Export limit exceeded: 346810 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346810 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-7353 | 1 Tipsandtricks-hq | 1 Accept Stripe | 2026-04-15 | 5.4 Medium |
| The Accept Stripe Payments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's accept_stripe_payment_ng shortcode in all versions up to, and including, 2.0.86 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-10283 | 1 Blsops | 1 Bbot | 2026-04-15 | 9.6 Critical |
| BBOT's gitdumper module could be abused to execute commands through a malicious git repository. | ||||
| CVE-2024-13471 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 7.5 High |
| The DesignThemes Core Features plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the dt_process_imported_file function in all versions up to, and including, 4.7. This makes it possible for unauthenticated attackers to read arbitrary files on the underlying operating system. | ||||
| CVE-2024-7387 | 1 Redhat | 1 Openshift | 2026-04-15 | 9.1 Critical |
| A flaw was found in openshift/builder. This vulnerability allows command injection via path traversal, where a malicious user can execute arbitrary commands on the OpenShift node running the builder container. When using the “Docker” strategy, executable files inside the privileged build container can be overridden using the `spec.source.secrets.secret.destinationDir` attribute of the `BuildConfig` definition. An attacker running code in a privileged container could escalate their permissions on the node running the container. | ||||
| CVE-2024-7388 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4 Medium |
| The WP Bannerize Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via banner alt data in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | ||||
| CVE-2024-7396 | 1 Korenix | 1 Jetport 5601v3 | 2026-04-15 | N/A |
| Missing encryption of sensitive data in Korenix JetPort 5601v3 allows Eavesdropping.This issue affects JetPort 5601v3: through 1.2. | ||||
| CVE-2024-7414 | 1 Rednao | 1 Pdf Builder For Wpforms | 2026-04-15 | 5.3 Medium |
| The PDF Builder for WPForms plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.2.116. This is due to the plugin allowing direct access to the composer-setup.php file which has display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. | ||||
| CVE-2024-7416 | 1 Coffee2code | 1 Reveal Template Wordpress | 2026-04-15 | 5.3 Medium |
| The Reveal Template plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.7. This is due to the plugin allowing direct access to the bootstrap.php file which has display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. | ||||
| CVE-2024-7424 | 2026-04-15 | 5.4 Medium | ||
| The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to unauthorized modification of and access to data due to a missing capability check on several functions in all versions up to, and including, 4.0.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to invoke those functions intended for admin use resulting in subscribers being able to upload csv files and view the contents of MPG projects. | ||||
| CVE-2024-7427 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Network Node Manager i (NNMi) could allow Cross-Site Scripting (XSS).This issue affects Network Node Manager i (NNMi): 2022.11, 2023.05, 23.4, 24.2. | ||||
| CVE-2024-7428 | 2026-04-15 | N/A | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in OpenText™ Network Node Manager i (NNMi) allows URL Redirector Abuse.This issue affects Network Node Manager i (NNMi): 2022.11, 2023.05, 23.4, 24.2. | ||||
| CVE-2024-7481 | 1 Teamviewer | 2 Full Client, Host | 2026-04-15 | 8.8 High |
| Improper verification of cryptographic signature during installation of a Printer driver via the TeamViewer_service.exe component of TeamViewer Remote Clients prior version 15.58.4 for Windows allows an attacker with local unprivileged access on a Windows system to elevate their privileges and install drivers. | ||||
| CVE-2024-7488 | 1 Restapp | 1 Online Ordering System | 2026-04-15 | 5.3 Medium |
| Integer Overflow or Wraparound, Improper Validation of Specified Quantity in Input vulnerability in RestApp Inc. Online Ordering System allows Integer Attacks. This issue affects Online Ordering System: 8.2.1. NOTE: Vulnerability fixed in version 8.2.2 and does not exist before 8.2.1. | ||||
| CVE-2024-13779 | 2026-04-15 | 6.1 Medium | ||
| The Hero Mega Menu - Responsive WordPress Menu Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'index' parameter in all versions up to, and including, 1.16.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2024-7560 | 1 Codename065 | 1 Newsflash | 2026-04-15 | 7.2 High |
| The News Flash theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.0 via deserialization of untrusted input from the newsflash_post_meta meta value. This makes it possible for authenticated attackers, with Editor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | ||||
| CVE-2024-7567 | 1 Rockwellautomation | 2 Micro850 Firmware, Micro870 Firmware | 2026-04-15 | N/A |
| A denial-of-service vulnerability exists via the CIP/Modbus port in the Rockwell Automation Micro850/870 (2080 -L50E/2080 -L70E). If exploited, the CIP/Modbus communication may be disrupted for short duration. | ||||
| CVE-2024-7573 | 1 Relevanssi | 1 Relevanssi-live-ajax-search | 2026-04-15 | 5.3 Medium |
| The Relevanssi Live Ajax Search plugin for WordPress is vulnerable to argument injection in all versions up to, and including, 2.4. This is due to insufficient validation of input supplied via POST data in the 'search' function. This makes it possible for unauthenticated attackers to inject arbitrary arguments into a WP_Query query and potentially expose sensitive information such as attachments or private posts. | ||||
| CVE-2024-7588 | 1 Pickplugins | 1 Page Builder Comboblocks | 2026-04-15 | 6.4 Medium |
| The Gutenberg Blocks, Page Builder – ComboBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Accordion block in all versions up to, and including, 2.2.87 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-10570 | 1 Cleantalk | 1 Antispam | 2026-04-15 | 7.5 High |
| The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to unauthorized SQL Injection due to an authorization bypass via reverse DNS spoofing on the checkWithoutToken function in all versions up to, and including, 2.145, as well as insufficient input sanitization and validation. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2024-13866 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.4 Medium |
| The Simple Notification plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | ||||