Export limit exceeded: 346711 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 346711 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 346711 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346711 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-1850 | 2026-04-15 | 6.3 Medium | ||
| The AI Post Generator | AutoWriter plugin for WordPress is vulnerable to unauthorized access, modification or deletion of posts due to a missing capability check on functions hooked by AJAX actions in all versions up to, and including, 3.3. This makes it possible for authenticated attackers, with subscriber access or higher, to view all posts generated with this plugin (even in non-published status), create new posts (and publish them), publish unpublished post or perform post deletions. CVE-2024-32713 may be a duplicate of this issue. | ||||
| CVE-2024-1858 | 2026-04-15 | 5.4 Medium | ||
| The Lightbox slider – Responsive Lightbox Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.9 via deserialization of untrusted input through post meta data. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | ||||
| CVE-2024-21740 | 1 Artery | 2 At32f415cbt7, At32f421c8t7 | 2026-04-15 | 7.4 High |
| Artery AT32F415CBT7 and AT32F421C8T7 devices have Incorrect Access Control. | ||||
| CVE-2025-6193 | 1 Redhat | 1 Openshift Ai | 2026-04-15 | 5.9 Medium |
| A command injection vulnerability was discovered in the TrustyAI Explainability toolkit. Arbitrary commands placed in certain fields of a LMEValJob custom resource (CR) may be executed in the LMEvalJob pod's terminal. This issue can be exploited via a maliciously crafted LMEvalJob by a user with permissions to deploy a CR. | ||||
| CVE-2024-21741 | 1 Gigadevice | 1 Gd32e103c8t6 | 2026-04-15 | 9.8 Critical |
| GigaDevice GD32E103C8T6 devices have Incorrect Access Control. | ||||
| CVE-2025-62014 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusTheme ITok itok.This issue affects ITok: from n/a through <= 1.1.42. | ||||
| CVE-2024-21743 | 1 Favethemes | 1 Houzez | 2026-04-15 | 8.8 High |
| Privilege Escalation vulnerability in favethemes Houzez Login Register houzez-login-register.This issue affects Houzez Login Register: from n/a through 3.2.5. | ||||
| CVE-2025-62031 | 2 Tagdiv, Wordpress | 2 Composer, Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Composer td-composer.This issue affects tagDiv Composer: from n/a through <= 5.4.1. | ||||
| CVE-2025-62035 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in uxper Togo togo.This issue affects Togo: from n/a through < 1.0.4. | ||||
| CVE-2024-21766 | 1 Intel | 1 Oneapi Math Kernel Library | 2026-04-15 | 6.7 Medium |
| Uncontrolled search path for some Intel(R) oneAPI Math Kernel Library software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-21767 | 2026-04-15 | 9.4 Critical | ||
| A remote attacker may be able to bypass access control of Commend WS203VICM by creating a malicious request. | ||||
| CVE-2025-62036 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uxper Togo togo.This issue affects Togo: from n/a through < 1.0.4. | ||||
| CVE-2024-21787 | 1 Bmra Software | 1 Bmra Software | 2026-04-15 | 6.4 Medium |
| Inadequate encryption strength for some BMRA software before version 22.08 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-21799 | 2026-04-15 | 7.1 High | ||
| Path traversal for some Intel(R) Extension for Transformers software before version 1.5 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2025-62044 | 2 Codexthemes, Wordpress | 2 Thegem, Wordpress | 2026-04-15 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem Theme Elements (for WPBakery) thegem-elements.This issue affects TheGem Theme Elements (for WPBakery): from n/a through <= 5.10.5.1. | ||||
| CVE-2024-21808 | 2026-04-15 | 4.2 Medium | ||
| Improper buffer restrictions in some Intel(R) VPL software before version 24.1.4 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-2182 | 1 Redhat | 1 Enterprise Linux | 2026-04-15 | 6.5 Medium |
| A flaw was found in the Open Virtual Network (OVN). In OVN clusters where BFD is used between hypervisors for high availability, an attacker can inject specially crafted BFD packets from inside unprivileged workloads, including virtual machines or containers, that can trigger a denial of service. | ||||
| CVE-2024-21832 | 2026-04-15 | 3.5 Low | ||
| A potential JSON injection attack vector exists in PingFederate REST API data stores using the POST method and a JSON request body. | ||||
| CVE-2024-2184 | 2026-04-15 | 9.8 Critical | ||
| Buffer overflow in identifier field of WSD probe request process of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*:Satera MF740C Series/Satera MF640C Series/Satera LBP660C Series/Satera LBP620C Series firmware v12.07 and earlier, and Satera MF750C Series/Satera LBP670C Series firmware v03.09 and earlier sold in Japan.Color imageCLASS MF740C Series/Color imageCLASS MF640C Series/Color imageCLASS X MF1127C/Color imageCLASS LBP664Cdw/Color imageCLASS LBP622Cdw/Color imageCLASS X LBP1127C firmware v12.07 and earlier, and Color imageCLASS MF750C Series/Color imageCLASS X MF1333C/Color imageCLASS LBP674Cdw/Color imageCLASS X LBP1333C firmware v03.09 and earlier sold in US.i-SENSYS MF740C Series/i-SENSYS MF640C Series/C1127i Series/i-SENSYS LBP660C Series/i-SENSYS LBP620C Series/C1127P firmware v12.07 and earlier, and i-SENSYS MF750C Series/C1333i Series/i-SENSYS LBP673Cdw/C1333P firmware v03.09 and earlier sold in Europe. | ||||
| CVE-2024-21844 | 2026-04-15 | 4.3 Medium | ||
| Integer overflow in firmware for some Intel(R) CSME may allow an unauthenticated user to potentially enable denial of service via adjacent access. | ||||