Export limit exceeded: 347167 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 347167 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347167 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-69044 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Vango vango allows PHP Local File Inclusion.This issue affects Vango: from n/a through <= 1.3.3. | ||||
| CVE-2025-69061 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes MoveMe moveme allows PHP Local File Inclusion.This issue affects MoveMe: from n/a through <= 1.2.15. | ||||
| CVE-2025-62772 | 1 Mercku | 1 M6a | 2026-04-15 | 3.1 Low |
| On Mercku M6a devices through 2.1.0, session tokens remain valid for at least months in some cases. | ||||
| CVE-2024-49378 | 1 Zimocode | 1 Smartup | 2026-04-15 | 6.1 Medium |
| smartUp, a web browser mouse gestures extension, has a universal cross-site scripting issue in the Edge and Firefox versions of smartUp 7.2.622.1170. The vulnerability allows another extension to execute arbitrary code in the context of the user’s tab. As of time of publication, no known patches exist. | ||||
| CVE-2024-49397 | 1 Elvaco | 1 Cme3100 Firmware | 2026-04-15 | N/A |
| The affected product is vulnerable to a cross-site scripting attack which may allow an attacker to bypass authentication and takeover admin accounts. | ||||
| CVE-2024-49398 | 1 Elvaco | 1 Cme3100 Firmware | 2026-04-15 | N/A |
| The affected product is vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute code. | ||||
| CVE-2024-49399 | 1 Elvaco | 1 Cme3100 Firmware | 2026-04-15 | N/A |
| The affected product is vulnerable to an attacker being able to use commands without providing a password which may allow an attacker to leak information. | ||||
| CVE-2025-69074 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Pearson Specter pearsonspecter allows PHP Local File Inclusion.This issue affects Pearson Specter: from n/a through <= 1.11.3. | ||||
| CVE-2025-48095 | 2 Ays-pro, Wordpress | 2 Survey Maker, Wordpress | 2026-04-15 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Survey Maker survey-maker allows Stored XSS.This issue affects Survey Maker: from n/a through <= 5.1.8.8. | ||||
| CVE-2025-49347 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Jupitercow WP sIFR wp-sifr allows Stored XSS.This issue affects WP sIFR: from n/a through <= 0.6.8.1. | ||||
| CVE-2025-69076 | 2 Ancorathemes, Wordpress | 2 Modern Housewife, Wordpress | 2026-04-15 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Modern Housewife modernhousewife allows PHP Local File Inclusion.This issue affects Modern Housewife: from n/a through <= 1.0.12. | ||||
| CVE-2025-62775 | 1 Mercku | 1 M6a | 2026-04-15 | 8 High |
| Mercku M6a devices through 2.1.0 allow root TELNET logins via the web admin password. | ||||
| CVE-2025-49393 | 2 Fetchdesigns, Wordpress | 2 Sign-up Sheets, Wordpress | 2026-04-15 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in Fetch Designs Sign-up Sheets sign-up-sheets allows Object Injection.This issue affects Sign-up Sheets: from n/a through <= 2.3.2. | ||||
| CVE-2025-69077 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Hobo hobo allows PHP Local File Inclusion.This issue affects Hobo: from n/a through <= 1.0.10. | ||||
| CVE-2025-49900 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 8.8 High |
| Incorrect Privilege Assignment vulnerability in bPlugins Advanced scrollbar advanced-scrollbar allows Privilege Escalation.This issue affects Advanced scrollbar: from n/a through <= 1.1.8. | ||||
| CVE-2025-49901 | 2 Quantumcloud, Wordpress | 2 Simple Link Directory, Wordpress | 2026-04-15 | 9.8 Critical |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in quantumcloud Simple Link Directory qc-simple-link-directory allows Authentication Abuse.This issue affects Simple Link Directory: from n/a through < 14.8.1. | ||||
| CVE-2024-48545 | 1 Ivyiot | 1 Ivy Smart Firmware | 2026-04-15 | 8.4 High |
| Incorrect access control in the firmware update and download processes of IVY Smart v4.5.0 allows attackers to access sensitive information by analyzing the code and data within the APK file. | ||||
| CVE-2024-48544 | 1 Ledvance | 1 Sylvania Smart Home Firmware | 2026-04-15 | 8.4 High |
| Incorrect access control in the firmware update and download processes of Sylvania Smart Home v3.0.3 allows attackers to access sensitive information by analyzing the code and data within the APK file. | ||||
| CVE-2024-48542 | 1 Yamaha | 1 Headphones Controller Firmware | 2026-04-15 | 8.4 High |
| Incorrect access control in the firmware update and download processes of Yamaha Headphones Controller v1.6.7 allows attackers to access sensitive information by analyzing the code and data within the APK file. | ||||
| CVE-2024-48541 | 1 Ruochan | 1 Smart Firmware | 2026-04-15 | 8.4 High |
| Incorrect access control in the firmware update and download processes of Ruochan Smart v4.4.7 allows attackers to access sensitive information by analyzing the code and data within the APK file. | ||||