medium | ||
| Uncontrolled search path for some Intel(R) Distribution for GDB software before version 2024.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-47258 | 2026-04-15 | 8.1 High | ||
| 2N Access Commander version 2.1 and prior is vulnerable in default settings to Man In The Middle attack due to not verifying certificates of 2N edge devices. 2N has currently released an updated version 3.3 of 2N Access Commander, with added Certificate Fingerprint Verification. Since version 2.2 of 2N Access Commander (released in February 2022) it is also possible to enforce TLS certificate validation.It is recommended that all customers update 2N Access Commander to the latest version and use one of two mentioned practices. | ||||
| CVE-2024-9275 | 1 Jeanmarc77 | 1 123solar | 2026-04-15 | 6.3 Medium |
| A vulnerability was found in jeanmarc77 123solar up to 1.8.4.5. It has been rated as critical. This issue affects some unknown processing of the file /admin/admin_invt2.php. The manipulation of the argument PROTOCOLx leads to file inclusion. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-27594 | 2026-04-15 | 7.5 High | ||
| The device uses an unencrypted, proprietary protocol for communication. Through this protocol, configuration data is transmitted and device authentication is performed. An attacker can thereby intercept the authentication hash and use it to log into the device using a pass-the-hash attack. | ||||
| CVE-2024-21843 | 2026-04-15 | 6.7 Medium | ||
| Uncontrolled search path for some Intel(R) Computing Improvement Program software before version 2.4.0.10654 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-9283 | 2026-04-15 | 3.3 Low | ||
| A vulnerability classified as problematic has been found in RelaxedJS ReLaXed up to 0.2.2. Affected is an unknown function of the component Pug to PDF Converter. The manipulation leads to cross site scripting. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-14015 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 7.1 High |
| The WordPress eCommerce Plugin WordPress plugin through 2.9.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2024-21846 | 2026-04-15 | 5.3 Medium | ||
| An unauthenticated attacker can reset the board and stop transmitter operations by sending a specially-crafted GET request to the command.cgi gateway, resulting in a denial-of-service scenario. | ||||
| CVE-2025-10638 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.3 Medium |
| The NS Maintenance Mode for WP WordPress plugin through 1.3.1 lacks authorization in its subscriber export function allowing unauthenticated attackers to download a list of a site's subscribers containing their name and email address | ||||
| CVE-2025-11072 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.3 Medium |
| The MelAbu WP Download Counter Button WordPress plugin through 1.8.6.7 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/download arbitrary files. | ||||
| CVE-2024-21850 | 1 Intel | 1 Tdx Module Software | 2026-04-15 | 6 Medium |
| Sensitive information in resource not removed before reuse in some Intel(R) TDX Seamldr module software before version 1.5.02.00 may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2025-13471 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.3 Medium |
| The User Activity Log WordPress plugin through 2.2 does not properly handle failed login attempts in some cases, allowing unauthenticated users to set arbitrary options to 1 (for example to enable User Registration when it has been turned off) | ||||
| CVE-2025-14312 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.1 Medium |
| The Advance WP Query Search Filter WordPress plugin through 1.0.10 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2025-14313 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.1 Medium |
| The Advance WP Query Search Filter WordPress plugin through 1.0.10 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2025-14316 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 7.1 High |
| The AhaChat Messenger Marketing WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2024-21853 | 2026-04-15 | 4.7 Medium | ||
| Improper finite state machines (FSMs) in the hardware logic in some 4th and 5th Generation Intel(R) Xeon(R) Processors may allow an authorized user to potentially enable denial of service via local access. | ||||
| CVE-2025-6027 | 2 Acewebx, Wordpress | 2 Ace User Management, Wordpress | 2026-04-15 | 6.3 Medium |
| The Ace User Management WordPress plugin through 2.0.3 does not properly validate that a password reset token is associated with the user who requested it, allowing any authenticated users, such as subscriber to reset the password of arbitrary accounts, including administrators. | ||||
| CVE-2025-9544 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.5 Medium |
| The Doppler Forms WordPress plugin through 2.5.1 registers an AJAX action install_extension without verifying user capabilities or using a nonce. As a result, any authenticated user — including those with the Subscriber role — can install and activate additional Doppler Forms WordPress plugin through 2.5.1 (limited to those whitelisted by the main Doppler Forms WordPress plugin through 2.5.1). | ||||